Crypto on-ramp application

I was planning on creating a crypto on ramp. My requirment is.

  • I have a lot of retail clients
  • They needs to buy crypto
  • Regulations disallow us to move crypto directly from exchange (binance) to user wallet

So I was thinking of using fireblocks as an intemediary. How will the high level architecture of my application looks like and what all features of fireblocks should I make use of?

Hi @abhinandkakkadi,

From a very high level and taking into consideration the little details you provided you would have something like the following:

  1. Binance account of your own

  2. Connect the Binance account to your Fireblocks Workspace (provide the API key to Fireblocks via the console)

  3. The user will fire a “buy” event

  4. You will create a transfer from the connected exchange account to a Fireblocks wallet (either the same one for all or a newly created one for this purchase) via the Fireblocks API.

  5. You can set a low confirmation policy based on your needs and confidence in Binance.

  6. The funds will arrive to the wallet and you’ll get a webhook notification that the withdrawal is completed.

  7. Based on this notification you will create a transaction from your Fireblocks wallet to the end user specified address.
    *If you’re also a custodian of these assets there’s no need to create this transfer and you just leave the funds in the wallet you created for this user

  8. You can also set an AML screening policy (Chainalysis/Elliptic) to scan the external address and make sure that you comply with the required regulation.

That’s pretty much a very high level flow and might require some adjustments based on specific needs/details of your use case.

Let me know if you have any further questions.

@SlavaSereb Thanks, that really helped me get a high level understanding of the flow.

Can you help me with a case so that I can understand it a bit deeper.

  • different users might need different crypto
  • So should I configure multiple vaults and multiple assets(wallets) inside that vaults for each crypto (eg; BTC, ETH etc).
  • My idea was to use a single vaults (since our backend is controlling fireblocks and user does not know about it’s existence)

Also I don’t want end-user to to know anything about fireblocks. They will just specify their personal wallet address and we will be transferring crypto to their wallet.(the reason why we are using fireblocks is because of some regulatory problems which does not allow some exchanges to directly pass it to user’s personal wallets.)

Also what would be the signing process involved in this. I didn’t fully understand the concept of signing. Can I automate the signing process without anyone manually giving auhtorization. ? (Can I use API co singer for automating this signing process)

Also should I use custodial or non custodial for my usecase

Hey @abhinandkakkadi :raised_hand:t2:

In that case you can create one vault account with all the vault wallets (essentially the assets like ETH and BTC) in it and use it for the withdrawals from the exchange account and then transferring the funds to the end user’s address.

In terms of the signing process - Fireblocks uses MPC signing with 3 out of 3 key shares signing scheme. Basically the private key is split into 3 parts which are maintained in the following way:
1 key share is handled by the Fireblocks customer
2 other key shares are stored in Fireblocks.

In the sandbox environment we abstracted the key management process for user’s convenience hence you are not handling any keys on your side when working in Sandbox.
In production you will be able to set up a server and install the Fireblocks CoSigner software on it. The cosigner will eventually hold a key share on your end and will sign transactions automatically without any person involved in the process.

If you want to set a Transaction Authorization Policy rule or a set of rules, for example a rule that dictates that transactions with an amount above a certain threshold need to get a manual approval, this can be done as well. So in that case the approval will be manual and the signing will be automatic based on the transaction’s amount.

It is not mandatory and can be configured only if your use case really require that.

But Can’t we use Co signer callback handler for the signing process so we don’t need a dedicated software installed for it?

Also My plans were to use

  • All the api’s under. vault section
  • Some api’s under transaction section

According to my usecsase is there any other api’s that I should make use of?

Hey @abhinandkakkadi

The cosigner callback handler is a plugin for the Fireblocks cosigner software so you cannot use it without the dedicated Fireblocks software.
It’s an optional component that just adds extra logic to the automatic signing process.

You’ll might also need to use the APIs for the exchange accounts connections for listing your accounts and their balances.

Hi @SlavaSereb

Got it.

  • If auto fueling is turned on for a vault. Is there anything extra setup that we need to do?

  • does external wallet needs to be whiteliseted before transfering asset for vault to end users vault account

Hey @abhinandkakkadi

  1. Auto fueling is part of the Fireblocks Gas Station feature which is not required in your case.

  2. Whitelisting is optional. You can enable the One time Address setting under the “Settings” page and simply move funds to a non whitelisted addresses.

Hope it makes sense. Let me know if you have any other questions.

Sorry for asking a lot of questions,
But since we might transfer EVM based assets like ETH from exchanche to vault and then from vault to users personal wallets.
Don’t we need autofuelig, or did I have a wrong idea about idea of auotfueling.

My understanding: whenever we create transfer of asset based on EVM we need gas fees, which if autofuel is turned on will be managed by fireblocks

  • Also where will we get the software. Will it be available as docker image?