API Communication
Not familiar with the API user creation and authentication?
Visit the links below to understand how each process works:
Overview
API communication between the customer backend and the Fireblocks platform occurs over HTTP (REST). Authentication uses API users and JSON Web Tokens (JWTs) signed for each request.
Note: For end users accessing via the app with the Embedded Wallet SDK, authentication uses IDP tokens and pre-configured SSO OAuth, where the NCW Signer API user is configured.
API roles
The Fireblocks EW feature requires two API roles: EW Admin and EW Signer.
EW Admin
This role is used for administrative workspace operations, such as disable/enable a wallet.
EW Signer
This role is used for specific wallet operations, such as creating a transaction from a specific end user wallet.
There are two ways in which this API user is used:
- Implicitly, as part of the EW SDK using the OAuth pre-configured configuration.
- Explicitly, similar to the NCW Admin API user (using signed JWT)
Role permissions
The table below lists the different operations that can be executed by the EW Admin & EW Signer API users.
API User Role/ Operation | EW Admin | EW Signer |
---|---|---|
Create new EW Everywhere | ✅ | ❌ |
Create new account under a specific EW Everywhere | ✅ | ✅ |
Enable/Disable EW Everywhere | ✅ | ❌ |
Get deposit address information | ✅ | ✅ |
Create transaction from EW Everywhere | ❌ | ✅ |
Get transaction fee information | ✅ | ✅ |
Cancel transaction | ❌ | ✅ |
Decline transfer | ❌ | ✅ |
Enable/disable a signing device | ❌ | ✅ |
Invoke RPC (relayed from the EW Everywhere SDK) | ❌ | ✅ |
Add asset to an account under an EW Everywhere | ❌ | ✅ |
Get public key | ✅ | ❌ |
Delete algorithm | ✅ | ❌ |
Updated 11 days ago