API Communication

🚧

Not familiar with the API user creation and authentication?

Visit the links below to understand how each process works:

Overview

API communication between the customer backend and the Fireblocks platform occurs over HTTP (REST). Authentication uses API users and JSON Web Tokens (JWTs) signed for each request.

Note: For end users accessing via the app with the Embedded Wallet SDK, authentication uses IDP tokens and pre-configured SSO OAuth, where the NCW Signer API user is configured.

API roles

The Fireblocks EW feature requires two API roles: EW Admin and EW Signer.

EW Admin

This role is used for administrative workspace operations, such as disable/enable a wallet.

EW Signer

This role is used for specific wallet operations, such as creating a transaction from a specific end user wallet.

There are two ways in which this API user is used:

  • Implicitly, as part of the EW SDK using the OAuth pre-configured configuration.
  • Explicitly, similar to the NCW Admin API user (using signed JWT)

Role permissions

The table below lists the different operations that can be executed by the EW Admin & EW Signer API users.

API User Role/ OperationEW AdminEW Signer
Create new EW Everywhereβœ…βŒ
Create new account under a specific EW Everywhereβœ…βœ…
Enable/Disable EW Everywhereβœ…βŒ
Get deposit address informationβœ…βœ…
Create transaction from EW EverywhereβŒβœ…
Get transaction fee informationβœ…βœ…
Cancel transactionβŒβœ…
Decline transferβŒβœ…
Enable/disable a signing deviceβŒβœ…
Invoke RPC (relayed from the EW Everywhere SDK)βŒβœ…
Add asset to an account under an EW EverywhereβŒβœ…
Get public keyβœ…βŒ
Delete algorithmβœ…βŒ