The Fireblocks Developer Portal helps you get started quickly developing your exciting Fireblocks API and SDK integrations. The Fireblocks REST API lets you interact programmatically with the Fireblocks platform for a variety of use cases:

Manage your workspace and users.
Manage vaults and internal & external wallets.
Automate transaction flows.
Set up the Gas Station service.
Configure webhooks to receive push notifications and more!

Workspace preparation

First, ensure your workspace Owner has properly configured the account and workspace (Not required for Sandbox accounts)
Your workspace has API access enabled (Not required for Sandbox accounts)
Your workspace has a Policy defined. Learn more about Policies (Not required for Sandbox accounts)
You have an API Co-Signer configured (Not required for Sandbox accounts)
1. For testnet: Communal test co-signer. Learn more about the Fireblocks Communal Test Co-Signer.
2. For Mainnet: An SGX-enabled Co-Signer. Learn more about API co-signer admin info for SGX-enabled server provisioning.
You have or are an Owner/Admin user who can create the API key.
You know the user role you need to create. See user roles admin info.

API key creation

API key types

First, we need to understand the types of API keys and their permissions. Each API key role contains other capabilities in addition to transaction permissions. Learn more about user roles.

API Key Type	Role	Transaction Permissions	Environment
Admin	Signing	Can sign transactions.	Production
Non-Signing Admin	Non-Signing	Can't sign transactions.	Production + Sandbox
Signer	Signing	Can sign transactions.	Production
Approver	Non-Signing	Can't sign transactions.	Production
Editor	Non-Signing	Can't sign transactions.	Production + Sandbox
Viewer	View-Only	Can only view transaction history.	Production + Sandbox

Step 1: Generate a CSR file

🚧
Before you begin
If you're generating a CSR file on a Windows machine, you must first install OpenSSL.

Install Win32OpenSSL.

Use the default installation settings.

Type OpenSSL Command Prompt into the Windows search bar and open the application. From here, you will be able to run OpenSSL commands.

The Fireblocks API uses an API key and a request signing process to provide a highly secure communication protocol. You will create both of these in this process and then store them in a secure location to be used for API key creation as well as running the API calls:

Run the following command line to generate an RSA 4096 private key (stored in fireblocks_secret.key) and CSR (stored in fireblocks.csr):

openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj '/O=<your_organization>'

Step 2: Create an API key

To create an API key with a signing role, complete the following steps:

In the Fireblocks Console, go to Settings > Users.
On the Users tab, select Add user.
Toggle the user type to API User.
Complete the following fields:
1. Name: Enter the name you want to give the API user in your workspace.
2. Role: Select the user role defined earlier.
3. Attach CSR File: Upload the CSR file created in the previous step.
4. Co-Signer Setup: Choose the appropriate co-signer defined earlier.
5. First user on this machine: [SGX server enabled only] If this is the first user configured on this SGX-enabled Co-Signer server, select this checkbox.
Select Add User. A new user with a small key icon next to it appears in the user list.
Select the key to copy the API key.

Approving API keys and Co-Signer pairing

Approving API keys

Your workspace's Owner and Admins receive an approval notification on their mobile device when a new Console user or API key is requested to be added.

Users are not added to a workspace until the workspace's Owner approves them and the request to add them meets the Admin Quorum threshold. After they are added to the workspace, continue the onboarding process.

Co-Signer pairing (Not required for Sandbox accounts)

API keys with signing or approving permissions must be paired with an API Co-Signer.

Select the Pending Activation status on the user row to copy the pairing token.
Use the pairing token to pair the API user with your API Co-Signer machine.

Try the API

Now, you can try the API using one of our SDKs or the REST API endpoints. Get started using our SDKs or REST API endpoints in minutes with our Postman guide.