Skip to main content

Documentation Index

Fetch the complete documentation index at: https://fireblocks-43c4b3ee-chore-add-cli.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

By the end of this guide, you will have:
  • Created and approved an API user
  • Initialized the Fireblocks SDK
  • Created a vault account
  • Sent your first transaction

How API Authentication Works

Fireblocks uses asymmetric cryptography to secure API communication. Here’s what that means for you:
ComponentLocationPurpose
API secret key (private key)Your environment onlySigns every API request to prove it came from you
Public keyFireblocksVerifies that requests were signed by your secret key
This design ensures your API secret never leaves your environment. Fireblocks only receives your public key. We cannot sign requests on your behalf, and a compromised Fireblocks system would not expose your credentials. The CSR (Certificate Signing Request) flow in Step 1 is simply the mechanism for generating this key pair.

Step 1: Generate a CSR file

Every API request to Fireblocks must be cryptographically signed using your API secret key (also called a private key). This signature proves the request originated from your authorized system. In this step, you’ll generate:
  • A secret key that stays in your environment and signs requests
  • A CSR file containing the corresponding public key, which you’ll upload to Fireblocks
Use OpenSSL to generate both files:
  1. (Windows users) Install Win32OpenSSL using the default settings.
  2. (Windows users) Open OpenSSL Command Prompt.
  3. In your CLI, run:
openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj '/O=<your_organization>'
This command creates:
  • fireblocks_secret.key - your RSA 4096 private key (API secret)
  • fireblocks.csr - the CSR you will upload when creating the API key
  1. Store the secret key file securely.

Step 2: Create an API key

If you’re using a Sandbox environment, you can skip this step. Sandboxes come with an API user already created and access to the Communal Test Co-signer.
To create an API key with a signing role, complete the following steps:
  1. In the Fireblocks Console, go to Developer Center > API Users.
  2. Select Add API user.
  3. Name the API user, select the appropriate workspace role for it (e.g., Signer if you want it to sign transactions), and upload the CSR file you created in Step 1.
  4. Select Add user.
After the request to add the API user is approved, it will appear in the API users list. You’ll receive an API Key (API User ID), a unique identifier for the API user that you’ll use alongside your secret key.

Step 3: Initialize SDK

Choose and Set Up Your SDK

Fireblocks provides official SDKs for multiple languages: Install the appropriate SDK for your environment: 
npm install fireblocks-sdk

Initialize the SDK Client

After installing the SDK, initialize the client with:
  • Your API Key (obtained from the Fireblocks Console after creating the API user)
  • Your API secret key (the fireblocks_secret.key file generated in Step 1)
The SDK uses your secret key to sign each API request automatically. 
import { FireblocksSDK } from "fireblocks-sdk";
import fs from "fs";

const apiKey = "<YOUR_API_KEY>";
const privateKey = fs.readFileSync("fireblocks_secret.key", "utf8");

const fireblocks = new FireblocksSDK(privateKey, apiKey);
Replace <YOUR_API_KEY> with your API Key from the Fireblocks Console.

Step 4: Create a Vault Account

A Vault Account is where your assets are securely stored. You can use the SDK to create one: 
const vault = await fireblocks.createVaultAccount('My First Vault');
console.log(vault);
You can view the new Vault account in the Console under Accounts > Vault.

Get Test Funds

If you’re using a Sandbox, your account should come pre-funded. If you need additional funds, see Receiving funds into your Fireblocks account for more information.

Step 5: Create a Transaction

Now that your vault has funds, you can create your first transaction: 
const transaction = await fireblocks.createTransaction({
  assetId: 'ETH_TEST',
  source: { type: 'VAULT_ACCOUNT', id: vault.id },
  destination: { type: 'EXTERNAL_WALLET', id: '<YOUR_WALLET_ID>' },
  amount: '0.01',
});
console.log(transaction);

Step 6: Verify Transactions

To verify your transaction statuses, use the following endpoints. For Fireblocks transactions, use the following: 
const tx = await fireblocks.getTransactionById(txId);
For external transactions, use the following: 
const tx = await fireblocks.getTransactionByExternalTxId(externalTxId);

Next Steps