Skip to main content

Managing your Movement account on Fireblocks

Warning

  • Fireblocks Raw Signing has limited Policy capabilities; hence, the user needs to take all required measures to reduce any security risk.
  • You are responsible for validating and securely managing transaction flows. Contact the Fireblocks team to get information about Raw Signing security best practices.

Overview

Fireblocks does not currently support Movement or other Aptos-based blockchains, so assets such as MOVE are not natively supported. This guide outlines a dedicated solution for managing Movement transactions with Fireblocks, utilizing Fireblocks' Raw Signing capability and a purpose-built SDK.

This solution abstracts the complexity of Movement operations, allowing developers and users to effortlessly initiate transactions, monitor balances, and track transaction history with minimal implementation overhead.

Our solutions

The Movement solution offers two options for interacting with the SDK. Both options share the same prerequisites and infrastructure. The UI interacts with the same SDK backend and supports the same features.

Prerequisites

Option 1: SDK with REST API

The SDK can be used in two ways: directly as a library by initializing it and calling its methods programmatically, or as a REST API by interacting with the provided HTTP endpoints, offering flexibility for both integrated and service-based use cases.

The Movement-Fireblocks SDK enables developers to:

  • Fetch the Movement account address and public key for a Fireblocks vault account ID.
  • Retrieve the Movement account balance for both the base asset and tokens.
  • Retrieve detailed information on all coins owned by the account.
  • Create base asset and token transactions on Movement: the SDK will build the transaction, send it for signing in your Fireblocks account, and submit it to the blockchain behind the scenes.
  • Retrieve transaction history for all transactions sent and received by the account.

Option 2: Desktop UI application

Recommended for non-technical users, this Electron-based local application provides an intuitive interface to:

  • View vault accounts and balances
  • Create and sign transactions
  • Monitor transaction history

Installation & Setup

To request the activation of this feature, please contact your Customer Success Manager. Please note that the Raw Signing capability is classified as a premium feature and may incur an additional platform fee if enabled.

Additionally, it is essential to recognize that the Raw Signing feature can introduce potential security vulnerabilities. To minimize risk, you must strictly follow all Fireblocks security guidelines and best practices when utilizing Raw Signing.

Learn more about Fireblocks Raw Signing here. For detailed information or assistance, please contact the Fireblocks team at any time.

Overview

To transfer assets on the Movement blockchain, transactions must be structured and signed in accordance with the network's requirements. The SDK or Desktop application takes care of generating these messages and submitting them to your Fireblocks workspace for signing.

Raw Message Signing Policy rule

  • All Raw Signing transactions are blocked by default. You must create Policy rules to allow the Raw transaction type.
  • You should specify who can initiate and who can approve Raw transactions. Best practice is to require a two-tier setup (initiator and a human approver) or use an API user plus a human validator. For better security, avoid initiator rules with Any as the initiator when possible.
  • Limit rules to only the source vault accounts, and ideally, the specific assets and derivation paths needed for your workflow.
  • Raw Signing rules do not support amount caps or destination controls. This is a major risk compared to normal transfer and contract call rules.
  • Raw Signing should be tightly scoped and temporary where possible. Remove or update Raw rules immediately after use if the need is one-off.
  • Always set up multi-approver or designated signer flows for additional oversight.
  • Avoid using the Any vault or Any user values unless necessary. More granular = more secure.
  • Educate all users on the risks. Raw Signing can bypass most usual controls and is equivalent to signing a blank check.
  • Consider using an API Co-signer with a Callback Handler for programmatic and additional business logic validation.

To get started with the SDK, clone our public repository.

The repository's README.md file contains all setup and deployment instructions. Follow those steps to complete your local or Docker-based environment.

Overview

The Fireblocks x Movement Desktop Application provides a full-featured, user-friendly interface for managing both Movement native coin and Fungible Assets transactions on the Movement blockchain.

Designed for users who prefer not to work with code, the application offers secure local access to your Fireblocks vaults and transaction signing workflows via Raw Signing. It includes biometric authentication, transaction history, and address management.

Key features

  • Secure authentication: Uses your system's biometric authentication (Touch ID on Mac) to protect access.
  • Vault account management: View and create Movement-enabled vault accounts.
  • Coin management: Check balances and transfer MOVE coin and other tokens securely.
  • Transaction history: View transaction details and history per vault account.

Getting started

First launch

  1. Double-click the Fireblocks x Movement application icon.
  2. When prompted, authenticate using Touch ID (on Mac) or your system's configured authentication method.
  3. After the welcome screen introduces the application, select Get Started to begin setting up your credentials.

If this is your first time opening the app after downloading it directly from the developer, you may need to right-click the app icon and select Open to bypass security warnings.

