Overview

The API Co-Signer has a Command-Line Interface (CLI) that includes the below options for managing your API Co-Signer instance.

Learn more about the API Co-Signer.

Setup

./cosigner setup

The setup command installs all the prerequisites for running your API Co-Signer. Learn more about all steps required for setting up an API Co-Signer.

Start

./cosigner start

The start command initializes an API Co-Signer instance. This command is used during initial setup, backup, recovery, and after restarting a server.

Stop

./cosigner stop

The stop command stops your API Co-Signer instance from receiving or responding to any requests.

Restart

./cosigner restart

The restart command stops and then starts your API Co-Signer instance. This is typically used in cases where the server instance encounters memory allocation issues. This command is SGX compatible only.

Logs

./cosigner logs

./cosigner logs 10000

The logs command retrieves your API Co-Signer instance's logs and exports them to the assigned directory. The logs are not automatically uploaded to Fireblocks Support. Append a number to the command to retrieve the specified most recent amount of lines.

These logs are also stored in the /databases/cosigner/log directory. Learn more about monitoring your API Co-Signer.

Note: This command is currently partially inactive for security reasons. 

List-users

./cosigner list-users

The list-users command shows you a list of all the API users linked to your API Co-Signer instance, their user IDs, and their associated callback handler URL if available.

Add-user

./cosigner add-user

The add-user command pairs an additional API user with your API Co-Signer instance. This command only functions after pairing the first user during the initial setup of an API Co-Signer.

Adding a user requires copying the pairing token from the user settings page in your Fireblocks Console. If this API user interacts with a callback handler, you will also need to provide the callback handler URL and public key. Learn more about creating new API users in your workspace from the Fireblocks Console.

Print-public-key

./cosigner print-public-key

The print-public-key command returns a public key used for verifying communication between your API Co-Signer and the optional callback handler. Learn more about setting up a callback handler.

Upgrade-script

./cosigner upgrade-script

The upgrade-script command downloads a new API Co-Signer installation script. Contact Fireblocks Support to request a specific API Co-Signer version.

Learn more about updating your API Co-Signer.

Learn more about the API Co-Signer version history and how to check your current version.

Callback-update

./cosigner callback-update

The callback-update command sets a new callback handler URL for your API Co-Signer instance. You must specify the API user to associate with the callback update if more than one API user is paired with your API Co-Signer instance. You can view all linked API user IDs with the list-users command.

• If you want to update your callback handler URL and use the same Callback Handler certificate or public key, this command is all you need.
• If you want to add a callback handler to a paired API user or update your callback handler URL but change the certificate or use a different public key, re-enroll your API users from the Fireblocks Console and re-pair them with your API Co-Signer instance using the add-user command.
  • If only one user is paired with your API Co-Signer, re-enrolling requires a full API Co-Signer setup to initialize the API user and pair it with the new callback handler URL. Learn more about setting up the API Co-Signer with a callback handler.