IMPORTANT NOTES:
- Note that this feature is opt-in, and is therefore not accessible by default to all customers. To enable it, submit a ticket to our Customer Success Manager.
- This article will be deprecated by February 28th, 2025. For all API Co-signer documentation, visit this overview article, which also links to updated Co-signer content in the Developer Portal.
Overview
The API Co-Signer server actively queries your Fireblocks workspace for activity. There is no incoming communication for security and simplicity. The outbound connections required during setup or server maintenance can be closed after regular workspace activity has resumed.
Networking requirements
Inbound connections
No inbound connections are required.
Outbound connections
Access required during setup and when stopping or restarting the machine:
- Download pip over port 443 to https://bootstrap.pypa.io/get-pip.py/
- Comment this out if you want to install it yourself.
- Open port 5000 to https://registry.gitlab.com/customer-cosigner/
- Whitelist the following URLs:
- https://fb-certs.s3.amazonaws.com
- https://mobile-api.fireblocks.io/
- https://fb-customers.s3.amazonaws.com/uploads/
- https://s3signurl.fireblocks.io/
- https://bootstrap.pypa.io
- https://cdn.registry.gitlab-static.net
- https://fb-cosigner-images.s3.amazonaws.com
- https://fb-customers.s3.amazonaws.com
- https://files.pythonhosted.org
- https://github.com
- https://gitlab.com
- https://pypi.org
- https://pypi.python.org
- https://registry.gitlab.com
All times the API Co-Signer is active:
- Open port 443 to https://fb-certs.s3.amazonaws.com
- Open port 443 to https://mobile-api.fireblocks.io/
- Open port 443 to https://fb-customers.s3.amazonaws.com/uploads/
- Open port 443 to https://s3signurl.fireblocks.io/