Getting Started
Start here to install the Blockstream Enterprise Custody JavaScript SDK, onboard a device, and make your first authenticated request with the built-in broadcaster helpers.
The Blockstream Enterprise Custody JavaScript SDK lets your application exchange encrypted requests and responses with the Custody Engine while still working with normal TypeScript objects in application code.
At a high level:
@blockstream/cryptichandles signing, encryption, decryption, and COSE messages@blockstream/ecs-registryprovides typed ECS schemas@blockstream/amp-registryextends that model for AMP and tokenization flows on Liquid
Start in this order
- Complete Setup and Installation
- Finish your onboarding flow
- Use Making Requests to send authenticated ECS requests
Core concepts
Every authenticated request uses a dual-key model:
| Key | Algorithm | Purpose |
|---|---|---|
| ECDSA (P-256) | ES256 | Sign client requests and verify server data |
| RSA (2048-bit) | RSA-OAEP | Encrypt and decrypt request or response data |
The SDK hides the binary protocol details so your application can work with typed payloads rather than raw COSE bytes.
Minimal flow
import { Buffer } from 'buffer'
import { Blockstream } from '@blockstream/cryptic'
import { Broadcaster } from '@blockstream/cryptic/broadcaster'
const client = new Blockstream(
clientRsaPrivateKeyPem,
Buffer.from(clientEcdsaPrivateKeyHex, 'hex'),
deviceUuid,
serverRsaPublicKeyPem,
Buffer.from(serverEcdsaPublicKeyHex, 'hex'),
)
const broadcaster = new Broadcaster(ECS_BASE_URL, client)
const result = await broadcaster.processBroadcast({
action: 'get',
resource: '/wallets',
})
console.log(result)