IMPORTANT NOTE:
This article will be deprecated by February 28th, 2025. For all API Co-signer documentation, visit this overview article, which also links to updated Co-signer content in the Developer Portal.
Hardware
Your secure machine should meet the following requirements:
- OS: Ubuntu 20.04
- Latest Linux kernel version
- Latest Intel microcode (BIOS update). The microcode is automatically updated on Azure.
Learn more about provisioning a compatible server for Azure, IBM Cloud, on-premises, or Alibaba.
Networking requirements
The API Co-Signer requires limited outbound access during setup and general operation. For more information, refer to the API Co-Signer networking requirements article.
API users
The API Co-Signer requires creating an initial user for the machine that is bound to the kernel during the initial server setup. An API user with signing permissions is required for general use and can be added using the API Co-Signer command line interface after setup. You can follow the instructions in the adding new API users article to set up an API user in the Fireblocks Console and retrieve the API key.
Callback handler (optional)
The callback handler processes transaction POST requests and responds back with an approval or rejection response. Some common uses for the callback handler are integrating user-facing apps with a Fireblocks workspace, or including market signals in the transaction approval process.
For more details on how to handle the response request and structure, refer to the API documentation.
Note
The HTTPS server for the callback handler is separate from the API Co-Signer and doesn’t need to reside inside an SGX enclave. It can run on any HTTPS server using a cloud provider or on-premises.