Set up your API keys

The application requires Fireblocks API credentials to function (connects to your Fireblocks account). On the API Key Setup screen, you can:

  1. Generate a new Certificate Signing Request (CSR): Click through the guided steps to generate an RSA key and CSR. Then, download the CSR file and upload it to your Fireblocks account. Enter your API key from Fireblocks when prompted.
  2. Use existing credentials: If you already have credentials, then you can enter them directly. Simply follow the on-screen instructions to complete the process.

Once your credentials are validated, the app will securely store them in the system's keychain. Once your API key is validated, you will be redirected to the main dashboard.

Main dashboard

The main dashboard shows all your Fireblocks Vault accounts with Movement capability.

Key elements

  • Header: Contains the app title, notification bell, and Settings button.
  • Search bar: Filter Vault accounts by name or ID.
  • Filter toggle: Show only accounts with Movement (Aptos) wallets or MOVE balances.
  • Refresh button: Refresh the list of Vault accounts and the MOVE balances.
  • Create button: Add new Vault accounts.
  • Vault Account list: Shows your Vault accounts and their balances.

Viewing Vault account details & Transaction History

The Vault Account table shows each Vault account's name and ID, its total MOVE and tokens balances.

Select any Vault account to view its details page, which includes:

  • Account information
  • Vault account name and ID
  • MOVE token balance total
  • Owned Fungible Assets information (Symbol, Balance, Asset ID)

From a Vault account's details page, you can also create a transfer to send MOVE and tokens to another address, view the Movement address associated with the vault account, and view the Vault account's transaction history. The Transaction History page shows:

  • Transaction ID
  • Type (incoming/outgoing)
  • Amount
  • Source/Destination
  • Via the View on chain explorer button, a direct link to view the transaction on the Movement blockchain explorer for additional verification

Creating a new Vault account

  1. Select Create Vault Account.
  2. Enter the required information.
  3. If you want to associate the Vault account with a customer reference ID for Anti-Money Laundering (AML) purposes, enter that ID in the Customer Reference ID field. Otherwise, leave it blank.
  4. If you want the Vault account to be hidden from the Fireblocks Console, toggle on Hidden from UI. Otherwise, leave it off.
  5. If you want your workspace's Gas Station to auto-fuel the Vault account, toggle on Auto-Fuel. Otherwise, leave it off.
  6. Select Create Account. A Movement (Aptos) wallet will automatically be created in your new Vault account.

Creating transactions

To send MOVE coin and tokens:

  1. Go to the appropriate Vault account's details page.
  2. Select Create Transfer.
  3. On the transaction window, the transaction's source is pre-filled with the current Vault account. Enter the rest of the required information:
    • Enter a recipient Movement address or choose a Vault account from the drop-down list.
    • Choose the asset type to transfer from the drop-down list.
    • Enter the amount to send, or toggle Use Max Amount to send all available tokens.
    • Choose whether the transaction should be gross (i.e., deduct the fee from the sent amount) or net (i.e., add the fee to the sent amount).
  4. Review the transaction summary, then select Create Transaction to initiate the transfer. Note that new transactions will initially appear with the "In process" status until they are sent to the blockchain.
  5. Authenticate with Touch ID when prompted. After the confirmation appears, indicating the transaction has been submitted, sign the transaction using the Fireblocks mobile app or automatic cosigner.

Settings & Security

To access the app's settings, select the gear icon in the top-right corner of the app.

Security settings

  • Authentication Lock Time: Set how long the app stays authenticated before requiring reauthentication. Enter the number of minutes (1-60), then select Save to apply the new timeout value. The next time your session expires, you'll have to reauthenticate with Touch ID.

Credentials management

  • Change Fireblocks API Credentials: Remove the current credentials and enter new ones.
  • Log Out: Enter your current session and remove all credentials from the system's keychain. To log back in, you will have to go through the initial setup process again.

Troubleshooting

Some common issues with the Fireblocks x Movement desktop app can include the following.

Authentication problems

  • Touch ID not working: Ensure Touch ID is properly set up in your system preferences.
  • Authentication timeout too short: Increase the timeout value in Settings.
  • Balance not updating: Click the Refresh button on the Vault accounts list or the Transaction History.
  • Pending transactions: Some transactions may take time to be confirmed on the blockchain.
  • Connection issues: Check your internet connection and restart the app.

API connection errors

  • Invalid API key: Verify your Fireblocks API key is correct and has the appropriate permissions.

Transaction failed

  • Insufficient balance: Ensure you have enough MOVE coin or tokens for the transaction plus fees.
  • Network issues: The Movement network may be experiencing congestion.

Getting support

If you continue to experience one or more of these issues after troubleshooting, contact your Fireblocks Customer Success Manager and ask for assistance from the Professional Services team.

Was this article helpful?
0 out of 0 found this helpful

Related Articles