Blockstream Enterprise Custody SDK
Issuer Guide (SDK)

Issuer guide overview

The guide provides the implementation track for issuer teams that integrate the private AMP2 SDK. The page covers account activation through ongoing asset monitoring.

This guide is the implementation track for issuer teams integrating the private AMP2 SDK. It covers every step from account activation to ongoing asset monitoring.

Lifecycle

Receive invite Authorize device Register wallets Issue asset Send to investors Manage restrictions Reissue / burn / lock Monitor state

Before you begin

Complete these prerequisites before starting any issuer flow:

  1. Issuer account created: an admin has created your issuer account and provided you with invite data.
  2. Key pairs generated: RSA-2048 and ECDSA P-256 key pairs ready. See Key Management.
  3. SDK access: @blockstream/cryptic, @blockstream/amp-registry, and @blockstream/ecs-registry installed. See SDK Installation.
  4. Invite data received: device UUID, invite string, one time key, server public keys, and API URL.
  5. Testnet validated: all flows tested on testnet before mainnet deployment.

Scope

This guide:

  • Uses the private AMP2 npm packages (@blockstream/cryptic, @blockstream/amp-registry, @blockstream/ecs-registry). Additional language bindings are on the roadmap.
  • Assumes server side integration (the SDK should never run in a browser or mobile app).
  • Focuses on AMP2 capabilities only. AMP0 features like assignments, distributions, categories, and manager delegation are not available in AMP2.

What issuers can do

CapabilityEndpointGuide page
Activate account/account-management/authorizeAuthentication
Register wallets/amp/walletWallet Registration
Issue assets/amp/assetAsset Issuance
Send assets/amp/assets/{aid}/sendSending Assets
Set restrictions/assets/{aid}/wallets/{wid}/restrictionsManaging Restrictions
Reissue supply/amp/assets/{aid}/reissueReissue and Burn
Burn supply/amp/assets/{aid}/burnReissue and Burn
Lock/unlock/amp/assets/{aid}/lockLock and Unlock
Monitor/amp/wallet/balance, /amp/assets/{aid}/txsMonitoring

What issuers cannot do

  • View or manage other issuers' assets (permission middleware enforces asset.issuer == user)
  • Access investor personal data (AMP2 has no investor records)
  • Run AMP0 style assignment/distribution workflows
  • Call AMP2 without proper COSE wrapped requests

Page order

Follow the guide pages in order for a complete integration:

  1. SDK Installation
  2. Authentication
  3. Wallet Registration
  4. Asset Issuance
  5. Sending Assets
  6. Managing Restrictions
  7. Reissue and Burn
  8. Lock and Unlock
  9. Monitoring
  10. Best Practices

On this page