How to fix this error: data: { message: 'invalid signature', code: -1 }

Support
1

Hi, i am developing a NCW web app like (GitHub - fireblocks/ncw-web-demo: An example usage of @fireblocks/ncw-js-sdk for managing non-custodial wallets). after the device being assigned and creation of walletId. Next step, SDK Initialization returns 401.

request: <ref *1> ClientRequest {
_events: [Object: null prototype],
_eventsCount: 7,
_maxListeners: undefined,
outputData: ,
outputSize: 0,
writable: true,
destroyed: true,
_last: false,
chunkedEncoding: false,
shouldKeepAlive: true,
maxRequestsOnConnectionReached: false,
_defaultKeepAlive: true,
useChunkedEncodingByDefault: true,
sendDate: false,
_removedConnection: false,
_removedContLen: false,
_removedTE: false,
strictContentLength: false,
_contentLength: ‘292’,
_hasBody: true,
_trailer: ‘’,
finished: true,
_headerSent: true,
_closed: true,
socket: [TLSSocket],
_header: 'POST /v1/ncw/wallets/91a4c49b-f21a-420b-9ece-031c8b867beb/devices/3e688652-
‘Content-Length: 292\r\n’ +
‘Accept-Encoding: gzip, compress, deflate, br\r\n’ +
‘Host: sandbox-api.fireblocks.io\r\n’ +
‘Connection: keep-alive\r\n’ +
‘\r\n’,
_keepAliveTimeout: 0,
_onPendingData: [Function: nop],
agent: [HttpsAgent],
socketPath: undefined,
method: ‘POST’,
maxHeaderSize: undefined,
insecureHTTPParser: undefined,
joinDuplicateHeaders: undefined,
path: ‘/v1/ncw/wallets/91a4c49b-f21a-420b-9ece-031c8b867beb/devices/3e688652-682c-486c-aa61-9e8f8b478979/invoke’,
_ended: true,
res: [IncomingMessage],
aborted: false,
timeoutCb: null,
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: true,
host: ‘sandbox-api.fireblocksio’,
protocol: ‘https:’,
_redirectable: [Writable],
[Symbol(shapeMode)]: false,
[Symbol(kCapture)]: false,
[Symbol(kBytesWritten)]: 0,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype],
[Symbol(errored)]: null,
[Symbol(kHighWaterMark)]: 16384,
[Symbol(kRejectNonStandardBodyWrites)]: false,
[Symbol(kUniqueHeaders)]: null
},
data: { message: ‘invalid signature’, code: -1 }
}
}
::1 - - [01/Apr/2024:19:14:52 +0000] “POST /api/devices/3e688652-682c-486c-aa61-9e8f8b478979/rpc HTTP/1.1” 401 47 “http//localhost:3000/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”

im using,
FIREBLOCKS_API_SECRET = NCW_ADMIN_PRIVATE_KEY
FIREBLOCKS_API_KEY_NCW_SIGNER=NCW_SIGNER_API
FIREBLOCKS_API_KEY_NCW_ADMIN=NCW_ADMIN_API
FIREBLOCKS_WEBHOOK_PUBLIC_KEY=“-----BEGIN PUBLIC KEY-----”
FIREBLOCKS_API_BASE_URL=https//sandbox-api.fireblocksio

also, can you please specify how to set up a webhook public key for the development (localhost cannot be added in console) or any other ways to do it.

Thanks in advance.

2

Hi @potato

Alec from Fireblocks here. Typically, the “invalid signature” error response means that the private key you are signing the call with does not match the API key you are using: Common Issues. Please verify that the private key corresponds to the .csr file used to create the API user.

To expose localhost for webhooks, I would recommend using ngrok: https://ngrok.com/

3

Hi @alec

Thanks for the reply. Here are some detailed information regarding the error.

I’ve double checked the private key, also tried creating a new NCW Admin CSR and changed the secret Key and the API Key in the backend (.env). Still i’m getting 401 (unauthorized) to initialize the SDK. Even if the private key is invalid, how am i able to assign a deviceId to create a walletId in the first place?

If we conclude that the problem is from the client side, i cloned the fireblocks official react demo example app (GitHub - fireblocks/ncw-web-demo: An example usage of @fireblocks/ncw-js-sdk for managing non-custodial wallets), changed Firebase Auth and connected with the local backend and getting the same 401 unauthorized.

I think the possible error would be at the environment entry points of the local backend server.

if possible can you please provide the exact environment (.env) file format used in the hosted version of the backend example https://ncw-demo-dev.2uaqu5aka49io.eu-central-1.cs.amazonlightsail.com.

.env for the example used:

NODE_ENV=dev
PORT=3001
CMC_PRO_API_KEY=""

# Fireblocks API
# FIREBLOCKS_API_SECRET & FIREBLOCKS_API_KEY_NCW_ADMIN - NCW Admin CSR.
FIREBLOCKS_API_SECRET="-----BEGIN PRIVATE KEY-----
Sf5UXRuSU71TvJ/W0sL3Bts1cspY/zGj9rZshzWc5jKRK7uyiFtGbHHpD4beIDm3
....
Bwy7pMRMvoJbmmYSJ1peTA5ulxnqo1U74FrnRQLk4UMh5W9Rvhcxn67oI+xgxhBH
ntODRl/aaLvEbsl/4Fc1P7m+wKYUDjPhyl0paA3qhaVs3HaUlVqG+mNN3XXdiqwK
1BaLDhvPAO3syKN8/6OX0tV9u/6/NLcDsmYQA6TfSMAYSwtpsXAxVAbZVL1DcZNt
ZV62aHuR/sru0I8gtzTAZStcnqJF8NYbERK0by8R7dwlhnBdHz6msXRXf/bqdevU
EsZhuzWDijU7dOJUU4xNIJQ2tqEbRsKCwO6iYRyljjJ37bg0P1OSYgPrgn4WGnQb
n8Sep0JkdCb92Cvs1WWWX4TLWwebWraH6WUXyFB4r0LQ1DKRboLvV+1KgHMnJ0sl
-----END PRIVATE KEY-----" 

FIREBLOCKS_API_KEY_NCW_ADMIN="Admin_api"
FIREBLOCKS_API_KEY_NCW_SIGNER="Signer_api"
FIREBLOCKS_WEBHOOK_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----"
FIREBLOCKS_API_BASE_URL="https://sandbox-api.fireblocks.io"

# Database
DB_HOST=localhost
DB_PORT=3306
DB_USERNAME=root
DB_PASSWORD=<root_password>
DB_NAME=ncw_demo

# Auth (Firebase)
JWKS_URI=https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com
ISSUER=https://securetoken.google.com/fireblocks-web-app-cdb96
AUDIENCE=fireblocks-web-app-cdb96

Thanks in advance,
Manoranjith Shankar.