# Set up an API Signer The standard method of creating and signing transactions uses the Fordefi web and mobile interfaces. See [Fordefi web console](/user-guide/welcome/product-interfaces#fordefi-web-console) and [Fordefi web browser extension](/user-guide/welcome/product-interfaces#fordefi-web-browser-extension-to-connect-securely-with-dapps). You can also create and sign transactions *programmatically*. With this method, customers maintain self custody of their private keys by running Fordefi's API Signer on their own network or cloud environment. - Similarly to the mobile app, the API Signer holds the first of two MPC shares for each private key and participates in the MPC signature protocol. - Unlike the mobile app, the API Signer does not require human intervention to sign a transaction. The process is illustrated here: alt ## Deployment options Depending on your needs, use one of the following options: - Deploy it as a standalone dockerized application. This option is most useful for use on a "bare metal" server, or virtual machine. [Learn more](/developers/getting-started/set-up-an-api-signer/install-the-api-signer). - Deploy it as a Kubernetes application and distribute it using Helm Chart. [Learn more](/developers/getting-started/set-up-an-api-signer/deploy-api-signer-kubernetes-helm-chart). Minimum requirements for virtual machines are 0.5vCPU per 1GB memory. Activate the API Signer Once you have deployed the Fordefi docker image, make sure you [activate it](/developers/getting-started/set-up-an-api-signer/activate-api-signer). ## Deployment tips Here are some known issues and workarounds while you configure your API signer: ### Networking best practices for deployment - Block all ingress traffic Block all ingress traffic to your Signer. API Signer only needs egress access to `api.fordefi.com`. You can verify the endpoint using: ```bash nslookup api.fordefi.com ``` - Are you experiencing latency? Install your Signer in the `us-east-1` server, where the Fordefi backend is also located. ### Can an organization have more than one API Signer? - Each organization is limited to *one API Signer*. - However, you can register *unlimited API Users* with that Signer, as long as they are part of the same organization. - If you need a second API Signer, you'll need to create a *separate organization* with its own set of API Users.