Authenticate

Signing a request

Fireblocks uses API keys to authenticate all API calls. Depending on the type of workspace environment, the base API URL will be one of the following:

  • Sandbox: https://sandbox-api.fireblocks.io/v1
  • Mainnet/Testnet: https://api.fireblocks.io/v1

Every API request must contain the following headers:

  • X-API-Key - The API Key created from your Fireblocks workspace.
  • Authorization - This value should be set to Bearer <Access Token>. The access token is a Base64-encoded JSON Web Token (JWT).

JWT Structure

Authorization: Bearer <JWT>

The JWT payload field should contain the following fields:

  • uri - The URI part of the request (e.g., /v1/transactions).
  • nonce - Unique number or string. Each API request needs to have a different nonce.
  • iat - The time at which the JWT was issued, in seconds since Epoch.
  • exp - The expiration time on and after which the JWT must not be accepted for processing, in seconds since Epoch. (Must be less than iat+30sec.)
  • sub - The API Key.
  • bodyHash - Hex-encoded SHA-256 hash of the raw HTTP request body.

The JWT must be signed with the Fireblocks API secret key and the RS256 (RSASSA-PKCS1-v1_5 using SHA-256 hash) algorithm.



📘

API Authentication code examples:

Check out the following API Authentication code examples


Using the Fireblocks SDKs

You can setup the request headers using the Fireblocks API SDKs, like so:

import fs from "fs";
import path from "path";
import {FireblocksSDK, PeerType, TransactionArguments, TransactionOperation, TransactionStatus} from "fireblocks-sdk";

apiSecret = fs.readFileSync(path.resolve(__dirname, "./fireblocks_secret.key"), "utf8");
const apiKey = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";
fireblocks = new FireblocksSDK(apiSecret, apiKey);
from fireblocks_sdk import FireblocksSDK, TransferPeerPath, DestinationTransferPeerPath, TRANSACTION_STATUS_CONFIRMED, TRANSACTION_STATUS_CANCELLED, TRANSACTION_STATUS_REJECTED, TRANSACTION_STATUS_FAILED, VAULT_ACCOUNT, TRANSACTION_MINT, TRANSACTION_BURN

apiSecret = open('fireblocks_secret.key', 'r').read()
apiKey = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
fireblocks = FireblocksSDK(apiSecret, apiKey)

📘

Fireblocks API key

When using the above SDK code examples to sign a request, be sure to replace apiKey with your own API Key.