Hey everyone! 
I’m new here and working on my very first API project using the Fireblocks Developer Sandbox. I’m 17, just starting out in the API security and bug bounty world (I’m a researcher on HackerOne too – trying to learn by doing ).
So I set up the Fireblocks Postman collection, created an API user, added the API key and private key (copied properly from .key file), and set the environment variable baseUrl to:
https://sandbox-api.fireblocks.io/v1
Also selected the Boilerplate Fireblocks Environment and everything looks good… but every single request I make returns this:
{
“message”: “Unauthorized: Error getting User certificate”,
“code”: -7
}
I followed all the steps from the quickstart and the Postman setup guide. Even rechecked the JWT pre-request script, and it’s generating something – just not working with the API.
What I tried:
Made sure I'm in Developer Sandbox
Regenerated secret & API key
Pasted private key correctly (starts with -----BEGIN PRIVATE KEY-----)
Checked no duplicates of variables
Double-checked base URL
Tested with a new API user too
Still stuck — this is my first real hands-on attempt with an enterprise-level API and I’d love to understand what I might be doing wrong.
Any help from the awesome folks here would be really appreciated! related topics here.