Fireblocks is a platform as a service which helps us to create any blockchain based products easily and also to manage digital asset operation. They also provide well documented REST API for various operations related to vault, internal wallets, external wallets, contracts, exchange accounts, fiat accounts, payments and transactions. Fireblocks also have a concept called gas station which is very similar to gas pump in tatum.io where the gas fee for minting can be paid using a single gas station rather than deducting the gas fee from each user’s wallet.
What is Fireblocks API Co-Signer
API co-signer is a component in the system which is used to securely sign the transactions initiated via the API. It holds an MPC key and a configuration change key for automatically signing and approving the transactions. It is useful to users where the number of transactions are more and each time approving each transaction manually through console or mobile app is a tedious task. So to easily and automatically sign and approve each transaction we can set up co-signer and configure it to sign each transaction.
API Co-Signer callback handler
A callback handler can also be attached to the co-signer which gives us more freedom to even filter out transactions and choose which one needs to be signed. For example if you have the requirement to sign transactions only from a particular source or sign transactions automatically using co-signer only if it is below a certain threshold, you can easily get all the data for a transaction in a JSON format and write code in the callback handler to do required operations.
In this tutorial we are more focusing on setup of cosigner so we are following API co-signer without callback handler.
Steps to setup Fireblocks API Co-Signer
The API co-signer requires a secure server so Fireblocks recommends an Intel SGX (Software Guard Extensions) server from either Azure, IBM or users can also setup an on-premise server. In this tutorial we will be focusing on Co-signer setup in an Azure SQL server.
1. First step is to login to azure console to deploy a virtual machine (SGX virtual machine) with below mentioned configuration
Image : Ubuntu 20.04 LTS(Canonical)
Region : Select you region (Make sure to check SGX server availability in your region, if it is not available, please select some other nearest location)
Generation : Gen 2
Size : Standard_DC4s_V3
Ram : 32 GB
2. Once these configurations are select, review the selections and deploy a new virtual machine.
3. Once the server is deployed, you can get the IP address and the username / password or SSH key generated while doing the server deployment.
4. Login through SSH using putty and go to root mode using command
5. Now from root mode, we need to download and install co-signer script. So for getting the download URL, head over to the fireblocks console and click on the copy icon in the Download Co-Signer script section in settings -> general tab. Then run command
– curl –o cosigner “PAST COSIGNER DOWNLOAD LINK HERE” .
(Please keep the double quotes as it is in the command.
6. Change the script permissions to be executable by running command
chmod +x cosigner
7. Start the cosigner setup using ./cosigner setup which will install co-signer, docker, docker-composer and other required files.
8. This script will also ask for a pairing token which can be taken from fireblocks console -> settings -> users and hover on the pending setup and click on pairing token copy symbol. Enter your pairing token.
9. The script will then ask for entering a callback URL. In this tutorial we are installing the Co-signer without a callback so you can just hit enter without adding any callback URL.
10. At the end of the process, the API co-signer generated a JSON config file which you can use in future to change the cosigner configurations.
11. Start the API cosigner using command
12. If all the setup is correct and if this is the first time you are running cosigner the workspace owner will get an approval request for MPC key share.
13. Once approved your co-signer is ready to sign the transactions now. In order to check if the API Co-signer is running, run the following command which is docker ps –a. This will show you the docker images which are currently running.
After following above steps if your co-signer is not working, then please follow below steps and re-install your co-signer
Run below commands in the same sequence
./cosigner stop docker kill $(docker ps -q) docker rm $(docker ps -aq) Docker rmi $(docker images -q) rm .local_config rm .revision rm config.json docker-composer-init.yml docker-composer.yml rm -rf /databases ./cosigner setup
Here it will ask you to paste the pairing token from the console, please refresh the page before copying the pairing token as it expires after some time.
This was the information about Fireblocks API co-signer setup and we tried covering all the scenarios and fixes after facing the difficulties while setting it up for ourselves. Please feel free to reach out to us in case of any queries regarding API Co-signer setup our team will be glad to help you.