'/%3e%3cdefs%3e%3cpattern%20id='pattern0_2104_4598'%20patternContentUnits='objectBoundingBox'%20width='1'%20height='1'%3e%3cuse%20xlink:href='%23image0_2104_4598'%20transform='matrix(0.00376176%200%200%200.0172414%20-0.00219436%200)'/%3e%3c/pattern%3e%3cimage%20id='image0_2104_4598'%20width='267'%20height='58'%20preserveAspectRatio='none'%20xlink:href='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQsAAAA6CAMAAACQ2ozcAAAAM1BMVEVMaXH////////////////////////////////////////////////////////////////x7/yuAAAAEHRSTlMAoDDgEPBgwIBAINCwkHBQDIOTDwAAAAlwSFlzAAFxGAABcRgB7MGwCAAABm1JREFUaIHlW+uWsyoMLSIIeH3/pz0CKrmgQuusdn0nf2YaMW42kISgr1cQK+SySj+61/9cmm45RLTfRvNV0WoBIptv4/mi6AWLuiVDd0lKmLPGGPsA0nelGG8TZoXU69poTPi/v1smBjB338dZxvk218B/VIrxBl8hth9t73+Zp2x7SdNuLMX+tJTitZCKjQx1MzFquLBVc+hvpBSv8NMX/Hb+Bv2MbS8DaNsVYn9aSvFK2nWB5slHtr0sUL4Ur0vx+usowdL3A1jBhUVcfGmR1HCBFPbvuWhskvuefC4/wkWbWyMgzV2ub39GarhA+cf0KBevHrTdffSvcuGxonzCA73JBGq4gFnt7qN/lYtxwflEWOA3KWJVriWOpkd0+lUuQj6Rsu6QkcuL9jW2o4xbyzTZfpWLOG79FlatgnP5Y9tRnFn3RAYE7p/loo1bJ6GtnSLIYbuwRrz8rq6SCyY/y8W2UU0SFkw7xQCghszN/y4Xr0ZCKjpPxQz46Vjdj9pupiHUBsxclmRXcOG0CKZHfVV9dHqM1QmRrZNU4IVN15kwQ98fNHSlYNsaUsmmEUw899gNuQCck2ur17KwZXcypM6gsVSCtSN4YcozzLmWqtvbNCPRUDKgbU07RiC/z8XgmOnMtHNiYUJZu8Tbg8YW3B6HOK6PwRPQRo1sT21nBGVq73OxKNaElx8n3iiAR4CL8YbOHlH0YHnXtAL2osg2Gr8PuMgIIaPNTIooqIJdijfkyFO6b6u9gBTDo1M1PKOK6bNcYCBtf9Gwqcc7LHgr1qqFaHil69Y2KAY9zMWe/Ny3BWSU4vVdZ3UtvCHxGuQD7m2nmfY0FyBBGK8bJidXitf/gxbA7DVQwStdBbbVng48zsUxMexdy7EWr/8H9dw/QjJNLRfHKnmci2Pk5G1LW4nX/2U9x5p5eYOLvYj6PBfb+qXHfacWy/H6P6yuhavBfl1Cl0VtK7MaaGcS30wZF6ny2WS4kD71ttjyZgXHEDk5j4Ew2dTh9SbREYCEqA/NBBXY9pHX4E2eLOPiRQT1RsDAv0sc7QZhOHowIwxjHd4wDcDEmCJ1jmjQREG2werBxt3HXKRIwE+cEAYwmMijygze/hxvrq6FNJp0mNp2Zxf0x1ykWD8zLmA7lIChqe+u8U4Eb2goLbjYSaCJdnDqC20jR4JOAMzHXADYjAs4pCj5QYvH3uCFVjy66IR6Y8zoSfDlPr1rhEKdyHCB64GwJ8PHXAA144L3eBcYaw3DixwfW3skqw+GcUpHj1fP60TwSveXXKDRP7fAubjBi2bKwnrAT5p/gAsEEFuA41jNBQ60YZEip8Lq4r/NBexOLRfbvX0XfGZY5i5uVjcNOzs6tz0S23/GhYNctKcWKrmI4Sq+2BlebpRm9FSY8IRYcVTndS3si6DrEX/JBfKdeKjgitcMLw4DxNf7oVcHW/viSLt/kfqV46KHF9BofR5Tr7iA0QKhg6lIJqZe4Q3hExAroJEgIe6c17XgpEOeZy7ighatS7mA0RDlTyiJr8Obr2sJqjmva4H1g7eObREXNEiVcoGeBWqKuXy7FG9kBEhwfyjPZG9wkQOVfJlgS/Bu9+wbyy5z7YoLNL2XfgNMisFTBd6+qH5xW9fqjbV6JLUVfc4FzuS6yVoz3Lyzw7jAi2SlfrWiBTkhaOvwZrnomaa6lrNPxRwX2ft1JRe3Jb40mUvxkmc+Vtcy0NyFjgIv5oJOjEz39nVXitf/Rb6c+4txufQXWTkqpjkuXrnDLlnLhcsfmSU5Up9SvP7ZvK7F4shFXSsrB5lZLrLHXbzGd80FziS4pN15Kd6QXIGJYUhftolyXtfKSgrBWS5c7p6plguyayJyFmcv8IZRT1nmHnKJ5jzvzAoormS5yFoYqrm4AgI//LjFu3cvkKvioLQp2qlIlQseSuEXQYDt7JqFiVmei+wqqeeCfBIFewcT5XK80R+rwZgNx/F60qEhm3Zgu+HHuxK54hMucmTYei5e7B2NCD37hknAy9tDvPS0WjDNef1iTUQMploZvKc942L/3Aj0sXmDi9UOGw0KoQovzAPD2miRhr35mr7fCo3BO0K9pq/ONOBbL03NpIfIcXNQI2gP2gIteym5gSmkGvgbmRd4J/aqj93zFiUc1VCSc+K0WWWytd+HtHZ678YTQ2Yu+4jSzVePbcNVe6n51+U/wZKesx3N5aEAAAAASUVORK5CYII='/%3e%3c/defs%3e%3c/svg%3e)
Exchange Integration Guide
A complete walkthrough for building a production exchange on top of Bitnob Enterprise — from customer onboarding to policy-governed withdrawals.
This guide covers the full integration lifecycle: creating the vault topology, onboarding customers, detecting deposits, setting up gas sponsorship, processing withdrawals, and locking down the system with layered policies.
You need a Bitnob Enterprise API key with admin permissions. All requests use the X-API-Key header. See Authentication for details.
Step 1: Create a Pool Vault
