Data: { message: ‘invalid signature’, code: -1 }

"I am currently in the process of setting up the ncw-backend-demo repository to test the APIs. On the frontend side, I have a Flutter setup. When the login event is triggered from the frontend, three consecutive routes are called:

  1. Login API
  2. Assigns a newly generated deviceId (POST /api/devices/:deviceId/assign)
  3. API for sending NCW SDK-generated messages to the backend, which then forwards these to the Fireblocks API (GET /api/devices/:deviceId/rpc).

The first two APIs are functioning perfectly fine; however, the second API encounters an error with the message: ‘Invalid signature’ and the error code: -1.

On the backend, I am using the ncw-backend-demo repository. For the Flutter setup, I have configured it to interact with the backend APIs.

Your assistance in resolving this issue would be greatly appreciated."

Hi Akash,
Can you please make sure if the keys were generated correctly on the front end?
Before the key generation step, the SDK needs to be initialized
Please make sure the SDK is initialized correctly before key generation.
The RPC calls wont work if the SDK is not initialized

Also can you please try using our front-end demo and check if you have same issues in the workflow?


Hi mnamakwala,

Thankyou for you response,

We are using same depositories which are present on the fireblocks demo repositories and we did not changed anything still we are facing same issue, I am adding repositories link over here.
For frontend
GitHub - fireblocks/ncw-ios-demo
For backend
GitHub - fireblocks/ncw-backend-demo: Fireblocks Non custodial wallet demo backend

Also I am confused with some of the env variables for backend configuration could you help me with it like how will i get those variables may be this can be the cause of error


It will be helpful if I get help on this as soon as possible

Thank you.

Hi Akash,
The FIREBLOCKS_API_SECRET is the secret key generated during creation of the CSR file used to create API user.
Please use the same CSR file to create NCW ADMIN and NCW SIGNER users.

Please check out the articles above.


You can find the API keys in the console on the user page.…a-,Retrieving%20an%20API%20user’s%20key,-When%20you%20want