The Fireblocks API Co-signer can connect to a user-hosted web server called the API Co-signer Callback Handler. This handler plays a critical role in receiving signing or approval requests from the Co-signer, allowing you to process the transaction before it is automatically signed.
For each API user paired with the Co-signer, an optional connection to a Callback Handler can be configured. This setup allows the implementation of custom business or security logic before automatically signing or approving transactions associated with the paired API user. The Callback handler processes POST requests from the Co-signer and responds with an approval or rejection response
The web server implementing the Callback Handler should be separate from the Co-signer instance. It can operate on any HTTPS server, whether hosted by a cloud provider or deployed on-premises. For security purposes, the API Co-signer and the Callback Handler should be restricted to avoid open connections to external locations unless necessary. This approach minimizes the attack surface, reducing the risk of compromising your transaction signing logic. The automated signing process should remain as isolated as reasonably possible
Use the articles below for detailed guides: