Register wallet addresses for Travel Rule compliance before using them in any Autoramp flow.
Every wallet address that interacts with Iron must be registered (linked) to a customer before it can be used in any Autoramp flow — onramp, offramp, or swap. This is a regulatory requirement under the Travel Rule, which obliges Virtual Asset Service Providers to exchange originator and beneficiary information for crypto transfers.Iron supports two wallet types:
Self-hosted wallets — the customer controls the private key. Registration requires a signed proof-of-ownership message.
Hosted wallets — the wallet is custodied by another VASP (e.g. Coinbase, Kraken). Registration requires the VASP’s DID so Iron can exchange travel-rule data with the custodian.
Autoramp creation will fail if the recipient wallet address has not been registered first.
Submit a signature proving ownership of your cryptocurrency wallet. The verification process requires signing a specific message with your wallet’s private key.
1
Format the proof message:
I am verifying ownership of the wallet address {wallet_address} as customer {customer_id}. This message was signed on {date} to confirm my control over this wallet.
Replace:
{customer_id} with your customer ID
{wallet_address} with your wallet address
{date} with today’s date in DD/MM/YYYY format using UTC timezone
Example:
I am verifying ownership of the wallet address 0x742d35Cc6634C0532925a3b844Bc454e4438f44e as customer 4b85d15e-f343-41c0-809c-85314cae2fa6. This message was signed on 23/05/2025 to confirm my control over this wallet.
2
Sign this message using your wallet's private key
3
Submit the proof:
curl -X POST https://api.sandbox.iron.xyz/api/addresses/crypto/selfhosted \-H "Content-Type: application/json" \-H "Idempotency-Key: 123e4567-e89b-12d3-a456-426614174000" \-H "X-API-Key: $API_KEY" \-d '{ "customer_id": "4b85d15e-f343-41c0-809c-85314cae2fa6", "address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e", "message": "I am verifying ownership of the wallet address 0x742d35Cc6634C0532925a3b844Bc454e4438f44e as customer 4b85d15e-f343-41c0-809c-85314cae2fa6. This message was signed on 23/05/2025 to confirm my control over this wallet.", "signature": "0xa5f1751b75a28c12694f02590d29b8cdd68b4f5c783273a75823fc6cfeaa702f1a65fa7c1838ae799fe755c92443cb51631d000922329cdd2ce799eee75f42531b", "blockchain": "Ethereum"}'
The message must use today’s date in UTC timezone. Messages with incorrect dates will be rejected.
You can add additional text before and after the message, and our verification will still work. The verification will succeed as long as the required message text is present.
When the recipient wallet is custodied by another institution (VASP) — for example Coinbase, Kraken, or Binance — you need to register the wallet address along with the institution’s DID so Iron can exchange travel-rule data with the custodian.
1
Search for the VASP (wallet provider):
First, find the DID (Decentralized Identifier) of the institution that hosts the wallet:
curl -X GET "https://api.sandbox.iron.xyz/api/addresses/crypto/hosted/vasps?q=bitstamp&limit=10" \-H "X-API-Key: $API_KEY"
wallet_address: The wallet address at the institution
vasp_did: The DID (Decentralized Identifier) of the institution hosting the wallet (obtained from the VASP search)
blockchain: The blockchain the address is on (e.g. Ethereum, Solana, Polygon, Base, Arbitrum)
The wallet must be registered in your name at the hosting institution. Iron will use the VASP DID to exchange travel rule information with the institution.
