Use API Signer to programmatically create and sign transactions.
The standard method of creating and signing transactions uses the Fordefi web and mobile interfaces.
You can also create and sign transactions programmatically. With this method, customers maintain self custody of their private keys by running Fordefi's API Signer on their own network or cloud environment.
- Similarly to the mobile app, the API Signer holds the first of two MPC shares for each private key and participates in the MPC signature protocol.
- Unlike the mobile app, the API Signer does not require human intervention to sign a transaction.
Before signing the transaction, the API Signer must be able to verify that the origin of the transaction is an API User that you control. The goal of this verification is to protect you from a situation where an attacker on Fordefi tries to force the API Signer to sign a malicious transaction.
Fordefi protects you from this threat by establishing an end-to-end secure pairing between API Users and the API Signer, which allows the API Signer to verify the origin of each transaction. Whenever an API User creates a transaction, it must authenticate it by signing the body of the request. Fordefi's backend checks the transaction against the organization's policy and sends it to the API Signer. The API Signer verifies that the signature on the transaction request matches a public key that has been registered with the API Signer.
If Fordefi's backend approves the transaction and the API Signer successfully verifies its origin, both parties then jointly sign the transaction through an execution of the MPC protocol.
The process is illustrated here: