Connect your Fireblocks workspace to Corsa to synchronize vault account activity, deposit addresses, and transactions into your Corsa compliance workspace.
How It Works
- Secure Setup - Corsa generates an RSA key pair and a certificate signing request (CSR). You upload the CSR in Fireblocks and provide the resulting API User ID back to Corsa.
- Scheduled Sync - Corsa periodically reads Fireblocks vault accounts, deposit addresses, supported assets, and transactions.
- Real-Time Webhooks - Fireblocks sends configured webhook events to Corsa for new transactions, status changes, new vault accounts, and new vault assets.
- Entity Mapping - Corsa maps Fireblocks data into corporate and individual clients, blockchain wallets, deposits, withdrawals, vault-to-vault transfers, and pre-created trade transaction legs.
- Ongoing Updates - Repeated syncs and webhook events upsert existing Corsa records by stable reference IDs, reducing duplicates.
What Gets Synced
Vault Accounts and Clients
Fireblocks vault accounts are linked to Corsa clients. Corsa resolves the client for each vault account in the following order:
- Vault-level mapping via
customerRefId — If the Fireblocks vault account has a customerRefId, Corsa looks up a client by that value (treated as a Corsa client id or referenceId). This is the most precise mapping and takes precedence over all other methods.
- Workspace-level mapping via
fireblocksWorkspaceId — If the vault has no customerRefId, Corsa checks whether any Corsa client has integrations.fireblocksWorkspaceId set to the current Fireblocks workspace ID. When found, all unmapped vaults in that workspace are associated with that client. This is the recommended approach for multi-workspace setups where all vaults in a workspace belong to the same client.
- No mapping — If neither method resolves a client, the vault is skipped for wallet and transaction sync. Transactions from that vault can still update pre-created Corsa transactions when
externalTxId is used (see Pre-Created Transaction Linking).
Both corporate and individual clients support workspace-level mapping. Each Fireblocks workspace ID may be assigned to at most one Corsa client.
Pre-creating clients in Corsa is the recommended setup for vault mapping.
Deposit Addresses and Wallets
For mapped vault accounts, Corsa imports Fireblocks deposit addresses as blockchain wallets.
- Wallets are keyed by the Fireblocks vault account, asset, and address.
- Wallets are associated with the owning client.
- If a Fireblocks address has its own
customerRefId, that value takes precedence over the vault-level client association.
- Corsa resolves the blockchain network from the Fireblocks asset ID when possible.
- Corsa imports vault deposit addresses. Fireblocks address-book wallets are not imported as standalone wallet records.
Transactions
Corsa reads Fireblocks transactions where a synced vault account is the source or destination.
- Incoming vault transactions become Corsa deposits.
- Outgoing vault transactions become Corsa withdrawals.
- Vault-to-vault transactions between two mapped vaults become Corsa transfers.
- If a vault-to-vault transaction cannot be linked to Corsa clients on both sides, Corsa skips transfer creation for that transaction.
- Fireblocks transaction
customerRefId, when present, takes precedence over the vault-level client for transaction association.
- Fireblocks status, sub-status, operation, note, transaction ID, and
externalTxId are preserved as transaction metadata.
- Fireblocks
txHash is stored on the Corsa transaction when present.
- Corsa does not create new trade operations from Fireblocks transactions. Trade transaction legs are updated only when you pre-create them in Corsa and set Fireblocks
externalTxId.
Workspace-Level Client Mapping
For setups where all vault accounts in a Fireblocks workspace belong to the same Corsa client, you can use workspace-level mapping instead of setting customerRefId on every vault.
Finding your Fireblocks Workspace ID
The Fireblocks workspace ID (also called tenant ID) uniquely identifies your Fireblocks workspace. To find it:
- Open the Fireblocks Console.
- Go to Settings → General.
- Locate the Workspace ID field. It is a UUID such as
a1b2c3d4-e5f6-7890-abcd-ef1234567890.
- Copy the value.
The workspace ID also appears in Fireblocks webhook payloads as tenantId (V1 format) or workspaceId (V2 format). You can verify the correct value by inspecting any webhook event from that workspace.
Setting the workspace ID on a Corsa client
Use the Corsa API to assign the Fireblocks workspace ID to the client that should own all vault accounts in that workspace.
Corporate client:
curl -X PUT https://api.corsa.finance/v1/clients/corporates/{clientId} \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"integrations": {
"fireblocksWorkspaceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
}'
curl -X PUT https://api.corsa.finance/v1/clients/individuals/{clientId} \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"integrations": {
"fireblocksWorkspaceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
}'
{clientId} with the Corsa client UUID or reference ID, {token} with your Corsa API token, and the workspace ID with the value from the Fireblocks Console.
Behavior once set
- All vault accounts in that workspace without
customerRefId are automatically mapped to this client for wallet and transaction sync.
