Your API key is not secret. I need it to see the logs on our end and understand why you are failing to authenticate (that’s the error you get during the docker initialization as it runs a sanity test to see that the API is authenticated).
In any case, if you don’t feel comfortable with sharing the API key, please let me know if you’re trying to spin the demo app with a production workspace or a sandbox one. I’ll try to check the logs for your user in either one of those.
I found the missing configuration in the demo app.
The problem is that the demo app was built for the production environment, hence the Fireblocks API client tries to access production environment using your Sandbox API key - that’s why you get the error of “Error getting User certificate”.
We can work on a fix with the team but this will probably happen only early next week.
In the meantime, as a stopgap solution I can recommend you to update the retail demo app code locally by doing the following:
In the following file: backend/src/service/fireblocks/api.client.ts
The change here is the Fireblocks API Base Path parameter.
Kindly note that this demo app was intended to run on a production workspace and we would need to double check whether there are any additional potential issues that can happen in the Sandbox environment as those 2 have some differences in the functionality.
We will work on the code update and will revert here once done.
Thanks, this resolved the issue. Observations for everyone’s benefit.
App is running locally against sandbox.
Withdrawal vaults 1,2,3 created with three test wallets in each, can see those newly created in sandbox.
Database created.
Able to login and access using google oauth, had to add authorised redirect URI in google console which wasn’t in the instructions but that’s easy to deduct.
App is using CMC api key however the UX does not display any real time asset prices anywhere, I found that odd.
Tried to transfer SOL_TEST to created user wallet but failed. I suspect this is due to my sandbox api user being non-signing admin paired with community co-signer.
<Webhook Middleware> INFO: In validate Webhook middleware!
backend-1 | Error: Invalid signature
backend-1 | at /usr/src/app/src/middleware/webhook.middleware.ts:26:12
backend-1 | at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
backend-1 | at next (/usr/src/app/node_modules/express/lib/router/route.js:144:13)
backend-1 | at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:114:3)
backend-1 | at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
backend-1 | at /usr/src/app/node_modules/express/lib/router/index.js:284:15
backend-1 | at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:346:12)
backend-1 | at next (/usr/src/app/node_modules/express/lib/router/index.js:280:10)
backend-1 | at Function.handle (/usr/src/app/node_modules/express/lib/router/index.js:175:3)
backend-1 | at router (/usr/src/app/node_modules/express/lib/router/index.js:47:12)
Would mind please confirming if the 5 & 6 are not working by design? I would really like to progress further with learning more about fireblocks ecosystem flows to facilitate retail crypto trading use case - if you have any suggestions please feel free to share.
Thanks for putting this summary together.
Re some of the points mentioned above:
This is part of the google oauth setup instructions. Is that part missing there or unclear?
We will check this
This specific transaction failed with sub-status: NONCE_ALLOCATION_FAILED and it’s related to the durable nonce allocation mechanism we have internally.
This is a sporadic error that happens on our side and the team is already looking into that. Retrying the transaction (in some cases multiple times) should resolve the issue.
Re the webhook signature verification error you see in the Webhook Middleware:
This is again because the app was designed to work with the Fireblocks Production environment.
As part of the webhook mechanism, when getting a new message, the app validates that the webhook was signed by Fireblocks. In Sandbox, the validation is done using a different public key. To solve that, please update the .env file:
Instead of:
WEBHOOK_PUB_KEY = '-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0+6wd9OJQpK60ZI7qnZG
jjQ0wNFUHfRv85Tdyek8+ahlg1Ph8uhwl4N6DZw5LwLXhNjzAbQ8LGPxt36RUZl5
YlxTru0jZNKx5lslR+H4i936A4pKBjgiMmSkVwXD9HcfKHTp70GQ812+J0Fvti/v
4nrrUpc011Wo4F6omt1QcYsi4GTI5OsEbeKQ24BtUd6Z1Nm/EP7PfPxeb4CP8KOH
clM8K7OwBUfWrip8Ptljjz9BNOZUF94iyjJ/BIzGJjyCntho64ehpUYP8UJykLVd
CGcu7sVYWnknf1ZGLuqqZQt4qt7cUUhFGielssZP9N9x7wzaAIFcT3yQ+ELDu1SZ
dE4lZsf2uMyfj58V8GDOLLE233+LRsRbJ083x+e2mW5BdAGtGgQBusFfnmv5Bxqd
HgS55hsna5725/44tvxll261TgQvjGrTxwe7e5Ia3d2Syc+e89mXQaI/+cZnylNP
SwCCvx8mOM847T0XkVRX3ZrwXtHIA25uKsPJzUtksDnAowB91j7RJkjXxJcz3Vh1
4k182UFOTPRW9jzdWNSyWQGl/vpe9oQ4c2Ly15+/toBo4YXJeDdDnZ5c/O+KKadc
IMPBpnPrH/0O97uMPuED+nI6ISGOTMLZo35xJ96gPBwyG5s2QxIkKPXIrhgcgUnk
tSM7QYNhlftT4/yVvYnk0YcCAwEAAQ==
-----END PUBLIC KEY-----'
Change to:
WEBHOOK_PUB_KEY = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+fZuC+0vDYTf8fYnCN6
71iHg98lPHBmafmqZqb+TUexn9sH6qNIBZ5SgYFxFK6dYXIuJ5uoORzihREvZVZP
8DphdeKOMUrMr6b+Cchb2qS8qz8WS7xtyLU9GnBn6M5mWfjkjQr1jbilH15Zvcpz
ECC8aPUAy2EbHpnr10if2IHkIAWLYD+0khpCjpWtsfuX+LxqzlqQVW9xc6z7tshK
eCSEa6Oh8+ia7Zlu0b+2xmy2Arb6xGl+s+Rnof4lsq9tZS6f03huc+XVTmd6H2We
WxFMfGyDCX2akEg2aAvx7231/6S0vBFGiX0C+3GbXlieHDplLGoODHUt5hxbPJnK
IwIDAQAB
-----END PUBLIC KEY-----'