New versions of the Qredo API and Signing Agent are now available! To get started, just contact us here.
Qredo Logo

Qredo API

Approve requests

Overview

You can approve transactions and other requests programmatically (without the Signing App). There are two ways to do it: either with the Signing Agent or just with the Qredo API. See the sections below to learn more.

Which method to use?

Both the Qredo API and the Signing Agent allow you to programmatically approve transactions. Below you'll discover some of the differences between these approaches.

Out-of-the-box automation

Approving transactions with the Signing Agent and with the Qredo API share a common mechanism: in both cases requests are retrieved through a WebSocket feed and approved with a BLS signature. However, the Signing Agent provides a higher abstraction level and performs most of the steps automatically out of the box.

Governance logic

You can apply governance logic with both the Signing Agent and native API/WS code. The sequence of events in both cases is:

  • Action initiated.
  • Approval notification received over a WebSocket connection.
  • Custom governance logic applied, which results in approval, rejection, or no action.

The Signing Agent instance takes the approval action: it generates the BLS signature and proxies it to the Qredo API. For non-Signing-Agent implementations, you need to generate BLS signature independently and push approval actions to the Qredo API network directly.

Form-factor considerations

Both approval options offer flexibility across various form factors to adapt to the IT requirements of your organization.

The simplest way to use the Signing Agent is to build and run a persistent Docker image or multiple images from the supplied open-source libraries. Docker images require IT resources to operate. These resources can be supplied across several form factors:

  • Bare metal server — a physical server with dedicated resources.
  • Virtual server — a virtual machine that consumes shared resources through a hypervisor.
  • ‘Serverless’ container — a service such as AWS Elastic Container Service (ECS).

Non-Signing-Agent implementations also require IT resources and can be applied using the form factors mentioned above, in addition to:

  • Function as a Service (FaaS) – A service such as AWS Lambda, which runs code upon trigger events.

Approve with the Signing Agent

The Signing Agent is a service allowing you to programmatically approve or reject transactions according to your own rulesets.

Prerequisites

To start approving with the Signing Agent, take these steps:

  1. Get an API key.
  2. Get an authentication token.
  3. Launch and register the Signing Agent - see Steps 2–4 in Signing Agent: Get started. Make sure to add the API key to your Transaction Policy.

When you start and register the Agent, it automatically generates BLS & EC keys for signing requests and associates itself and the keys with your API key.

Approval flow

The flow for approving transactions with the Signing Agent is quite simple:

  1. Once started, the Signing Agent will start listening to a WebSocket feed that returns transaction requests.
  2. Initiate a transaction.
  3. The Signing Agent will automatically approve or reject the transaction based on the rules you set.

By default, the Signing Agent approves all transactions. If you don't change the default settings and set the Policy Threshold to 1, no additional action is required. You can learn more about this use case in Signing Agent: Get started.

It's not the most typical usage of the Signing Agent. Later you may want to create rules defining when the Signing Agent must approve or reject transactions. You can find an example of governance logic here:

To approve a transaction, the Signing Agent automatically creates and sends a BLS signature.

Approve with the Qredo API

The Qredo API allows you to approve requests programmatically — just use your API key with a BLS signature.

Prerequisites

Before you start signing requests, prepare your API key:

  1. Get an API key.
  2. Get an authentication token.
  3. Register BLS & EC keys.
  4. Add the API key to your Transaction Policy (if you wish to approve transactions).

Approval flow

The approval flow may slightly differ depending on the type of action to approve.

Here are the main steps for approving a transaction:

  1. Open a WebSocket connection: call WSS: Get requests to sign.
  2. Initiate a transaction.
  3. In the WebSocket feed, get the transaction request with messages to sign.
  4. Sign the messages with your BLS private key, as shown in our JavaScript example.
  5. Approve the request with your signature: call Approve or reject an action.

For a detailed example, see Create an EVM transaction.

In others cases, instead of opening a WebSocket connection, you can retrieve the request/action details by its id. For example, see Steps 2–5 in Register your BLS & EC keys.

What's next?

Previous
Get an authentication token
Next
Add the API key to a Transaction Policy