Callback Handler Response Object

📘
New Callback Handler parameters
Starting with SGX API Co-signer image version 3.5.0, as well as all versions of AWS Nitro and GCP Confidential Space Co-signer, the following enhancements have been introduced:

The Callback Handler returns the new RETRY action. Learn more below.

The Callback Handler's payload includes the signerId, which represents the API user ID (API key) of the API user handling the request. This is particularly useful in high availability configurations with multiple API Co-signers, as it allows the Callback Handler to identify the specific Co-signer that initiated the request.

Below is the response expected from the Callback Handler for any request. If it does not respond within 30 seconds, Fireblocks fails the request.

Parameter	Type	Description
action	string	`APPROVE`: Approves the request. For some configuration requests an approval quorum may be required. `REJECT`: Denies the request. Even if a quorum of approvals is expected, one rejection denies the request. `RETRY`: Retry the request until it times out, reaches the maximum number of retries, or the Callback Handler returns `APPROVE` or `REJECT`. Note that the timeout setting is fixed to 20 retries every 3 minutes, for a total of 60 minutes. Additionally, retries are performed using identical parameters, so to prevent duplication, make sure your Callback Handler is properly configured to deal with the asynchronous nature of the calls. `IGNORE`: This action is only supported for transaction and configuration approvals, not transaction signing. Dismisses the request without denying it, allowing the following approval requests to be processed. If a quorum is required to approve a request, the other approvers may approve this request independently.
requestId	string	The unique identifier of the call, as received in the approval request.
rejectionReason	string	(Optional) Free text of the reason for rejection. This is used for logging purposes and recorded in the workspace's audit logs.

Parameter

Type

Description

action

string

APPROVE: Approves the request. For some configuration requests an approval quorum may be required.

REJECT: Denies the request. Even if a quorum of approvals is expected, one rejection denies the request.

RETRY: Retry the request until it times out, reaches the maximum number of retries, or the Callback Handler returns APPROVE or REJECT. Note that the timeout setting is fixed to 20 retries every 3 minutes, for a total of 60 minutes. Additionally, retries are performed using identical parameters, so to prevent duplication, make sure your Callback Handler is properly configured to deal with the asynchronous nature of the calls.

IGNORE: This action is only supported for transaction and configuration approvals, not transaction signing. Dismisses the request without denying it, allowing the following approval requests to be processed. If a quorum is required to approve a request, the other approvers may approve this request independently.

requestId

string

The unique identifier of the call, as received in the approval request.

rejectionReason

string

(Optional) Free text of the reason for rejection. This is used for logging purposes and recorded in the workspace's audit logs.