Skip to main content

Documentation Index

Fetch the complete documentation index at: https://fireblocks-43c4b3ee-chore-add-cli.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

What is a CSR?

A Certificate Signing Request (CSR) is a file that contains your public key and some identifying information. Fireblocks uses the CSR to generate your API user’s public key, which Fireblocks then uses to verify and authenticate your API calls.

Before you begin

Make sure you have the following:
  • Access to a machine where you can run OpenSSL or similar tooling
  • A secure location to store your private key

Step 1: Create the private key & CSR files

Open your terminal or command line and run the following command to generate a private key and CSR: 
openssl req -new -newkey rsa:4096 -nodes -keyout api_private.key -out api_user.csr

What this does

  • Creates a private key file: api_private.key
  • Creates a CSR file: api_user.csr

Security reminder

Never upload or share the api_private.key file. Store it securely using a Key Management System (KMS), HSM, or encrypted file storage.

Step 2: Fill in the CSR details

When prompted, complete the following fields:
FieldDescription
Common Name (CN)Your name or the API user’s name (e.g., John_the_API_Guy)
Organization (O)Your organization’s name
Organizational Unit (OU)Optional field (e.g., API Team)
Country (C)Two-letter country code (e.g., US)
State (ST)Your state or province
Locality (L)Your city

Step 3: Upload the CSR file

  • In the Fireblocks Console, follow these steps to create an API user. Note that only Admin-level workspace users (Owner, Admin, and Non-Signing Admin) can create API users.
  • Upload the api_user.csr file in the CSR File field.

Warning

Do not upload your private key! Keep the api_private.key file secure for signing API requests later.