Issuer guide overview
The guide provides the implementation track for issuer teams that integrate the private AMP2 SDK. The page covers account activation through ongoing asset monitoring.
This guide is the implementation track for issuer teams integrating the private AMP2 SDK. It covers every step from account activation to ongoing asset monitoring.
Lifecycle
Before you begin
Complete these prerequisites before starting any issuer flow:
- Issuer account created: an admin has created your issuer account and provided you with invite data.
- Key pairs generated: RSA-2048 and ECDSA P-256 key pairs ready. See Key Management.
- SDK access:
@blockstream/cryptic,@blockstream/amp-registry, and@blockstream/ecs-registryinstalled. See SDK Installation. - Invite data received: device UUID, invite string, one time key, server public keys, and API URL.
- Testnet validated: all flows tested on testnet before mainnet deployment.
Scope
This guide:
- Uses the private AMP2 npm packages (
@blockstream/cryptic,@blockstream/amp-registry,@blockstream/ecs-registry). Additional language bindings are on the roadmap. - Assumes server side integration (the SDK should never run in a browser or mobile app).
- Focuses on AMP2 capabilities only. AMP0 features like assignments, distributions, categories, and manager delegation are not available in AMP2.
What issuers can do
| Capability | Endpoint | Guide page |
|---|---|---|
| Activate account | /account-management/authorize | Authentication |
| Register wallets | /amp/wallet | Wallet Registration |
| Issue assets | /amp/asset | Asset Issuance |
| Send assets | /amp/assets/{aid}/send | Sending Assets |
| Set restrictions | /assets/{aid}/wallets/{wid}/restrictions | Managing Restrictions |
| Reissue supply | /amp/assets/{aid}/reissue | Reissue and Burn |
| Burn supply | /amp/assets/{aid}/burn | Reissue and Burn |
| Lock/unlock | /amp/assets/{aid}/lock | Lock and Unlock |
| Monitor | /amp/wallet/balance, /amp/assets/{aid}/txs | Monitoring |
What issuers cannot do
- View or manage other issuers' assets (permission middleware enforces
asset.issuer == user) - Access investor personal data (AMP2 has no investor records)
- Run AMP0 style assignment/distribution workflows
- Call AMP2 without proper COSE wrapped requests
Page order
Follow the guide pages in order for a complete integration:
Key management
AMP2 requires RSA and ECDSA P-256 key pairs for issuer encryption and request signing. The page explains key generation, format requirements, validation, and rotation.
SDK installation
The AMP2 issuer SDK uses private npm packages for JavaScript and TypeScript. The page explains package access, installation, import patterns, and environment variables.