Create API keys

❗️

Before you begin

  • Read the Manage API Access guide before running the examples below.
  • Creating and listing API keys and creating Console users can only be done by API users with Admin or Non-Signing Admin roles.

Creating API Keys via the Fireblocks API can be done by using the Create API Key API endpoint. The endpoint requires sending a request body that includes multiple parameters.

  1. role: Controls the API key permissions.
  2. name: The label for the API Key
  3. csrPem: The CSR file required for authentication.
  4. coSignerSetupType: If the API user has the Signer or Admin role, you can connect it to a Co-signer for a fully automated signature process. Available options are:
    1. SGX_MACHINE: For SGX-enabled servers.
    2. FIREBLOCKS_CCMT: For the Fireblocks Communal Co-Signer (available in testnet workspaces only).
    3. NITRO_MACHINE: For AWS Nitro-enabled servers.
  5. coSignerSetupIsFirstUser: Should be set to true if the coSignerSetupType is SGX_MACHINE and this API user will be the first user paired with this API Co-Signer.

Example command to create an API Key

import { readFileSync } from 'fs';
import { Fireblocks, BasePath } from "@fireblocks/ts-sdk";

const FIREBLOCKS_API_SECRET_PATH = "<PATH_TO_YOUR_SECRET>";

// Initialize a Fireblocks API instance with local variables
const fireblocks = new Fireblocks({
    apiKey: "<YOUR_API_KEY>",
    basePath: BasePath.US, 
    secretKey: readFileSync(FIREBLOCKS_API_SECRET_PATH, "utf8"),
});


(async() => {
  const csrPem = readFileSync("<path_to_csr_file>", "utf-8")
  try {
    const apiKeyRes = await fireblocks.apiUser.createApiUser({
      createAPIUser:{
        role: "ADMIN",
        name: "MyExampleAPIKey",
        csrPem,
        coSignerSetupType: "SGX_MACHINE",
        coSignerSetupIsFirstUser: true
      }
    })
  
   console.log(JSON.stringify(apiKeyRes, null, 2))
  } catch(e){
    console.log(e)
  }  
})();

Example command to get API keys

import { readFileSync } from 'fs';
import { Fireblocks, BasePath } from "@fireblocks/ts-sdk";

const FIREBLOCKS_API_SECRET_PATH = "<PATH_TO_YOUR_SECRET>";

// Initialize a Fireblocks API instance with local variables
const fireblocks = new Fireblocks({
    apiKey: "<YOUR_API_KEY>",
    basePath: BasePath.US, 
    secretKey: readFileSync(FIREBLOCKS_API_SECRET_PATH, "utf8"),
});


(async() => {
  try {

    const apiKeys = await fireblocks.apiUser.getApiUsers()
    console.log(JSON.stringify(apiKeys, null, 2))

  } catch(e){
    console.log(e)
  }  
})();