Development Notes

Two pairs of public and private key functions (API mode)

  • The first pair of public and private keys: The developer shall generate a pair of public and private keys in advance when opening the asset management account. The public key (rsa_third_pub) is provided to the platform and the private key is kept by itself. The private key is the only proof for the third-party application to call the wallet service and shall not be disclosed to anyone. When the third party requests the wallet service, the private key is used to encrypt the request parameters. When the platform receives the request, the public key (rsa_third_pub) is used to decrypt the request data.

  • The second pair of public and private keys: After the developer opens the asset management account, the platform will provide the wallet public key (rsa_wallet_pub) to the developer. When the third-party application receives the response data or asynchronous notification of the wallet, it needs to use the public key to decrypt.

Why is it necessary to confirm the withdrawal twice (API method)

When the wallet service receives a request from a third-party application, in confirm that the request is a legitimate request from a third-party application, it will call the interface provided by the third-party to confirm. To a certain extent, this process can avoid the influence caused by the loss of the third party’s private key, and also provides an effective barrier for the security of the wallet service.

Production domain name (https://openapi.chainup.com/)test environment not supported
app_id:Please get it after creating the wallet
rsa_wallet_pub:Custody system public key; Please create the wallet and get it from the Custody system
rsa_third_prv:Client private key; Independent generation and preservation
rsa_third_pub:Client public key; Autonomous generation; Please create the wallet and configure it to the Custody system

Recommended password length:2048

Recommended key format:PKCS#8

openssl genrsa -out rsa_private_key.pem 2048

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key_2048.pem

openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform pem -nocrypt -out private_pkcs8.pem

Account preparation

The developer prepares the following information:

  1. Generate a pair of public and private keys.

  2. IP address of the third-party application server.

  3. Recharge and withdrawal callback notification URL.

  4. Withdrawal secondary confirmation URL.

Once you are ready, please visit the Custody Web Portal - Cloud System, select your wallet, and navigate to the API Management feature. Fill in the required information according to the system’s instructions and create your API.

Only the wallet creator can edit the API information.

Once created successfully, you will receive the unique identifier for the merchant: app_id.

After successfully creating the API, please visit the API details to enter the developer’s public key information and complete the API configuration.

Interface Process

Documentation is the interface that the wallet service provides to third-party applications.

The interface providers in the following documents are referred to as wallet services,and the interface callers are referred to as third-party applications. When the third-party application requests the wallet service, it encrypts the request parameters through the RSA algorithm and decrypts the response data after receiving the wallet service

ChainUp Custody needs access to the third-party applications for second confirmation. Therefore, it’s necessary to add the IP to the security group or whitelist of the ChainUp Custody server. Below are the IP addresses for Custody:

  1. Inbound: Allow access from the Custody server (IP: 54.254.7.206) to the third-party applications.

  2. Outbound: The third-party applications server needs to access the Custody server, so grant permission to access 54.251.87.91:443.

Interface rules

Transfer mode:https(HTTP is temporarily used in the test environment)
Signature field:All Required fields, except the Sign field, need to be signed
The response status code is:0, indicating successful processing, and non-0 indicates request error or system exception
Request address:domain name + interface address
Encryption algorithm:RSA, See API List- Overview for details

Was this page helpful?