Fordefi's API Signer is a service that you run on your own network or cloud environment.
- Similarly to the mobile app, the API Signer holds the first of two MPC shares for each private key and participates in the MPC signature protocol.
- Unlike the mobile app, the API Signer does not require human intervention to sign a transaction.
Before signing the transaction, the API Signer must be able to verify that the origin of the transaction is an API client that you control. The goal of this verification is to protect you from a situation where an attacker on Fordefi tries to force the API Signer to sign a malicious transaction. Fordefi protects you from this threat by establishing an end-to-end secure pairing between API clients and the API Signer, which allows the API Signer to verify the origin of each transaction.
In preparation for creating transactions programmatically, run API Signer using one of two supported methods.
Then, to create a transaction:
- Authenticate transactions
- Call the Create Transaction endpoint. The signed request is the input to this endpoint.
Fordefi's backend checks the transaction against the organization's policy and sends it to the API Signer. The API Signer verifies that the signature on the transaction request matches a public key that has been registered with the API Signer.
If Fordefi's backend approves the transaction and the API Signer successfully verifies its origin, both parties then jointly sign the transaction through an execution of the MPC protocol.
The process is illustrated here: