# FinchTrade x inabit - Integration Guide

### **Overview**

This guide details the end-to-end integration flow between **FinchTrade** and **inabit**, enabling a **co-custodial wallet-as-a-service (WaaS)** setup for FinchTrade’s corporate clients.

This entire procedure is a **one-time setup per corporate client**, establishing a permanent, auditable link between the client’s inabit account and FinchTrade’s integration environment.

***

### **Technical Architecture**

<figure><img src="/files/0xSyKPjwlS6LCKnL8Erf" alt=""><figcaption></figcaption></figure>

The co-custodial setup involves three main entities, as illustrated in the diagram:

1. **Customer Owner Account Onboarding**
   * The client creates an inabit account and pairs their mobile approver app.
   * This mobile device becomes the root of trust for all subsequent authorizations.
2. **API Admin User (FinchTrade)**
   * Created by inabit under the client’s organization.
   * Provides FinchTrade programmatic access to create wallets, view balances, execute withdrawal requests, and more.
   * This user has no custody or signing authority; all actions require client approval or occur under predefined policies.
3. **Remote Approver App (Docker)**
   * Deployed **on the client’s premises**, ensuring full control and operational independence.
   * Handles signing and transaction approval automatically, based on rules defined and authorized by the client.
   * The Docker is paired directly with the client’s (owner) mobile app using a pairing code upon docker pairing process (see reference [here](#step-3-deploy-remote-approver-app-docker)), creating a secure, closed approval loop.

***

### **Integration Flow**

#### **Step 1: Client Account Onboarding**

The client begins by creating an enterprise account on the inabit platform using FinchTrade’s dedicated onboarding link:

**URL:**\
`https://use.inabit.com/create_account?channel=finchtrade`

The client must select "Skip to Platform" button on the top right, unlocking the advanced custody, API, and approval features.

**Device Pairing (Mandatory)**\
At the end of registration, the client install inabit's mobile approvals application on their device and beings the pairing process to their inabit account.

#### Full steps:

***

#### **Step 2: API Admin User Creation**

Once the account is active, inabit generates a dedicated **API Admin User** for FinchTrade under the client’s organization.

**Process:**

1. inabit creates the FinchTrade API Admin user.
2. The client receives a **mobile approval request** to confirm the creation of the user.
3. The client approves it through their inabit mobile app.

After approval, FinchTrade receives an API login token that allows integration into the client’s account for executing queries and mutations.

> **Important:** FinchTrade’s API Admin user has **read and trigger capabilities only**.\
> It cannot approve or sign transactions, ensuring the client retains full control.

***

#### **Step 3: Deploy Remote Approver App (Docker)**

To automate transaction approvals while maintaining full custody, the client must deploy the **inabit Remote Approver App** within their own infrastructure.

**Installation**

* The Approver Docker is installed on the client’s secure server or private cloud.
* The Docker connects directly to inabit’s network through encrypted endpoints.

**Pairing Flow**

1. The Docker starts and generates a **pairing code**.
2. The client opens their **inabit mobile app** and enters this pairing code.
3. Once approved, the Docker is officially linked to the client’s account as an **approver**.

The pairing process ensures:

* Only the client can authorize the Docker to act as an approver.
* FinchTrade has **no access** to this pairing or signing flow.

**Recovery and Backup**

In case of server migration or disaster recovery, the client can deploy a new Docker and re-pair it using their mobile app, maintaining full continuity of control.

***

#### **Step 4: Connect FinchTrade Integration**

After the Approver Docker is paired, FinchTrade completes API integration using the Admin credentials.\
This connection allows FinchTrade to automate permissible functions under client-defined policies.

Examples of permitted actions:

* Request wallet balances and transaction history.
* Trigger transfer requests (pending client or Docker approval).
* Query active wallets, assets, and trading limits.

Example API call (through FinchTrade’s API Admin):

```graphql
query GetWallets {
  wallets {
    id
    name
    blockchain
    balance {
      asset
      amount
    }
  }
}
```

This call is **read-only** and complies with the client’s API permission scope.

***

#### **Step 5: Final Authorization**

Once FinchTrade’s access is verified:

* The client validates all connected entities (mobile device, Docker, API Admin) through their inabit dashboard.
* The system becomes fully operational under a co-custodial structure.

> FinchTrade operates as a **non-mandatory approver**:\
> transactions can proceed even if FinchTrade is unavailable, ensuring client autonomy and uninterrupted control.

***

### **Security & Custody Model**

| Layer                            | Responsibility                         | Hosted By  |
| -------------------------------- | -------------------------------------- | ---------- |
| **Mobile Approver App**          | Primary cryptographic approval device  | Client     |
| **Remote Approver App (Docker)** | Automated on-premise signing agent     | Client     |
| **API Admin User**               | Non-custodial, administrative API link | FinchTrade |
| **Account & Policy Management**  | Wallet creation, permissions, recovery | Client     |

Security Features:

* All approvals originate from the client’s mobile device.
* FinchTrade cannot initiate or finalize transfers without policy approval.
* Multi-factor control between Docker + mobile ensures tamper resistance.
* Audit logs record every event (pairing, login, signing, API access).

***

### **One-Time Setup Summary**

| Stage | Description                                                                          | Approval                   |
| ----- | ------------------------------------------------------------------------------------ | -------------------------- |
| 1     | Client creates inabit account and pairs mobile app                                   | Client only                |
| 2     | inabit adds FinchTrade API Admin user and sends token after client approves creation | Client approval required   |
| 3     | Client installs & pairs Approver Docker                                              | Client only                |
| 4     | FinchTrade connects via API                                                          | Client token authorization |
| 5     | Final confirmation & operational launch                                              | Client approval            |

Once complete, this setup remains persistent and does not require re-pairing unless the client intentionally resets their environment.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inabit.com/finchtrade.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.