Before you begin
- Read the Manage API Access guide before running the examples below.
- Creating and listing API keys and creating Console users can only be done by API users with Admin or Non-Signing Admin roles.
Creating API Keys via the Fireblocks API can be done by using the Create API Key API endpoint. The endpoint requires sending a request body that includes multiple parameters.
- role: Controls the API key permissions.
- name: The label for the API Key
- csrPem: The CSR file required for authentication.
- coSignerSetupType: If the API user has the Signer or Admin role, you can connect it to a Co-signer for a fully automated signature process. Available options are:
- SGX_MACHINE: For SGX-enabled servers.
- FIREBLOCKS_CCMT: For the Fireblocks Communal Co-Signer (available in testnet workspaces only).
- NITRO_MACHINE: For AWS Nitro-enabled servers.
- coSignerSetupIsFirstUser: Should be set to true if the
coSignerSetupType
isSGX_MACHINE
and this API user will be the first user paired with this API Co-Signer.
Example command to create an API Key
import { readFileSync } from 'fs';
import { Fireblocks, BasePath } from "@fireblocks/ts-sdk";
const FIREBLOCKS_API_SECRET_PATH = "<PATH_TO_YOUR_SECRET>";
// Initialize a Fireblocks API instance with local variables
const fireblocks = new Fireblocks({
apiKey: "<YOUR_API_KEY>",
basePath: BasePath.US,
secretKey: readFileSync(FIREBLOCKS_API_SECRET_PATH, "utf8"),
});
(async() => {
const csrPem = readFileSync("<path_to_csr_file>", "utf-8")
try {
const apiKeyRes = await fireblocks.apiUser.createApiUser({
createAPIUser:{
role: "ADMIN",
name: "MyExampleAPIKey",
csrPem,
coSignerSetupType: "SGX_MACHINE",
coSignerSetupIsFirstUser: true
}
})
console.log(JSON.stringify(apiKeyRes, null, 2))
} catch(e){
console.log(e)
}
})();
Example command to get API keys
import { readFileSync } from 'fs';
import { Fireblocks, BasePath } from "@fireblocks/ts-sdk";
const FIREBLOCKS_API_SECRET_PATH = "<PATH_TO_YOUR_SECRET>";
// Initialize a Fireblocks API instance with local variables
const fireblocks = new Fireblocks({
apiKey: "<YOUR_API_KEY>",
basePath: BasePath.US,
secretKey: readFileSync(FIREBLOCKS_API_SECRET_PATH, "utf8"),
});
(async() => {
try {
const apiKeys = await fireblocks.apiUser.getApiUsers()
console.log(JSON.stringify(apiKeys, null, 2))
} catch(e){
console.log(e)
}
})();