I am trying to run retail-demo locally, filled all .env as per examples. However spinning up docker-compose throws:
ERROR: Setup failed: {
backend-1 | “message”: “Unauthorized: Error getting User certificate”,
backend-1 | “code”: -7
backend-1 | }
macOS, with ngrok tunnel. Do I need to setup ssl certificate? this is not mentioned anywhere in the docs.
Hey @gaukhar
Can you share your api key please? (Not the secret key of course)
Uh, I am not sure it is a good idea to share my API key on a public forum. How comes you need it?
Your API key is not secret. I need it to see the logs on our end and understand why you are failing to authenticate (that’s the error you get during the docker initialization as it runs a sanity test to see that the API is authenticated).
In any case, if you don’t feel comfortable with sharing the API key, please let me know if you’re trying to spin the demo app with a production workspace or a sandbox one. I’ll try to check the logs for your user in either one of those.
Thank you for coming back to me. Sandbox please.
I found the missing configuration in the demo app.
The problem is that the demo app was built for the production environment, hence the Fireblocks API client tries to access production environment using your Sandbox API key - that’s why you get the error of “Error getting User certificate”.
We can work on a fix with the team but this will probably happen only early next week.
In the meantime, as a stopgap solution I can recommend you to update the retail demo app code locally by doing the following:
In the following file:
backend/src/service/fireblocks/api.client.ts
Please update (lines 39-49):
this.fireblocksClient = new Fireblocks({
apiKey,
secretKey,
basePath: basePath || BasePath.US,
additionalOptions: {
userAgent: 'retail-demo',
baseOptions: {
httpAgent: axiosInstance,
},
},
});
to:
this.fireblocksClient = new Fireblocks({
apiKey,
secretKey,
basePath: BasePath.Sandbox,
additionalOptions: {
userAgent: 'retail-demo',
baseOptions: {
httpAgent: axiosInstance,
},
},
});
The change here is the Fireblocks API Base Path parameter.
Kindly note that this demo app was intended to run on a production workspace and we would need to double check whether there are any additional potential issues that can happen in the Sandbox environment as those 2 have some differences in the functionality.
We will work on the code update and will revert here once done.
Thanks, this resolved the issue. Observations for everyone’s benefit.
<Webhook Middleware> INFO: In validate Webhook middleware!
backend-1 | Error: Invalid signature
backend-1 | at /usr/src/app/src/middleware/webhook.middleware.ts:26:12
backend-1 | at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
backend-1 | at next (/usr/src/app/node_modules/express/lib/router/route.js:144:13)
backend-1 | at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:114:3)
backend-1 | at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
backend-1 | at /usr/src/app/node_modules/express/lib/router/index.js:284:15
backend-1 | at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:346:12)
backend-1 | at next (/usr/src/app/node_modules/express/lib/router/index.js:280:10)
backend-1 | at Function.handle (/usr/src/app/node_modules/express/lib/router/index.js:175:3)
backend-1 | at router (/usr/src/app/node_modules/express/lib/router/index.js:47:12)
Would mind please confirming if the 5 & 6 are not working by design? I would really like to progress further with learning more about fireblocks ecosystem flows to facilitate retail crypto trading use case - if you have any suggestions please feel free to share.
Hey @gaukhar,
Thanks for putting this summary together.
Re some of the points mentioned above:
NONCE_ALLOCATION_FAILED and it’s related to the durable nonce allocation mechanism we have internally.Re the webhook signature verification error you see in the Webhook Middleware:
This is again because the app was designed to work with the Fireblocks Production environment.
As part of the webhook mechanism, when getting a new message, the app validates that the webhook was signed by Fireblocks. In Sandbox, the validation is done using a different public key. To solve that, please update the .env file:
Instead of:
WEBHOOK_PUB_KEY = '-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0+6wd9OJQpK60ZI7qnZG
jjQ0wNFUHfRv85Tdyek8+ahlg1Ph8uhwl4N6DZw5LwLXhNjzAbQ8LGPxt36RUZl5
YlxTru0jZNKx5lslR+H4i936A4pKBjgiMmSkVwXD9HcfKHTp70GQ812+J0Fvti/v
4nrrUpc011Wo4F6omt1QcYsi4GTI5OsEbeKQ24BtUd6Z1Nm/EP7PfPxeb4CP8KOH
clM8K7OwBUfWrip8Ptljjz9BNOZUF94iyjJ/BIzGJjyCntho64ehpUYP8UJykLVd
CGcu7sVYWnknf1ZGLuqqZQt4qt7cUUhFGielssZP9N9x7wzaAIFcT3yQ+ELDu1SZ
dE4lZsf2uMyfj58V8GDOLLE233+LRsRbJ083x+e2mW5BdAGtGgQBusFfnmv5Bxqd
HgS55hsna5725/44tvxll261TgQvjGrTxwe7e5Ia3d2Syc+e89mXQaI/+cZnylNP
SwCCvx8mOM847T0XkVRX3ZrwXtHIA25uKsPJzUtksDnAowB91j7RJkjXxJcz3Vh1
4k182UFOTPRW9jzdWNSyWQGl/vpe9oQ4c2Ly15+/toBo4YXJeDdDnZ5c/O+KKadc
IMPBpnPrH/0O97uMPuED+nI6ISGOTMLZo35xJ96gPBwyG5s2QxIkKPXIrhgcgUnk
tSM7QYNhlftT4/yVvYnk0YcCAwEAAQ==
-----END PUBLIC KEY-----'
Change to:
WEBHOOK_PUB_KEY = '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+fZuC+0vDYTf8fYnCN6
71iHg98lPHBmafmqZqb+TUexn9sH6qNIBZ5SgYFxFK6dYXIuJ5uoORzihREvZVZP
8DphdeKOMUrMr6b+Cchb2qS8qz8WS7xtyLU9GnBn6M5mWfjkjQr1jbilH15Zvcpz
ECC8aPUAy2EbHpnr10if2IHkIAWLYD+0khpCjpWtsfuX+LxqzlqQVW9xc6z7tshK
eCSEa6Oh8+ia7Zlu0b+2xmy2Arb6xGl+s+Rnof4lsq9tZS6f03huc+XVTmd6H2We
WxFMfGyDCX2akEg2aAvx7231/6S0vBFGiX0C+3GbXlieHDplLGoODHUt5hxbPJnK
IwIDAQAB
-----END PUBLIC KEY-----'
Please let me know if the above solved the issue.
@SlavaSereb thank you for your swift response.
I updated WEBHOOK_PUB_KEY and Error: Invalid signature is no longer an issues.
I was also able to successfully transfer test token to my user account.
Thank you for your help! If it will help I am happy to raise Pull Request with your suggested edits to retail-demo github repo.
@gaukhar thanks for the update.
We will appreciate any contribution 