Fireblocks Account Integration

Overview

Fireblocks permits API access through API users. This article explains how to:

  • Request the setup items needed from Coinbase Token Manager

  • Create a Fireblocks API user for Coinbase Token Manager

  • Configure Transaction Authorization Policy (TAP) rules for that user

  • Allowlist the relevant contract and token addresses

  • Share the correct credentials back to the Coinbase Token Manager team


Step 1 – Request required setup items

Before creating the Fireblocks API user, request the following from your Coinbase Token Manager onboarding manager.

CSR file

  • Your onboarding manager will provide the certificate signing request (CSR) file that must be uploaded when creating the API user in Fireblocks.

Factory contract address for your network

  • Your onboarding manager will provide the current Coinbase Token Manager factory contract address for the network you are using.

Keep these items handy; you will need them when creating the API user and allowlisting contracts.


Step 2 – Create the Fireblocks API user

Next, create a new API user in Fireblocks using the CSR file you received.

  1. Sign in to your Fireblocks console.

  2. Navigate to the section where you can add an API user.

  3. When creating the API user, set:

    • Name: for example, Coinbase Token Manager API Key (or another internal naming convention)

    • Role: Editor (this is the lowest level of access that still allows Coinbase Token Manager to perform required actions)

    • CSR file: upload the CSR file provided by your onboarding manager

  4. Save the API user and confirm that it has been created successfully.

You will configure TAP rules for this user in the next step.


Step 3 – Configure TAP rules for the API user

After creating the API user, set up Transaction Authorization Policy (TAP) rules that give this user the minimum necessary permissions.

Rule 1 – Contract call

Create a TAP rule with the following characteristics:

  • Type: Contract call

  • Source: the Fireblocks vault that will be used for Coinbase Token Manager

  • Destination: whitelisted addresses only

  • Contract call methods: any, or a restricted subset if your policy requires it

  • Initiated by: the Coinbase Token Manager API user you created

  • Designated signer: any real user in your Fireblocks account (not the API user)

  • Asset: any, unless your internal policy restricts this further

  • Action: approved by your preferred approver group or policy

Rule 2 – Transfer

Create a second TAP rule:

  • Type: Transfer

  • Source: the Fireblocks vault that will be used for Coinbase Token Manager

  • Destination: whitelisted addresses only

  • Initiated by: the Coinbase Token Manager API user

  • Designated signer: any real user in your Fireblocks account (not the API user)

  • Asset: any, with no minimum amount unless your policy dictates otherwise

  • Action: approved by your preferred approver group or policy

Once these TAP rules are configured, publish them so they become active.


Step 4 – Allowlist Coinbase Token Manager contract and token addresses

You must explicitly allowlist Coinbase Token Manager smart contracts and related onchain addresses in Fireblocks.

4.1 – Allowlist the factory contract

For new integrations:

  1. In Fireblocks, add a new whitelisted wallet of type “Contract”.

  2. Set:

    • Name: for example, “Coinbase Token Manager Factory Contract”

    • Gas token: select the gas token appropriate for the network

    • Contract address: use the factory contract address provided by your onboarding manager for your network

If you do not yet have full access to your account or the factory is not deployed for your configuration, coordinate with your onboarding manager and return to this step once the prerequisites are met.

4.2 – Allowlist the vesting (escrow) contract and distribution token

To support actual payouts, you must also allowlist:

  • The escrow (vesting) contract address used by Coinbase Token Manager

  • The token address being distributed

For new accounts, ensure you have:

  • Published at least one token grant in Coinbase Token Manager

  • Published your account on‑chain, so an escrow contract address has been created

In Fireblocks, add the following.

Escrow contract address:

  • Type: Contract

  • Name: for example, “Coinbase Token Manager Escrow Contract Address”

  • Add the escrow contract address and select the correct gas token for the network.

  • Use the escrow contract address surfaced in Coinbase Token Manager.

Distribution token address:

  • Type: External

  • Name: for example, “Coinbase Token Manager Distribution Token Address”

  • Add the token contract address and select the token that will be distributed.

  • Use the token contract address configured for Coinbase Token Manager distributions.

Once these entries are saved, Coinbase Token Manager will be able to interact with the escrow contract and distribution token via the Fireblocks API user, subject to your TAP rules.


Step 5 – Share Fireblocks API credentials with Coinbase Token Manager

To complete the Fireblocks integration, you must share specific details with the Coinbase Token Manager team.

Only share these via a secure channel (for example, a secure note or a private direct message to your onboarding manager). Do not post credentials in group channels or email threads.

You will need to provide the following.

Fireblocks API key

  • Copy this from the API user profile in the Users section of your Fireblocks console.

Fireblocks vault URL

  • This is used to identify the vault ID that will hold your vesting tokens.

  • In Fireblocks, go to Accounts → Vault, open the vault that will be used for Coinbase Token Manager, and copy the URL from your browser.

  • A URL whose path ends with something like /accounts/vault/19 indicates that the vault ID is 19.

Fireblocks API ID

  • Navigate to the vault’s list of tokens and hover over the token you plan to distribute via Coinbase Token Manager.

  • A pop‑up will show the relevant ID; copy that value and include it in your secure note.

Once you have these three pieces of information, send them to your designated Coinbase Token Manager contact via your agreed secure method.


Next steps

After you complete the steps above and share the required details:

  • The Coinbase Token Manager technical team will configure your Fireblocks API user and credentials within your account.

  • They will notify you when the integration is ready and provide guidance on:

    • Running a small test transaction

    • Moving to live payouts once the test is successful


If you need immediate assistance, please contact our support team directly at:

tm-support@coinbase.com

References to third-party services are provided solely for your convenience and do not constitute an endorsement, approval, or recommendation by Coinbase. Coinbase does not control and is not responsible for any third-party services, websites, or content.

If you don't see what you're looking for in our support documentation, you can request a resource to be made by our support team using this form.