- Vaults that do have
customerRefId continue to map to their specific client — customerRefId always takes precedence.
- Each workspace ID is unique across your Corsa platform — it cannot be assigned to more than one client (corporate or individual).
Removing or reassigning the mapping
To clear the workspace mapping from a client, set fireblocksWorkspaceId to null:
curl -X PUT https://api.corsa.finance/v1/clients/corporates/{clientId} \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"integrations": {
"fireblocksWorkspaceId": null
}
}'
409 Conflict error.
Multi-Workspace Support
Corsa supports connecting multiple Fireblocks workspaces to a single Corsa platform. Each connected workspace operates independently:
- Vault accounts, wallets, and transactions from each workspace are processed separately.
- Credentials and webhook signatures are resolved per workspace.
- Workspace-level client mapping (
fireblocksWorkspaceId) applies only within the workspace it is configured for — a client mapped to workspace A does not receive vault data from workspace B.
To add a second workspace, create a new Fireblocks integration in Corsa (via Developers Hub → Integrations → Fireblocks). Each workspace integration gets its own CSR, API user, and webhook URL in Fireblocks.
When using customerRefId on vaults, the value is resolved against the Corsa platform for the workspace that owns the vault — there is no cross-workspace client lookup.
Pre-Created Transaction Linking
For flows where Corsa is the system of record, create the Corsa transaction first, then submit the Fireblocks transaction with externalTxId set to that Corsa transaction id or referenceId.
Use this flow with Fireblocks vaults that do not have customerRefId and are not covered by a workspace-level mapping. When Corsa later receives that Fireblocks transaction:
- Corsa finds the matching deposit transaction, withdrawal transaction, or trade transaction leg.
- Corsa updates Fireblocks details such as
txHash, metadata, and status.
- If the match is a trade transaction leg, Corsa updates the leg and recalculates the parent trade status.
- Corsa does not overwrite customer-supplied fields such as amount, currency, source, destination, or trade side.
- If there is no matching Corsa transaction and the Fireblocks vault is not mapped to a client, the event is skipped.
If the vault has customerRefId or a workspace-level mapping, Fireblocks transactions create or update Corsa deposits and withdrawals instead. In that mapped-vault flow, externalTxId becomes the Corsa operation reference ID and does not update trade legs.
Trade Leg Updates
Fireblocks does not create new Corsa trade operations. To link a Fireblocks execution to a trade leg, create the trade and its transaction leg in Corsa first, use a Fireblocks vault without customerRefId and without a workspace-level mapping, and set Fireblocks externalTxId to the Corsa trade leg transaction id or referenceId.
When Fireblocks status changes, Corsa updates the trade leg and recalculates the parent trade status.
Sync Modes
| Mode | Description |
|---|
| Full Sync | Re-reads vault accounts, deposit addresses, supported assets, and all transaction history. Use for initial onboarding, historical backfill, or reconciliation. |
| Partial Sync | Re-reads vault accounts and deposit addresses, then reads only transactions created after the last successful sync timestamp. Used for scheduled updates. |
Real-Time Webhooks
Configure Fireblocks to send these events to the webhook URL Corsa provides:
| Event | What Corsa Does |
|---|
transaction.created | Creates or updates the matching deposit/withdrawal for mapped vaults, or updates a pre-created Corsa transaction when the vault is unmapped and externalTxId matches. |
transaction.status.updated | Re-processes the transaction with the latest Fireblocks status. Trade parent status is recalculated when the update applies to a pre-created trade leg. |
vault_account.created | New vaults are picked up by the next scheduled or manual sync. Set customerRefId on the vault, or configure a workspace-level mapping, so Corsa can associate it with a client. |
vault_account.asset.added | Imports deposit addresses for the new vault asset as blockchain wallets when the vault is linked to a client. |
Status Mapping
| Fireblocks Status | Corsa Status |
|---|
COMPLETED | Success |
FAILED, BLOCKED, REJECTED | Failed |
CANCELLED | Cancelled |
SUBMITTED, PENDING_AML_SCREENING, PENDING_AUTHORIZATION, QUEUED, PENDING_SIGNATURE, BROADCASTING, CONFIRMING, and other in-progress states | Pending |
API Access
Use the Corsa API to read or manage Fireblocks-linked records. Relevant endpoints include:
| Purpose | Endpoint |
|---|
Create or upsert corporate clients referenced by Fireblocks customerRefId | POST /v1/clients/corporates?upsert=true |
| Create or upsert individual clients | POST /v1/clients/individuals?upsert=true |
| Set workspace-level mapping on a corporate client | PUT /v1/clients/corporates/{clientId} |
| Set workspace-level mapping on an individual client | PUT /v1/clients/individuals/{clientId} |
| Create or upsert blockchain wallets | POST /v1/blockchain-wallets?upsert=true |
| Create or upsert deposits | POST /v1/operations/deposits?upsert=true |
| Create or upsert withdrawals | POST /v1/operations/withdrawals?upsert=true |
| Create or upsert transfers | POST /v1/operations/transfers?upsert=true |
| Create or upsert trades | POST /v1/operations/trades?upsert=true |
Retrieve a transaction by Corsa id or referenceId | GET /v1/transactions/{id} |
| Update Fireblocks details on a transaction | PUT /v1/transactions/{id} |
| Append a transaction status update | PUT /v1/transactions/{id}/updateStatus |
Setup Guide
Prerequisites
- A Fireblocks workspace with permission to create API users and configure webhooks.
