Blockdaemon Blog

Securing Critical Crypto Transactions with API Gateway Validation and Clear Signing

Sep 26, 2025
By:
Conor
Keville
&
Blockdaemon’s staking architecture adds an independent checkpoint before signing. In this blog, we explain how every transaction is safe, expected, and verifiably aligned with the original intent.

Taking a multilayer approach to crypto transaction security is critical. 

Combining an intent-based API model with independent transaction validation ensures that the transaction returned for signing is exactly what was intended by the customer. In this blog, we explain our approach and outline how Blockdaemon combines API best practices, security standards, and partnerships to achieve secure outcomes for our customers.

Representational State Transfer (REST) is a software architecture that imposes conditions on how an API should work. REST was initially created as a guideline to manage communication on a complex network like the internet. But, at its basic design, it is not intended to facilitate high value transactions as seen in crypto specific use-cases and introduces transaction manipulation attack vectors.

Blockdaemon’s Intent-Based Model 

Our intent-based model abstracts away the low level complexities of transaction crafting, presenting a consistent and clear user experience across the multiple PoS blockchains that are supported by our staking API. Each staking request begins with an intent that outlines the action a user wants to take, such as stake, withdraw, or deactivate. This intent is constrained by business rules and limits that reflect what Blockdaemon considers secure and valid staking behavior.

Based on this intent, Blockdaemon constructs an unsigned transaction. Because of the two individual legs, the intent and the raw transaction can be stored, decoded, and verified at multiple levels by the Blockdaemon API, the client, or any third party participating in the transaction flow. This verification model and audit trail are key for preserving end-to-end security and making sure the unsigned transaction can not be manipulated by malicious actors through man-in-the-middle or software supply chain attacks.  

The two-leg intent architecture also enables us to introduce additional points of validation with partners to further reduce any possibility of transaction manipulation.

Adding an Independent Validation Layer

Transaction verification logic is securely packaged and deployed as a separate component on our API Gateway provided by Zuplo. This service:

  • Decodes the unsigned transaction
  • Validates it against the original staking intent
  • Enforces staking-specific rules on allowed instruction types
  • Confirms expected withdrawal authorities and required signers
  • Covers all staking flows: stake, withdraw, and deactivate

If the transaction returned does not match the intent in the user request, an error is returned to the customer and our monitoring systems are alerted.

This turns our gateway into a true sentry that not only provides a secure (mTLS) transport layer, it also becomes an enforcement point that checks staking payloads for conformance, intent match, and structural integrity. Crucially, it operates independently of the system that builds the transaction in the first place. 

What’s Unique About Blockdaemon’s Approach

Unlike providers who rely solely on client-side SDKs and place the burden of transaction safety on the user, Blockdaemon enforces transaction validation within the staking path itself. Institutions don’t need to rewrite their stack to gain these protections.

The separation of duties between transaction creation and transaction validation ensures that even if one system were compromised, malicious or malformed payloads would still be caught. Both layers are independently deployed, maintained, and enforced.

This dual-check architecture ensures the transaction returned for signing is exactly what was intended. No more, no less.

To extend this further, Blockdaemon will publish an SDK for offline verification. This enables institutions to run the same checks in their own environment before signing. Additional enhancements, including secure enclaves and MPC-based signing, are on the roadmap.

Conclusion

Blockdaemon’s staking architecture adds an independent checkpoint before signing. This ensures that every transaction is safe, expected, and verifiably aligned with the original intent.

With strict intent modeling, independent rule enforcement at the gateway, and an upcoming SDK for offline verification, Blockdaemon is raising the bar for institutional staking security on Solana.

To keep up-to-date with all of Blockdaemon's blogs, visit blockdaemon.com/blog, or to learn more about the technical trends informing the decisions on how Blockdaemon builds secure earn products for digital assets, links to an ongoing blog series on the same topic are available here.

To start staking, get in touch with the Blockdaemon team today.

Share

Get Started with Blockdaemon Today!

Contact us to learn how we can help you power your blockchain business.
Unparalleled Security & Compliance
Seamless Integration & Scalability
Dedicated Customer Support
mpc wallets & vaults
Institutional Vault
Builder Vault
Enterprise KMS
Nodes & APIs
Chain Watch
Wallet Transact
RPC API
Dedicated Nodes
DeFi API
Staking
Staking APIs
Staking App
Restaking
Liquid Staking
Reporting API
Validators
Earn Stack
Protocols
Aleo
Algorand
Aptos
Arbitrum
Astar
Audius
Avalanche
Axelar
BNB Chain
Babylon
All Protocols
Company
Foundations
About Us
Careers
Partnership Program
Expertise
Security
Infrastructure
Buzz
Blog
Resources
Newsletter
Press
Media Kit
documentation
All Documentation
REST APIs
Institutional Vault
Builder Vault
RPC API
DeFi API
Support
FAQs
Contact Support
System Status
Vulnerability Disclosure Program Policy
Terms & Conditions
Cookie Policy
Privacy Policy
Governance Policy
Connect with blockdaemon
Newsletter

Sign up for our newsletter to receive the latest news and product updates.

Thanks! Look out for our next Newsletter!
Oops! Something went wrong while submitting the form.