The standard method of creating and signing transactions uses the Fordefi web and mobile interfaces. See Fordefi web console and Fordefi web browser extension.
You can also create and sign transactions programmatically. With this method, customers maintain self custody of their private keys by running Fordefi's API Signer on their own network or cloud environment.
- Similarly to the mobile app, the API Signer holds the first of two MPC shares for each private key and participates in the MPC signature protocol.
- Unlike the mobile app, the API Signer does not require human intervention to sign a transaction.
The process is illustrated here:
Depending on your needs, use one of the following options:
- Deploy it as a standalone dockerized application. This option is most useful for use on a "bare metal" server, or virtual machine. Learn more.
- Deploy it as a Kubernetes application and distribute it using Helm Chart. Learn more.
Minimum requirements for virtual machines are 0.5vCPU per 1GB memory.
Once you have deployed the Fordefi docker image, make sure you activate it.
Here are some known issues and workarounds while you configure your API signer:
Block all ingress traffic
Block all ingress traffic to your Signer. API Signer only needs egress access to
api.fordefi.com.
You can verify the endpoint using:nslookup api.fordefi.comUsing AWS?
To further restrict egress traffic, you can set up a VPC-to-VPC PrivateLink with us.
Our endpoint:com.amazonaws.vpce.us-east-1.vpce-svc-05d9488e431a4ceb5Are you experiencing latency?
Locate your Signer in the
us-east-1server, where the Fordefi backend is also located.
- Each organization is limited to one API Signer.
- However, you can register unlimited API Users with that Signer, as long as they are part of the same organization.
- If you need a second API Signer, you'll need to create a separate organization with its own set of API Users.