Overview

When Azure region issues occur where an API Co-Signer instance is running, it can have the following effects:

• Connectivity issues
• An instance crashing, becoming unavailable, or damaged and irrecoverable
• Withdrawals not being processed and getting stuck in the PENDING_SIGNATURE or QUEUED statuses due to the API Co-Signer being unable to sign transactions

To check your Azure region's status, visit the Azure status page.

Workarounds

During an Azure region outage, you can use one of the following workarounds to ensure your financial operations continue uninterrupted. After the outage is resolved, you can return to your normal setup and resume operations.

1. Create a new API Co-Signer instance in another region

Follow the "New server" instructions in this article. You can then re-enroll your existing API user and pair it with your new API Co-Signer instance.

If you need any assistance, contact Fireblocks Support.

Checking the instance's health post-migration

To verify the instance is healthy after the maintenance reboot:

1. Run the following command to output a list of all running containers.

   # docker ps -a

2. Confirm the cosigner-init docker container is not running.
3. Confirm the cosigner docker container is not restarting.
4. Cancel any transactions that are stuck in the PENDING_SIGNATURE status.
5. Verify that the status of your QUEUED transactions has changed to PENDING_SIGNATURE and that the API Co-Signer is able to process them.

2. Define a user's mobile device as a designated signer on your TAP

You can define a user's mobile device as the designated signer for Transaction Authorization Policy (TAP) rules that previously required your API Co-Signer to sign. However, this solution may not be ideal for some customers since it requires you to cancel manually all transactions that were already submitted, resubmit them, and then have them signed manually.

If you decide to change your TAP rules, contact Fireblocks Support.

3. Migrate an existing API Co-Signer instance to an unaffected region

Follow the official guide from Microsoft. If you require any additional clarification, contact Azure for technical assistance.

Note that this operation might take a considerable amount of time.

Checking the instance's health post-migration

To verify the instance is healthy after the maintenance reboot:

1. Run the following command to output a list of all running containers.

   # docker ps -a

2. Confirm the cosigner-init docker container is not running.
3. Confirm the cosigner docker container is not restarting.
4. Cancel any transactions that are stuck in the PENDING_SIGNATURE status.
5. Verify that the status of your QUEUED transactions has changed to PENDING_SIGNATURE and that the API Co-Signer is able to process them.