Create one pool vault per chain your exchange supports. A pool vault holds unlimited wallets, which makes it the correct choice for assigning a dedicated deposit wallet to each customer.
Repeat this for each chain you support — Bitcoin, Solana, Tron, Base, and so on. Store the vault id for each chain; you will use it in the next step.
Step 2: Onboard Customers
For each customer, create a wallet inside the pool vault using customer_ref_id to link it to your internal customer ID. The response includes pre-derived deposit addresses for every asset you specify.
Show the customer their deposit address from primary_addresses. Store the wallet id in your database mapped to the customer's account.
Step 3: Detect Deposits
Poll for inbound transactions on customer wallets, or use Subscriptions to receive real-time webhook notifications for each deposit.
Credit the customer's exchange balance when a deposit reaches completed status with sufficient confirmations. Always reconcile against amount_decimal and asset_symbol — do not rely on internal accounting alone.
For production, subscribe to incoming_token_tx and confirmation_threshold_met events via the Subscriptions API instead of polling. See the Webhook Notifications section of the API reference for payload details.
Step 4: Set Up Gas Stations
Create one gas station per chain to sponsor withdrawal fees automatically. Without a gas station, your customers would need to hold native tokens (ETH, TRX, SOL, etc.) alongside their assets.
Tron: Stake TRX for energy
On Tron, USDT transfers consume energy instead of TRX. Stake TRX from your gas station to get energy units — this dramatically reduces the per-transfer cost.
Monitor gas station health with GET /gasstations/stats. Set up alerting when health_status is low.
Step 5: Process Withdrawals
When a customer requests a withdrawal, create a transaction with gas sponsorship enabled. As long as every configured policy passes, the transaction is signed by the Enclave and broadcast automatically.
If a policy requires multi-party approval, the response status will be pending_authorization instead of signed. Always wait for a webhook notification of completed status before crediting or debiting exchange balances.
Step 6: Configure Policy Layers
Build a layered policy stack for defense in depth. Policies are evaluated in priority order — higher numbers are evaluated first.
Layer 1 — Root Quorum: Protect policy changes themselves. Without this, any admin key can modify policies unilaterally.
Layer 2 — Block large withdrawals (over $50,000)
Layer 3 — Velocity limits: Max $100K per day per wallet
Step 7: Populate Address Book
Add known safe addresses — exchange hot wallets, partner addresses, institutional counterparties — to the address book. Then create a whitelist policy to block transfers to any non-listed destination.
Step 8: Monitor and Export
Use these endpoints to power your operational dashboards and run daily reconciliation.
Run daily reconciliation by matching your internal ledger against the exported transaction history. Investigate any withdrawal that was initiated but lacks a final completed status within your expected settlement window.
Match idempotency_key against your internal withdrawal records
Verify amount_decimal and asset_symbol against customer ledger entries
Alert on any transaction stuck in pending_authorization beyond your SLA window
Track gas station health daily and refill before health_status reaches low