Developer Hub home pagelight logodark logo
  • Log In
  • Explore Cobo
  • Log In
FAQ
FAQ about WaaS
DocumentationGet StartedAPI References
    Overview
  • Quickstart
  • Authentication
  • Get Testing Coins
  • API Playground
    • Development
  • Error Codes
  • Transaction Notification
  • Withdrawal Confirmation
  • Cobo Callback Signature
    • SDKs

  • WaaS

  • Cobo Safe

    • Tools
  • Cobo Safe Python Kit
  • MPC Recovery Kits
    • FAQ
  • FAQ about WaaS
FAQ

FAQ about WaaS

Frequently Asked Questions about WaaS

coin is Cobo’s internal coin code, which uniquely identifies each coin, while display_code is the ticker symbol of a coin (not unique, changeable, for reference only ). description indicates the full name of a coin (not unique, changeable, for reference only ).For example: Tron was an ERC-20 token before launching its own mainnet and token. The ERC-20 and Tron mainnet tokens would share the same display_code and description, but have different coin values.

In the cryptocurrency world, each coin has a smallest unit. For example, Bitcoin’s smallest unit is Satoshi; 1 BTC = 100,000,000 Satoshi. Cobo expresses amounts in terms of the smallest unit of the coin. This is to avoid problems caused by the misuse of floating numbers. Therefore, when transferring 1 BTC, the amount in the transaction is 100,000,000. In other words, abs_amount is used to indicate the same thing in real numbers. Clients may configure according to their own preferences. The conversion relation between them is: abs_amount = amount / pow(10, decimal)

GET /v1/custody/new_addresses/ You may utilize this interface to generate addresses in batches. (For a single request, this interface can generate up to 200 addresses. Please refer to your package details to understand the current supported address quantity based on your plan.)

GET /v1/custody/is_valid_address/ You may visit this interface to validate the legitimacy of an address. If the result is ‘false,’ then the address is deemed invalid. For further information, you can refer to our API documentation at: https://www.cobo.com/developers/api-references/custody-wallet/is_valid_address

GET /v1/custody/pending_transactions/ This interface allows you to query transaction details for withdrawal currencies. Input the desired currency in the ‘Coin’ field. For tokens, ensure to include the main chain’s information, and if uncertain about the coin code, you can confirm it with our customer service. The ‘Side’ field is used to specify the transaction type, where ‘deposit’ corresponds to deposits. You can directly access this interface via the following link: https://www.cobo.com/developers/api-references/custody-wallet/pending_transactions

GET /v1/custody/transactions_by_request_ids/ You can use this interface to view transaction details for bulk withdrawals. The request IDs should be provided in the ‘request_ids’ parameter of the GET request as a comma-separated string. The maximum number of request IDs that can be provided is 50. https://www.cobo.com/developers/api-references/custody-wallet/transactions_by_request_ids

The withdrawal fee will change in real-time according to the situation on the blockchain. You can use the ‘abs_estimate_fee’ field in the GET /v1/custody/coin_info interface to query the current estimated withdrawal fee.

GET /v1/custody/new_addresses/ You can utilize the ‘minimum_deposit_threshold’ field in this interface to query the minimum deposit amount. If it returns 0, there is no minimum deposit requirement

You may use this interface GET /v1/custody/pending_transactions/ for inquiries, or you can go to the web end - Wallet - Transactions to view it.

API withdrawal is mainly for exchanges and large institutions, and it is done through backend code without the need for human intervention. Web-end withdrawal requires manual operation and will also go through a complete risk control process.

Hello, signature verification and IP whitelist are recommended to be efficient when accepting callbacks, which can simply and greatly improve security. Cobo signature verification can be obtained on the hosting web management interface - wallet - API callback page. How to verify can refer to the document: https://www.cobo.

Cobo Prod export IP: 54.201.57.0, please add it to your whitelist to receive Cobo’s callback push.

