Skip to main content
The TSS Node callback mechanism is a critical component in the server co-signer solution that enables custom risk control implementation. When enabled, it reviews and approves all task requests before the TSS Node executes them.

Sample callback server

Cobo provides example callback server implementations in multiple programming languages to help you quickly develop your callback server. You can find these examples in our GitHub repository.

How it works

After startup, the TSS Node establishes a persistent connection with the Cobo WaaS service to receive task requests. These tasks fall into three categories:
  • Key generation (KeyGen): Creating new key shares for your MPC Wallets.
  • Key signing (KeySign): Signing transactions or messages.
  • Key resharing (KeyReshare): Redistributing key shares among participants.
Without the callback mechanism, the TSS Node executes tasks directly or waits for approval from the embedded risk control module if it is enabled. With the callback mechanism enabled, the TSS Node requests approval from your TSS Node callback servers for each task. The TSS Node only executes tasks that all of your callback servers approve.

Communication security

The TSS Node and callback server communicate via HTTP, using JSON Web Token (JWT) with RS256 signing algorithm to ensure secure data transmission. This involves:
  1. Key generation: Both the TSS Node and callback server generate their own RSA key pairs.
  2. Key exchange: Each component configures the other’s RSA public key in their system.
  3. Request signing: All requests are signed using the sender’s private key.
  4. Signature verification: Recipients verify signatures using the sender’s public key.
To learn more about JWTs, see Introduction to JSON Web Tokens.

Implementation steps

To implement the callback mechanism:
  1. Deploy your TSS Node callback server.
  2. Configure callback keys.
  3. Start both the TSS Node and callback server.
Feel free to share your feedback to improve our documentation!