Fireblocks Integration
Fireblocks is an institutional platform for storing and moving digital assets. Used by banks, exchanges, brokers, and large DeFi protocols. Core is MPC-CMP (Multi-Party Computation) protocol: private key never exists wholly in one place, signature produced by joint computation of multiple parties.
Fireblocks Architecture
MPC-CMP. Key divided between Fireblocks servers, client mobile app, and (optionally) independent third party. For signing minimum 2 of 3 participants needed. Compromise of one — not compromise of key.
Policy Engine. Rules for each transaction type: address whitelist, limits, require double approval, time-based rules. Transaction violating policy automatically blocked.
Vaults and Wallets. Vault — logical group. Inside vault — wallets for different assets. One vault = one client, or one trading account, or one strategy.
API Integration
import { FireblocksSDK, PeerType, TransactionOperation } from "fireblocks-sdk";
const fireblocks = new FireblocksSDK(
privateKey, // RSA private key for API authentication
apiKey, // API key from Fireblocks Console
"https://api.fireblocks.io"
);
// Create vault account
const vault = await fireblocks.createVaultAccount("Client_123");
// Create wallet inside vault
const wallet = await fireblocks.createVaultAsset(vault.id, "ETH");
console.log(`Deposit address: ${wallet.address}`);
// Send transaction
const txResponse = await fireblocks.createTransaction({
assetId: "ETH",
source: {
type: PeerType.VAULT_ACCOUNT,
id: vault.id,
},
destination: {
type: PeerType.ONE_TIME_ADDRESS,
oneTimeAddress: { address: "0xRecipient" },
},
amount: "0.5",
note: "Payment to client",
});
// Wait for completion (transaction passes through Policy Engine and MPC signature)
const txInfo = await fireblocks.getTransactionById(txResponse.id);
Webhook Integration
Fireblocks notifies about transaction statuses via webhooks. Important: webhooks signed with RSA — need to verify signature:
import { FireblocksWebhookHandler } from "fireblocks-sdk";
app.post("/fireblocks/webhook", express.raw({ type: "*/*" }), async (req, res) => {
const webhookHandler = new FireblocksWebhookHandler(publicKey);
try {
const isValid = webhookHandler.validateSignature(
req.rawBody,
req.headers["fireblocks-signature"] as string
);
if (!isValid) {
return res.status(401).send("Invalid signature");
}
const event = JSON.parse(req.body.toString());
switch (event.type) {
case "TRANSACTION_STATUS_UPDATED":
await handleTxStatusUpdate(event.data);
break;
case "VAULT_ACCOUNT_ADDED":
await handleNewVault(event.data);
break;
}
res.status(200).send("OK");
} catch (err) {
res.status(500).send("Error");
}
});
DeFi Integration via Fireblocks
For DeFi protocol interaction — Fireblocks Web3 Provider:
import { FireblocksWeb3Provider, ChainId } from "@fireblocks/fireblocks-web3-provider";
const provider = new FireblocksWeb3Provider({
privateKey: process.env.FIREBLOCKS_API_PRIVATE_KEY!,
apiKey: process.env.FIREBLOCKS_API_KEY!,
vaultAccountIds: "0",
chainId: ChainId.ETHEREUM,
});
const web3 = new Web3(provider);
// Now standard web3 calls use Fireblocks for signing
const contract = new web3.eth.Contract(ABI, contractAddress);
await contract.methods.deposit(amount).send({ from: vaultAddress });
Pricing and When to Choose
Fireblocks expensive solution (from $25k/year for enterprise tier). Justified when:
- Managing assets over $10M
- Regulatory compliance requirements (SOC 2, ISO 27001)
- Team of multiple signers
- Integration with traditional finance
For startups and smaller volumes — Safe Multisig + own custody workflow significantly cheaper.
Fireblocks API integration into existing product — 2-4 weeks. Includes Policy Engine setup, vault structure, webhook handlers, and Fireblocks Sandbox testing.