Overview

This tab provides a view of your API Co-signers, their current status and health, as well as their associated API users. 

This is the first phase of a multi-phase development effort. The Co-signers management tab is a new tab in the Console’s Developer center where you can see all Co-signers in your workspace. 

Viewing the API Co-signers 

In case you currently do not have any Co-signer connected to your workspace, you will encounter a "empty state" window, from which you can select the Learn about co-signers button for further information. 

To view your API Co-signers, in your Console’s left-side navigation panel select Developer center > Co-signers. 

• In the upper left side you can see the Co-signers field, which shows within parenthesis the number of API Co-signers in your current workspace, including how many are online and offline. 
• In the upper right side you can select the Learn about co-signers button for further information. 
• Within each entry:
  • You can see its unique ID in the title. It is always the same ID, regardless of the workspace the Co-signer is connected to. 
  • You can see this Co-signer’s associated Paired API users, including their names, roles, and associated groups.
    Note: you can only see the associated API users for each Co-signer in this specific workspace, not in others. 
• On the right side of each entry, you can see a status indicator, showing whether it is online or offline. After 15 minutes of inactivity it turns offline, and its last time online is indicated.

Learning about a new Co-signer installation

To learn about installing a new API Co-signer in your workspace:

1. Select the Learn about co-signers button on the upper-right side of the Co-signer tab.
2. In the About co-signer window, you can read about the Co-signer characteristics in the What is a co-signer sub-section, and about adding a new Co-signer in the How do I add a co-signer to the workspace subsection. 
3. Under the How do I install a co-signer sub-section, select Manual in order to manually configure the Co-signer. Selecting either the Azure SGX or AWS Nitro type options leads you to Help Center setup instructions.
4. Alternatively, selecting the Quick option under the How do I install a co-signer allows you to select the Azure SGX, which leads you to the Microsoft Azure portal for the SGX quick installation wizard. 

Related API User actions

Since the API users tab is logically connected to the Co-signers management tab, deleting a user which is paired with a Co-signer also removes it as a Co-signer:

• When attempting to delete a signer/admin user which is paired to a Co-signer, you will be prompted with the following confirmation notice: “The user will no longer be able to access the workspace and their signing keys will be deleted.”
• If you delete the last remaining API user associated with a particular Co-signer, you will be prompted with the following confirmation notice: “This is the last API user in the Co-signer. Deleting the user will also delete the Co-signer from the workspace.”

Renaming a Co-signer

To rename your Co-signer:

1. Select the three-dot action menu on the top-left.
2. Select Rename. 
3. In the Rename Co-signer window, enter your new Co-signer name. Once renamed, the Co-signer's default ID number is replaced by its newly assigned name. 
   

   Note:

   You cannot rename the Fireblocks Communal Test Co-signer, as it is constant, and does not have the rename option enabled (the action menu is absent).

Add Co-signer

Minimum supported API Co-signer and Fireblocks Mobile App versions:

• SGX: 3.7.1
• Nitro: 2.0.5
• GCP: 0.9.5
• Fireblocks’s Mobile App: 2.11

To add a new Co-signer:

1. Navigate to your Console’s left panel > Developer’s portal > Co-signers. 
2. Select + Add co-signer to open a wizard which will guide you through connecting a Co-signer to the workspace. You can connect a new Co-signer or an existing one that is connected to a different workspace.
3. In the Add co-signer modal, under the Co-signer name field, enter your Co-signer’s name. 
4. If you are installing a new Co-signer, select Install a new co-signer on the local machine, select Continue and then:
   1. In the Add co-signer modal, select an available unpaired API user from the drop-down list, then select Add. This action creates a new entry in the Co-signers tab. You will use it to connect the Co-signer you plan to install using the API user you selected.
   2. Under the newly-created Co-signer entry, select Pair API user to get the pairing token for the API user. 
   3. In the Pair the API user with the Co-signer modal, select one of two options: Manual to copy the download link for the Co-signer installation script based on the type, or Quick to install a Co-signer using one of the listed cloud service provider’s automated processes. 
   4. Select Copy pairing token to copy it to your clipboard, so you can use it during  the Co-signer’s installation process. 
   5. Once the installation succeeds and the API user pairing is complete, API users with the Signer or Admin roles require the Owner’s approval for MPC signing keys.
   6. Once the Owner approves the MPC signing keys, the Co-signer becomes fully functional. If you installed the latest Co-signer version, the Co-signer's type and version information will appear in the Co-signer tab. Additionally, management operations will become available.
5. If  you want to connect an existing Co-signer to the workspace, select Use an existing co-signer from another workspace, select Continue and then:
   1. In the Add co-signer modal, select an available unpaired API user, then select Add. This action creates a new entry in the Co-signers tab. You can use it to connect the Co-signer to the workspace using the API user you selected.
   2. Under the newly created Co-signer entry, select Pair API user to get the pairing token for the API user. 
   3. Run the ./cosigner add-user command on the local machine where your existing Co-signer is running.
   4. In the Pair the API user with the Co-signer modal, select Copy pairing token to copy and paste it when prompted. 

Pair API user

To pair the API user with the Co-signer:

1. Navigate to your Console’s left panel > Developer’s portal > Co-signers. 
2. Expand your desired Co-signer, then select Pair API user.
3. In the Pair API user modal, select an available API user. You may also select and configure the Set callback handler, which is used for approving, rejecting or ignoring transactions and workspace changes. Select Pair. 
4. Once the new API user is successfully paired, API users with the Signer or Admin roles require the Owner’s approval for MPC signing keys.
5. Once the Owner approves the MPC signing keys for the API user, the pairing process is complete. 

Unpair API user

To unpair the API user from its Co-signer:

1. Navigate to your Console’s left panel > Developer’s portal > Co-signers. 
2. Expand your desired Co-signer, then select the three dots next to the API user you want to unpair from this Co-signer. 
3. Select Unpair from the menu. 

Configure the Callback Handler

To configure the Callback Handler:

1. Navigate to your Console’s left panel > Developer’s portal > Co-signers. 
2. Expand your desired Co-signer, and under the Callback Handler column, select the + sign.
3. Select Configure Callback Handler from the menu.
4. Enter the appropriate parameters for your Callback Handler in the URL and Authentication fields. For more details, see here. Select Update. 

Note: the options to configure the Callback Handler and pair additional API users are not enabled for outdated Co-signers (see versions list above).

Pair API user to the Fireblocks Communal Test Co-signer 

As you add a new API user via the "Add API User" modal, you have the option to connect the newly created API user directly to the Fireblocks Communal Test Co-signer. Select Pair with Fireblocks Communal Co-signer in the Add API User modal to do that. Learn more about the Fireblocks Communal Co-Signer.