Skip to main content

Verify a self-hosted crypto address

Submit a signature proving ownership of your cryptocurrency wallet. The verification process requires signing a specific message with your wallet’s private key.
1

Format the proof message:

I am verifying ownership of the wallet address {wallet_address} as customer {customer_id}. This message was signed on {date} to confirm my control over this wallet.
Replace:
  • {customer_id} with your customer ID
  • {wallet_address} with your wallet address
  • {date} with today’s date in DD/MM/YYYY format using UTC timezone
Example:
I am verifying ownership of the wallet address 0x742d35Cc6634C0532925a3b844Bc454e4438f44e as customer 4b85d15e-f343-41c0-809c-85314cae2fa6. This message was signed on 23/05/2025 to confirm my control over this wallet.
2

Sign this message using your wallet's private key

3

Submit the proof:

curl -X POST https://api.sandbox.iron.xyz/api/addresses/crypto/selfhosted \
-H "Content-Type: application/json" \
-H "Idempotency-Key: 123e4567-e89b-12d3-a456-426614174000" \
-H "X-API-Key: $API_KEY" \
-d '{
  "customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6",
  "address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
  "message": "I am verifying ownership of the wallet address 0x742d35Cc6634C0532925a3b844Bc454e4438f44e as customer 4b85d15e-f343-41c0-809c-85314cae2fa6. This message was signed on 23/05/2025 to confirm my control over this wallet.",
  "signature": "0xa5f1751b75a28c12694f02590d29b8cdd68b4f5c783273a75823fc6cfeaa702f1a65fa7c1838ae799fe755c92443cb51631d000922329cdd2ce799eee75f42531b",
  "blockchain": "ethereum"
}'
The message must use today’s date in UTC timezone. Messages with incorrect dates will be rejected.
You can add additional text before and after the message, and our verification will still work. The verification will succeed as long as the required message text is present.

Register a hosted wallet

When sending funds from an Autoramp to a wallet at another institution (VASP), you need to register the wallet address and the institution’s DID for travel rule compliance.
1

Search for the VASP (wallet provider):

First, find the DID (Decentralized Identifier) of the institution that hosts the wallet:
curl -X GET "https://api.sandbox.iron.xyz/api/addresses/crypto/hosted/vasps?q=bitstamp&limit=10" \
-H "X-API-Key: $API_KEY"
Response:
[
  {
    "did": "did:ethr:0x367f004f1062f68c038ac8d3c3071fedc18fb689",
    "name": "Bitstamp",
    "country": "LU",
    "website": "https://www.bitstamp.net/"
  }
]
2

Register the hosted wallet address:

Submit the wallet address with the VASP’s DID:
curl -X POST https://api.sandbox.iron.xyz/api/addresses/crypto/hosted \
-H "Content-Type: application/json" \
-H "Idempotency-Key: 123e4567-e89b-12d3-a456-426614174001" \
-H "X-API-Key: $API_KEY" \
-d '{
  "customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6",
  "wallet_address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
  "vasp_did": "did:ethr:0x367f004f1062f68c038ac8d3c3071fedc18fb689",
  "blockchain": "ethereum"
}'
The registration requires:
  • customer_id: The customer’s UUID
  • wallet_address: The wallet address at the institution
  • vasp_did: The DID (Decentralized Identifier) of the institution hosting the wallet (obtained from the VASP search)
  • blockchain: The blockchain the address is on (e.g. ethereum, solana, polygon, base, arbitrum)
The wallet must be registered in your name at the hosting institution. Iron will use the VASP DID to exchange travel rule information with the institution.

List verified addresses

Retrieve all verified cryptocurrency addresses for a customer: 
curl -X GET https://api.sandbox.iron.xyz/api/addresses/crypto/{customer_id} \
-H "X-API-Key: $API_KEY"
Optionally filter by address type using the filter query parameter:
  • ?filter=hosted: Only hosted wallet addresses
  • ?filter=self_hosted: Only self-hosted wallet addresses
  • ?filter=all or no filter: All addresses (default)
Example with filter: 
curl -X GET "https://api.sandbox.iron.xyz/api/addresses/crypto/4b85d15e-f343-41c0-809c-85314cae2fa6?filter=self_hosted" \
-H "X-API-Key: $API_KEY"
The response includes details about each verified address:
  • id: Address ID
  • wallet_address: The wallet address
  • address_type: “Hosted” or “SelfHosted”
  • blockchain: The blockchain (e.g. “ethereum”, “solana”)
  • created_at: Registration timestamp
  • disabled: Whether the address is disabled
  • vasp_did: (For hosted wallets only) The VASP’s DID
  • proof_message: (For self-hosted wallets only) The verification message
  • proof_signature: (For self-hosted wallets only) The signature
Common error scenarios:
  • Invalid proof message format
  • Incorrect date in proof message (must be today’s date in DD/MM/YYYY format)
  • Invalid signature
  • Wallet address already registered
  • Invalid blockchain/address format mismatch
  • Customer ID does not belong to your partner

Disable or enable an address

You can disable or enable a verified crypto address. Disabled addresses cannot be used for transactions. 
curl -X PUT https://api.sandbox.iron.xyz/api/addresses/crypto/{address_id}/disabled \
-H "Content-Type: application/json" \
-H "X-API-Key: $API_KEY" \
-d '{
  "customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6",
  "disabled": true
}'
Addresses that were automatically disabled due to high risk (e.g., flagged by Chainalysis) cannot be re-enabled.

Fiat Sources Verification

Travel Rule Compliance