search
Ctrlk
WebsiteLoginStatus

screwdriver-wrenchFinchTrade x inabit - Integration Guide

Integrating Co-custodial WaaS solution for FinchTrade AG Use Case

hashtag
Overview

This guide details the end-to-end integration flow between FinchTrade and inabit, enabling a co-custodial wallet-as-a-service (WaaS) setup for FinchTrade’s corporate clients.

This entire procedure is a one-time setup per corporate client, establishing a permanent, auditable link between the client’s inabit account and FinchTrade’s integration environment.

hashtag
Technical Architecture

The co-custodial setup involves three main entities, as illustrated in the diagram:

  1. Customer Owner Account Onboarding

    • The client creates an inabit account and pairs their mobile approver app.

    • This mobile device becomes the root of trust for all subsequent authorizations.

  2. API Admin User (FinchTrade)

    • Created by inabit under the client’s organization.

    • Provides FinchTrade programmatic access to create wallets, view balances, execute withdrawal requests, and more.

    • This user has no custody or signing authority; all actions require client approval or occur under predefined policies.

  3. Remote Approver App (Docker)

    • Deployed on the client’s premises, ensuring full control and operational independence.

    • Handles signing and transaction approval automatically, based on rules defined and authorized by the client.

    • The Docker is paired directly with the client’s (owner) mobile app using a pairing code upon docker pairing process (see reference here), creating a secure, closed approval loop.

hashtag
Integration Flow

hashtag
Step 1: Client Account Onboarding

The client begins by creating an enterprise account on the inabit platform using FinchTrade’s dedicated onboarding link:

URL: https://use.inabit.com/create_account?channel=finchtrade

The client must select "Skip to Platform" button on the top right, unlocking the advanced custody, API, and approval features.

Device Pairing (Mandatory) At the end of registration, the client install inabit's mobile approvals application on their device and beings the pairing process to their inabit account.

hashtag
Full steps:

hashtag
Step 2: API Admin User Creation

Once the account is active, inabit generates a dedicated API Admin User for FinchTrade under the client’s organization.

Process:

  1. inabit creates the FinchTrade API Admin user.

  2. The client receives a mobile approval request to confirm the creation of the user.

  3. The client approves it through their inabit mobile app.

After approval, FinchTrade receives an API login token that allows integration into the client’s account for executing queries and mutations.

Important: FinchTrade’s API Admin user has read and trigger capabilities only. It cannot approve or sign transactions, ensuring the client retains full control.

hashtag
Step 3: Deploy Remote Approver App (Docker)

To automate transaction approvals while maintaining full custody, the client must deploy the inabit Remote Approver App within their own infrastructure.

Installation

  • The Approver Docker is installed on the client’s secure server or private cloud.

  • The Docker connects directly to inabit’s network through encrypted endpoints.

Pairing Flow

  1. The Docker starts and generates a pairing code.

  2. The client opens their inabit mobile app and enters this pairing code.

  3. Once approved, the Docker is officially linked to the client’s account as an approver.

The pairing process ensures:

  • Only the client can authorize the Docker to act as an approver.

  • FinchTrade has no access to this pairing or signing flow.

Recovery and Backup

In case of server migration or disaster recovery, the client can deploy a new Docker and re-pair it using their mobile app, maintaining full continuity of control.

hashtag
Step 4: Connect FinchTrade Integration

After the Approver Docker is paired, FinchTrade completes API integration using the Admin credentials. This connection allows FinchTrade to automate permissible functions under client-defined policies.

Examples of permitted actions:

  • Request wallet balances and transaction history.

  • Trigger transfer requests (pending client or Docker approval).

  • Query active wallets, assets, and trading limits.

Example API call (through FinchTrade’s API Admin):

This call is read-only and complies with the client’s API permission scope.

hashtag
Step 5: Final Authorization

Once FinchTrade’s access is verified:

  • The client validates all connected entities (mobile device, Docker, API Admin) through their inabit dashboard.

  • The system becomes fully operational under a co-custodial structure.

FinchTrade operates as a non-mandatory approver: transactions can proceed even if FinchTrade is unavailable, ensuring client autonomy and uninterrupted control.

hashtag
Security & Custody Model

Layer
Responsibility
Hosted By

Mobile Approver App

Primary cryptographic approval device

Client

Remote Approver App (Docker)

Automated on-premise signing agent

Client

API Admin User

Non-custodial, administrative API link

FinchTrade

Account & Policy Management

Wallet creation, permissions, recovery

Client

Security Features:

  • All approvals originate from the client’s mobile device.

  • FinchTrade cannot initiate or finalize transfers without policy approval.

  • Multi-factor control between Docker + mobile ensures tamper resistance.

  • Audit logs record every event (pairing, login, signing, API access).

hashtag
One-Time Setup Summary

Stage
Description
Approval

1

Client creates inabit account and pairs mobile app

Client only

2

inabit adds FinchTrade API Admin user and sends token after client approves creation

Client approval required

3

Client installs & pairs Approver Docker

Client only

4

FinchTrade connects via API

Client token authorization

5

Final confirmation & operational launch

Client approval

Once complete, this setup remains persistent and does not require re-pairing unless the client intentionally resets their environment.

Last updated