New versions of the Qredo API and Signing Agent are now available! To get started, just contact us here.
Qredo Logo

Qredo API

Register BLS & EC keys

Overview

This guide explains how to generate BLS and EC keys and register them (associate them with your API key).

Registering your BLS and EC keys is a prerequisite for programmatically approving transactions with the Qredo API.

Learn how to securely store your BLS private key and other sensitive data: Security best practices

Prerequisites

Before you start, take these steps:

  1. Get an API key.

  2. Get an authentication token.

  3. In the Qredo Web App, navigate to your Workspace and copy the Workspace ID from the URL:

    https://qredo.network/app/workspace/{workspaceID}

Step 1: Generate BLS & EC keys

To generate BLS and EC private/public key pairs, you can use our JavaScript example.

Follow the instructions before the example to prepare it for usage. Then run the code and copy the following:

  • Your BLS private key
  • The request body with the BLS and EC public keys

You'll need your BLS private key to approve transactions. Make sure to take a copy of it.

Learn how to securely store your BLS private key and other sensitive data: Security best practices

Step 2: Initiate the API key update

Call Update an API key:

PUT https://api-v2.qredo.network/api/v2/workspaces/{workspaceID}/apikeys/{keyID}

  1. Query parameters:

  2. Body parameters: In the body, specify the BLS and EC public keys obtained in Step 1:

{
  "blsPublicKey": YOUR_BLS_PUBLIC_KEY,
  "ecPublicKey": YOUR_EC_PUBLIC_KEY
}

  1. Authentication: Pass the auth token as x-token in the request header.

  2. Result: The API key update is awaiting approval. Copy the returned actionID — the ID of update request (action).

Step 3: Get the update request

Now you need to get the API key update request — in the next step you'll sign it with your BLS private key.

Call Get an action:

GET https://api-v2.qredo.network/api/v2/actions/{actionID}

  1. Query parameters: In the query, replace {actionID} with the action ID obtained in Step 2.

  2. Authentication: Pass the auth token as x-token in the request header.

  3. Result: Copy the content of the messages array.

    Here is an example response for this endpoint:

    {
    "actionSubject": {
        "name": "",
        "type": "workspace",
        "workspace": {
            "name": "",
            "portfolioID": ""
        }
    },
    "actionedTime": 0,
    "approverID": "a.48wq3YZk8TVvfJMEqkDJc5LPrvB7fqh9WDkkcemu6sQ3",
    "description": "",
    "expireTime": 1696776447,
    "id": "2WU2TkDYIz19ijXBrr4rKoNWnPk",
    "messages": [
        "08021220a3d1496bb644e4cf4607c94724d5ca288b1799bda647cb610d5a772fb39af82b4a403335363632323432646461663965386430663037383061316663666665353864383531363530326330356264386431666262646338633537383966303739336162201d5aedcf790995e27826e7f10299625cb332e0eef8c61cfccbd54770e6aee0b768108a01ca020a4033353636323234326464616639653864306630373830613166636666653538643835313635303263303562643864316662626463386335373839663037393361324104abec19d75cacecdd93d4a45aecd3438b7f01aaa0645c04cf18ee377e575b70cfecdb9e1aab887b9fb9973ff7ae7cd0bde9afcd67b5a2f1d918e4aef9adf0f98d380142c0010591f874aa88bc1bd06a24c3a0e274b174d4b8ca465635adf9a1b45c99d03387f1756bd0274088cd783d3998bb8d383a0e54ec4be1f4080f8ff46cba17d05b1007e7be59a2adcf81f68a8e22c6ed91d4515960d4d10573d8f5ec8d265f8f154e05391c23f4c27350b71271eb420fe160d28cbc24711de2859d033ee498152b7b9b95065cf8599b6bda4c39e06ac33fa5174d6403747eab2d1e484e1e47ff7837b65e2519456fc34008e36a58780037a5001eb962b54d589647280942c4216bf2"
    ],
    "metadata": "e30=",
    "payload": "eyJzZWVkIjogbnVsbCwgInByb2ZpbGVJRCI6ICJhLjQ4d3EzWVprOFRWdmZKTUVxa0RKYzVMUHJ2QjdmcWg5V0Rra2NlbXU2c1EzIiwgImVjUHVibGljS2V5IjogIkJLdnNHZGRjck96ZGs5U2tXdXpUUTR0L0FhcWdaRndFenhqdU4zNVhXM0    RQN051ZUdxdUllNSs1bHovM3JuelF2ZW12eldlMW92SFpHT1N1K2EzdytZMD0iLCAid29ya3NwYWNlSUQiOiAiIiwgImJsc1B1YmxpY0tleSI6ICJCWkg0ZEtxSXZCdlFhaVREb09KMHNYVFV1TXBHVmpXdCthRzBYSm5RTTRmeGRXdlFKMENJelhnOU9aaTdq    VGc2RGxUc1MrSDBDQStQOUd5NkY5QmJFQWZudmxtaXJjK0I5b3FPSXNidGtkUlJXV0RVMFFWejJQWHNqU1pmanhWT0JUa2NJL1RDYzFDM0VuSHJRZy9oWU5LTXZDUnhIZUtGb    lFNKzVKZ1ZLM3VibFFaYytGbWJhOXBNT2VCcXd6K2xGMDFrQTNSK3F5MGVTRTRlUi85NE43WmVKUmxGYjhOQUNPTnFXSGdBTjZVQUhybGl0VTFZbGtjb0NVTEVJV3Z5IiwgIndvcmtzcGFjZU5hbWUiOiAiIn0=",
    "preAuthorized": false,
    "senderID": "a.48wq3YZk8TVvfJMEqkDJc5LPrvB7fqh9WDkkcemu6sQ3",
    "status": 1,
    "timestamp": 1696772847,
    "type": 42
}

Step 4: Sign the request

Sign the message(s) copied in Step 3 with your BLS private key generated in Step 1. You can use our JavaScript example.

Follow the instructions before the example to prepare it for usage. Then run the example and copy the returned signature.

Step 5: Approve the update

To approve the API key update, you need to send the signed request.

Call Approve or reject an action:

POST https://api-v2.qredo.network/api/v2/actions/{actionID}

  1. Query parameters: In the query, replace {actionID} with the action ID obtained in Step 2.

  2. Body parameters:

    • Set status to approved to approve the action.
    • Specify the signature obtained in Step 4.
    {
  "status": "approved",
  "signatures": [ 
      "YOUR_SIGNATURE"
  ]
}

  3. Authentication: Pass the auth token as x-token in the request header.

  4. Result: Now your keys are registered!

What's next?

To start approving transactions, you also need to add your API key as a Member to a new or an existing Transaction Policy. Learn more: Add the API key to a Transaction Policy.

Previous
Manage Workspaces
Next
Security best practices