Transaction flows differ by wallet type, and can even differ between address type. Notably, BitGo uses different endpoints to construct and sign transactions, depending on the wallet type. Review the transaction flows bellow to determine which is best for your use case.
Simple or Advanced
For self-managed hot wallets, you can use BitGo Express to build, sign, and send transactions, all in 1 call. However, if your use case needs more control and granularity, BitGo provides additional Express and REST endpoints for more advanced transactions, enabling you to manually construct each step. Simple-transaction flows are the same for self-managed multisignature and TSS hot wallets. However, advanced-transaction flows differ by wallet type. See bellow for more details.
For self-managed hot wallets using the advanced flow, you can configure an additional instance of your Express server on an air-gapped machine, where you store all your private user keys and sign transactions. External signing is the most secure way to implement BitGo Express, because it enables signers with restricted access or network connectivity to sign transactions.
Note: ECDSA TSS wallets aren't currently compatible with external-signer mode.
The following shows the specific API calls required to transact for each wallet type. For a complete integration guide, including code samples, see the links in the Integration Guides section below.
- Initiate - Bitgo uses the data you pass in this call to build an unsigned transaction.
- Approve (Optional) - You can configure a wallet policy to require admin approval for all outgoing transactions, providing an extra layer of security. Transactions remain in a pending-approval status until final approval. Approving a transaction doesn't apply a signature.
- Sign - Conduct video verification with a BitGo operator. Once verified, BitGo does the following:
- Uploads the unsigned transaction to the BitGo Offline Vault Console (OVC).
- Uses the user key to sign the unsigned transaction in the OVC, becoming a half-signed transaction.
- Uses the BitGo key to sign the half-signed transaction in a hardware security module (HSM), creating a fully-signed transaction.
- Broadcast - Using a BitGo node, Bitgo broadcasts the transaction to the network for confirmation.
- Withdraw from Wallet - Custodial Multisig
- Withdraw from Wallet - Custodial TSS
- Withdraw from Wallet - Go Account (Advanced)
- Withdraw from Wallet - Go Account (Simple)
- Withdraw from Wallet - Self-Managed Multisig Cold
- Withdraw from Wallet - Self-Managed Multisig Hot (Advanced)
- Withdraw from Wallet - Self-Managed Multisig Hot (Simple)
- Withdraw from Wallet - Self-Managed TSS Hot (Advanced)
- Withdraw from Wallet - Self-Managed TSS Hot (Simple)