Hello, from the perspective of security, Cobo uses the ECDSA signature algorithm for verification. It is recommended that you generate the public and private keys locally, and Cobo will not know/save your private key. After you generate the public and private keys locally, you can maintain the public key in the web management interface [Wallet - API]. For private key generation, signature and signature verification, please refer to the Sample provided by Cobo: https://github.com/CoboGlobal/, and for API related documents, please refer to: https://www.cobo.com/developers/custodial-wallet/introduction

Hello, the maximum number of pushes for API transaction notifications is 14 times. The interval time is in an increasing state. It is 10 minutes at the beginning, and it will increase with time later, 1 hour, 2 hours, etc.

Your company has configured an API_KEY in the security risk control, but has not configured the [Secondary Callback Server Address]. API link: https://doc.custody.cobo.com/#9a7cef1ae8 Considering the single-point risk faced by a single API server, we strongly recommend that you enable and configure a secondary confirmation callback internally, and maintain a separate callback server. First, risk isolation, multiple servers are used for secondary confirmation. Second, enabling the secondary callback is also a very effective internal security risk control measure. Once the secondary callback has an exception, Cobo’s 24/7 customer service will also promptly remind you to check whether there is an exception in your internal business logic, provide early warning, and identify and block related abnormal withdrawals earlier, enhancing the security protection of your asset withdrawal. The password of your custodial account, 2FA and Cobo Auth verification, ensure the multiple confirmations of your account and the initiation of withdrawals on the web end. Maintaining a separate secondary callback URL can ensure the multiple security of your internal server, so from a security perspective, we strongly recommend that you enable it.

As for the secondary callbacks,we consider the risk isolation. Based on our historical experience in custodial services, maintaining a server with business logic poses a significant risk. We suggest you enable callbacks based on multi-layered risk control considerations. From the perspective of your platform, your platform has a large trading volume. For the withdrawal behavior of the platform, it is necessary to carry out secondary withdrawal confirmation. ’ We have also served many platform-type customers. From a safety perspective, we hope that you will conduct a more comprehensive internal assessment.

Considering forward compatibility, Cobo will not actively callback for currently failed transactions (callbacks will be pushed for pending and successful ones), and it depends on the customer to poll the withdrawal request status. There could be various reasons for withdrawal failures: Network issues, insufficient balance, illegal addresses, etc., which are directly returned errors.

(The following failures are exceptions) After the withdrawal is initiated successfully, the withdrawal is confirmed by a secondary callback as deny/no response. Web/AUTH manual review rejection. Some transaction information is filled in incorrectly, such as memo errors, the other party’s address has on-chain verification and cannot be on-chain.

  1. Need to check if it is enabled: ""Transaction Notification - Includes Block Confirmation Number Status"" in API callback https://doc.custody.cobo.com/#913378a003
  2. If 1 is enabled, if it is the TRON chain of the transaction, the confirmation on the chain may be too fast, so it is not in pending, it is in the successful tx table, you can use a coin type with a longer pending for joint debugging,such as ETH, BTC.”

It needs in hex format. You can use the API Key private key (API SECRET) generated locally, sign the data with the private key using ECDSA, and hex encode the binary result. This generates the final signature used for verification with the API server (you can refer to the Cobo routine: https://github.com/cobowallet/

When not bound to an IP whitelist, the validity period for each key is 90 days. After binding to an IP whitelist, the key is permanently valid

Please check if you have administrator privileges, as only administrators can configure.

“There are several main reasons for signature verification failure, and you can also exclude the first few on your side to see:

  1. Have you maintained your public key on the correct environment (Prod/Sandbox) Custody Web? And is the API Key type correct? (There are three types of API Keys, ""query"", ""withdrawal and query"", ""operation and query"", please make sure you are using the correct type of API Key)
  2. Have you used the correct HOST: Sandbox: https://api.dev.cobo.com, corresponding web page: Sandbox: https://home.dev.cobo.com/ Production: https://api.custody.cobo.com, corresponding web page: Prod: https://home.custody.cobo.com/
  3. Does the parameter (such as memo) contain spaces, special characters, please remove them After excluding the above problems:
  4. Please provide both the parameters and return values for problem analysis. ”
MPC Recovery KitsGet Account Details
twittergithublinkedin
Powered by Mintlify