Every wallet address that interacts with Iron must be registered (linked) to a customer before it can be used in any Autoramp flow — onramp, offramp, or swap. This is a regulatory requirement under the Travel Rule, which obliges Virtual Asset Service Providers to exchange originator and beneficiary information for crypto transfers.
Iron supports two wallet types:
- Self-hosted wallets — the customer controls the private key. Registration requires a signed proof-of-ownership message.
- Hosted wallets — the wallet is custodied by another VASP (e.g. Coinbase, Kraken). Registration requires the VASP’s DID so Iron can exchange travel-rule data with the custodian.
Autoramp creation will fail if the recipient wallet address has not been registered first.
Verify a self-hosted crypto address
Submit a signature proving ownership of your cryptocurrency wallet. The verification process requires signing a specific message with your wallet’s private key.
Format the proof message:
I am verifying ownership of the wallet address {wallet_address} as customer {customer_id}. This message was signed on {date} to confirm my control over this wallet.
{customer_id} with your customer ID{wallet_address} with your wallet address{date} with today’s date in DD/MM/YYYY format using UTC timezone
Example:I am verifying ownership of the wallet address 0x742d35Cc6634C0532925a3b844Bc454e4438f44e as customer 4b85d15e-f343-41c0-809c-85314cae2fa6. This message was signed on 23/05/2025 to confirm my control over this wallet.
Sign this message using your wallet's private key
Submit the proof:
curl -X POST https://api.sandbox.iron.xyz/api/addresses/crypto/selfhosted \
-H "Content-Type: application/json" \
-H "Idempotency-Key: 123e4567-e89b-12d3-a456-426614174000" \
-H "X-API-Key: $API_KEY" \
-d '{
"customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6",
"address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
"message": "I am verifying ownership of the wallet address 0x742d35Cc6634C0532925a3b844Bc454e4438f44e as customer 4b85d15e-f343-41c0-809c-85314cae2fa6. This message was signed on 23/05/2025 to confirm my control over this wallet.",
"signature": "0xa5f1751b75a28c12694f02590d29b8cdd68b4f5c783273a75823fc6cfeaa702f1a65fa7c1838ae799fe755c92443cb51631d000922329cdd2ce799eee75f42531b",
"blockchain": "ethereum"
}'
The message must use today’s date in UTC timezone. Messages with incorrect dates will be rejected.
You can add additional text before and after the message, and our verification will still work. The verification will succeed as long as the required message text is present.
Register a hosted wallet
When the recipient wallet is custodied by another institution (VASP) — for example Coinbase, Kraken, or Binance — you need to register the wallet address along with the institution’s DID so Iron can exchange travel-rule data with the custodian.
Search for the VASP (wallet provider):
First, find the DID (Decentralized Identifier) of the institution that hosts the wallet:curl -X GET "https://api.sandbox.iron.xyz/api/addresses/crypto/hosted/vasps?q=bitstamp&limit=10" \
-H "X-API-Key: $API_KEY"
[
{
"did": "did:ethr:0x367f004f1062f68c038ac8d3c3071fedc18fb689",
"name": "Bitstamp",
"country": "LU",
"website": "https://www.bitstamp.net/"
}
]
Register the hosted wallet address:
Submit the wallet address with the VASP’s DID:curl -X POST https://api.sandbox.iron.xyz/api/addresses/crypto/hosted \
-H "Content-Type: application/json" \
-H "Idempotency-Key: 123e4567-e89b-12d3-a456-426614174001" \
-H "X-API-Key: $API_KEY" \
-d '{
"customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6",
"wallet_address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
"vasp_did": "did:ethr:0x367f004f1062f68c038ac8d3c3071fedc18fb689",
"blockchain": "ethereum"
}'
customer_id: The customer’s UUIDwallet_address: The wallet address at the institutionvasp_did: The DID (Decentralized Identifier) of the institution hosting the wallet (obtained from the VASP search)blockchain: The blockchain the address is on (e.g. ethereum, solana, polygon, base, arbitrum)
The wallet must be registered in your name at the hosting institution. Iron will use the VASP DID to exchange travel rule information with the institution.
List verified addresses
Retrieve all verified cryptocurrency addresses for a customer:
curl -X GET https://api.sandbox.iron.xyz/api/addresses/crypto/{customer_id} \
-H "X-API-Key: $API_KEY"
filter query parameter:
?filter=Hosted: Only hosted wallet addresses?filter=SelfHosted: Only self-hosted wallet addresses?filter=All or no filter: All addresses (default)
Example with filter:
curl -X GET "https://api.sandbox.iron.xyz/api/addresses/crypto/4b85d15e-f343-41c0-809c-85314cae2fa6?filter=SelfHosted" \
-H "X-API-Key: $API_KEY"
id: Address IDwallet_address: The wallet addressaddress_type: “Hosted” or “SelfHosted”blockchain: The blockchain (e.g. “ethereum”, “solana”)created_at: Registration timestampdisabled: Whether the address is disabledvasp_did: (For hosted wallets only) The VASP’s DIDproof_message: (For self-hosted wallets only) The verification messageproof_signature: (For self-hosted wallets only) The signature
Common error scenarios:
- Invalid proof message format
- Incorrect date in proof message (must be today’s date in DD/MM/YYYY format)
- Invalid signature
- Wallet address already registered
- Invalid blockchain/address format mismatch
- Customer ID does not belong to your partner
Disable or enable an address
You can disable or enable a verified crypto address. Disabled addresses cannot be used for transactions.
curl -X PUT https://api.sandbox.iron.xyz/api/addresses/crypto/{address_id}/disabled \
-H "Content-Type: application/json" \
-H "X-API-Key: $API_KEY" \
-d '{
"customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6",
"disabled": true
}'
Addresses that were automatically disabled due to high risk (e.g., flagged by Chainalysis) cannot be re-enabled.