- Owner access to the Corsa application.
- Corsa clients created ahead of time if you want Fireblocks
customerRefId values or workspace-level mapping to link vault data to specific clients.
Step 1 - Create the Integration in Corsa
- Log in to Corsa.
- Go to Developers Hub → Integrations.
- Click Configure on the Fireblocks card.
- Configure the Polling Interval. The default is 10 minutes.
- Create the integration.
Corsa will generate:
- A Certificate Signing Request (CSR) for Fireblocks API authentication
- A Webhook URL for Fireblocks events
- The list of webhook events to enable
Step 2 - Create an API User in Fireblocks
- Open the Fireblocks Console.
- Go to Settings → API Users.
- Create a new API user.
- Upload the CSR file generated by Corsa.
- Grant the API user read access for vault accounts, vault assets and addresses, supported assets, and transactions.
- Copy the API User ID that Fireblocks provides.
- In the Fireblocks Console, go to Settings → Webhooks.
- Add the webhook URL generated by Corsa.
- Enable
transaction.created, transaction.status.updated, vault_account.created, and vault_account.asset.added.
- Save the webhook configuration.
Step 4 - Complete Setup in Corsa
- Return to the Fireblocks integration setup in Corsa.
- Enter the Fireblocks API User ID.
- Save the integration.
After setup is complete, Corsa schedules the first sync and starts processing Fireblocks webhook events.
Step 5 - Map Vaults to Clients
Choose the mapping approach that fits your setup:
Option A — Vault-level mapping (recommended for precise control)
Set customerRefId on each Fireblocks vault account to the Corsa client id or referenceId that owns that vault. This gives per-vault control and works for both single and multi-workspace setups.
Option B — Workspace-level mapping (recommended for multi-workspace setups)
Set integrations.fireblocksWorkspaceId on the Corsa client to the Fireblocks workspace ID. Find the workspace ID in the Fireblocks Console under Settings → General. All vaults in that workspace without customerRefId are automatically mapped to this client.
Both approaches can be combined: vaults with customerRefId use vault-level mapping; vaults without it fall back to the workspace-level mapping.
Security
- CSR-based API authentication ensures the Fireblocks private key is generated and stored by Corsa.
- Webhook signatures are cryptographically verified on every incoming event.
- API credentials are securely stored and encrypted.
- All communication uses HTTPS/TLS.
Troubleshooting
| Issue | Resolution |
|---|
| Integration stuck on “Pending Setup” | Upload the Corsa-generated CSR in Fireblocks, create the API user, and enter the resulting API User ID in Corsa. |
| Vault wallets are missing | Confirm the Fireblocks vault account has customerRefId set to a Corsa client id or referenceId, or that the Corsa client has integrations.fireblocksWorkspaceId set to this workspace’s ID. |
| Transactions are not appearing | Confirm the transaction involves a mapped vault account, or set Fireblocks externalTxId to an existing Corsa transaction id or referenceId. |
| Vault-to-vault transfers are not appearing | Confirm both source and destination vaults resolve to Corsa clients (via customerRefId or workspace-level mapping). |
| Webhooks are not received | Confirm the webhook URL matches the Corsa-generated URL and all required event types are enabled in Fireblocks. |
| Status is not changing | Confirm Fireblocks sends transaction.status.updated events and that the Corsa transaction can be matched by vault ownership or externalTxId. |
| Trade status is not changing | Use a Fireblocks vault without customerRefId and no workspace-level mapping, then set externalTxId to the Corsa trade transaction leg id or referenceId. Mapped vaults do not update trade legs. |
| Workspace-level mapping not working | Confirm integrations.fireblocksWorkspaceId on the Corsa client matches the Fireblocks workspace ID exactly (visible in Fireblocks Console under Settings → General). Workspace-level mapping only applies to multi-workspace integrations where Corsa receives the workspace ID from Fireblocks. |
Corsa offers native integrations with leading compliance, blockchain analytics, and custody providers. See all integrations or schedule a demo to see how Corsa fits into your stack. 
