HSM

Hardware Security Module — Thales Luna Cloud (DPoD)

Create HSM key pair

post

Generates an Ed25519 key pair on the HSM partition. Returns the Zetrix address and raw public key hex. The returned address is used as the identifier for subsequent sign requests.

Authorizations

AuthorizationstringRequired

Bearer access token. Include in all requests as: Authorization: Bearer <your_access_token>

Body

Request to create an HSM-backed Ed25519 key pair

labelstringOptional

Optional caller-supplied label suffix. Final key label = ZETRIX_ if provided, else ZETRIX_.

Example: my-wallet-key

purposestringOptional

Optional purpose description for this key

Example: payment-signing

passwordstring · min: 8 · max: 128Required

User password used to encrypt the HSM key label in DB storage

Example: s3cur3P@ssw0rd

Responses

200

*/*

successbooleanOptional

timestampstring · date-timeOptional

traceIdstringOptional

post

/ztx/hsm/create-account

POST /ztx/hsm/create-account HTTP/1.1
Host: api-sandbox.zetrix.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 81

{
  "label": "my-wallet-key",
  "purpose": "payment-signing",
  "password": "s3cur3P@ssw0rd"
}

200

{
  "object": {
    "publicKeyHex": "b9f5d8a2c1e4f7a3b6d9e2f5a8c1d4e7f0a3b6c9d2e5f8a1b4c7d0e3f6a9b2c5",
    "zetrixAddress": "ZTX3Jdej3CKtCrBSTxQttVfndVHLLEZrvX2uD"
  },
  "messages": [
    {
      "type": "INFO",
      "errorCode": 1,
      "message": "text"
    }
  ],
  "success": true,
  "timestamp": "2026-05-08T02:56:00.344Z",
  "traceId": "text"
}

Sign blob with HSM

post

Signs a hex-encoded transaction blob using the HSM-stored Ed25519 private key identified by the Zetrix address. The returned SignerEntity can be used directly in /tx/submit or /contract/submit.

Authorizations

AuthorizationstringRequired

Bearer access token. Include in all requests as: Authorization: Bearer <your_access_token>

Body

Request to sign a transaction blob using the HSM

blobstringRequired

Hex-encoded transaction blob to sign (obtained from /tx/generate-blob or /contract/generate-blob)

Example: 0A255A5458334A64656A33434B7443724253547851747456666E6456484C4C455A72765832754410...

passwordstring · min: 8 · max: 128Required

User password used to decrypt the stored HSM key label

Example: s3cur3P@ssw0rd

addressstringRequired

Zetrix address returned by /hsm/create-account

Example: ZTX3Jdej3CKtCrBSTxQttVfndVHLLEZrvX2uD

Responses

200

*/*

successbooleanOptional

timestampstring · date-timeOptional

traceIdstringOptional

post

/ztx/hsm/sign-blob

POST /ztx/hsm/sign-blob HTTP/1.1
Host: api-sandbox.zetrix.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 172

{
  "blob": "0A255A5458334A64656A33434B7443724253547851747456666E6456484C4C455A72765832754410...",
  "password": "s3cur3P@ssw0rd",
  "address": "ZTX3Jdej3CKtCrBSTxQttVfndVHLLEZrvX2uD"
}

200

{
  "object": [
    {
      "signBlob": "b8f4a2c3d1e0f9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d3e2f1a0b9c8d7e6f5...",
      "publicKey": "b00179b4adb1d3188aa1b98d6977a837bd4afdbb574f1c2b17ac0819a0feae63..."
    }
  ],
  "messages": [
    {
      "type": "INFO",
      "errorCode": 1,
      "message": "text"
    }
  ],
  "success": true,
  "timestamp": "2026-05-08T02:56:00.344Z",
  "traceId": "text"
}

Sign message with HSM

post

Signs a UTF-8 message using the HSM-stored Ed25519 private key identified by the Zetrix address.

Authorizations

AuthorizationstringRequired

Bearer access token. Include in all requests as: Authorization: Bearer <your_access_token>

Body

Request to sign a UTF-8 message using the HSM

messagestringRequired

UTF-8 message to sign

Example: Hello, Zetrix!

passwordstring · min: 8 · max: 128Required

User password used to decrypt the stored HSM key label

Example: s3cur3P@ssw0rd

addressstringRequired

Zetrix address returned by /hsm/create-account

Example: ZTX3Jdej3CKtCrBSTxQttVfndVHLLEZrvX2uD

Responses

200

*/*

successbooleanOptional

timestampstring · date-timeOptional

traceIdstringOptional

post

/ztx/hsm/sign-message

POST /ztx/hsm/sign-message HTTP/1.1
Host: api-sandbox.zetrix.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 106

{
  "message": "Hello, Zetrix!",
  "password": "s3cur3P@ssw0rd",
  "address": "ZTX3Jdej3CKtCrBSTxQttVfndVHLLEZrvX2uD"
}

200

{
  "object": [
    {
      "signBlob": "b8f4a2c3d1e0f9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d3e2f1a0b9c8d7e6f5...",
      "publicKey": "b00179b4adb1d3188aa1b98d6977a837bd4afdbb574f1c2b17ac0819a0feae63..."
    }
  ],
  "messages": [
    {
      "type": "INFO",
      "errorCode": 1,
      "message": "text"
    }
  ],
  "success": true,
  "timestamp": "2026-05-08T02:56:00.344Z",
  "traceId": "text"
}

PreviousPaymaster NextModels

Last updated 1 day ago

hashtagCreate HSM key pair

hashtagSign blob with HSM

hashtagSign message with HSM

Create HSM key pair

Sign blob with HSM

Sign message with HSM