API request to create a transaction by "NCW Signer" returns "403 Forbidden"

We work with Hedera hashgraph and use fireblocks-sdk-js. When a user with NCW Signer or NCW Admin role attempts to create a transaction via API, the call returns 403 Forbidden. Here is the relevant code snippet:

async createTransaction(message: string) {
        try {
            const transaction = await this.client.createTransaction({
                operation: TransactionOperation.RAW,
                source: {type: PeerType.VAULT_ACCOUNT, id: 'Default'},
                assetId: 'HBAR_TEST',
                extraParameters: {rawMessageData: {messages: [{content: Buffer.from(message).toString('hex')}]}}
            const txInfo = await this.client.getTransactionById(transaction.id)
            return txInfo
        } catch (e) {

The signedMessages field contains an empty array as a result.

Perhaps there needs to be some special configuration for the users in the sandbox?

Hi Andrew,
Thank you for posting your issue.

The problem is the source is not correct.

While using NCW users, the source can only be END-USER NCW wallets.
NCW users are not permitted to create transactions where the source is a vault.
A non-NCW user can create transactions where the source is a vault account.
I hope this clears it up.

@mnamakwala Thank you very much for coming back to me, it makes sense but now I have a follow-up question: can this non-NCS user be created in a sandbox account? If not what/where needs to be done to make our code work please?

Yes, you can.
It will be an API user with any other user role that would have permission to initiate transactions.

I guess this means I should be able to, but I am not given an option for this - please see the screenshots attached

@mnamakwala .

Second part:
image (2)

Part 3:
image (1)

A signing admin and editor can initiate transactions but not sign them.
Can you try selecting an admin or signer role?

@mnamakwala I posted the screenshots above with everything that I have available in the UI for me, just to clarify again - the UI presents only the following options:

  • Viewer
  • Editor
  • Non Custodial Wallet Admin
  • Non Custodial Wallet Signer
  • Non-Signing Admin
  • Non Custodial Wallet Admin

I do not see ‘admin’ or ‘signer’ role - this is the point I am trying to convey. Please help getting this resolved.

Please use an editor role

@mnamakwala Thank you, using Editor role we can create the transaction, however the signedMessages field still contains an empty array as a result. Why or what should we do differently? Or would it be possible to see a working example somewhere that would answer our question? A link or a code snipped posted here would help enormously please.

Hi Andrew,
Please take a look at this article about RAW Message signing it has a code snippet.

Hello @mnamakwala, thank you. We were unable to make the code work in the account in sandbox. However we got access to a ‘console’ account and the same code which did not work in the sandbox worked there. I am not sure what exactly the issue is/was, but it seems to have been something to do with the account configuration. Anyway we have been able to progress now, thank you for trying to help us.

I’m glad to hear it works now.
I am happy to assist always