CRXDocs

Configure Desk Roles

How do I assign and rotate desk roles?

Set the signer that acts for the desk, and rotate it when a key changes hands. The maker role is granted by onboarding; the signer is the wallet you authenticate with; the operator role is not yours to assign. Time: ~4 min.

You will end with a known wallet holding the signer JWT and, if you rotated, the old wallet no longer able to act.

Step 1 — Confirm the maker role

Check that your firm holds the on-chain MAKER role. This was granted at onboarding by the crx-approver service; you do not assign it yourself.

GET /makers
→ [ { "address": "0x…your address…" }, … ]
  • Outcome: your address appears. The firm is an approved maker.
  • Branch: absent? You are not whitelisted. Finish Set Up a Desk (~6 min) first — Step 3 covers the gas-free grant.

Step 2 — Set the signer

Choose which wallet acts for the desk and authenticate it. The signer prices RFQs, signs Terms, and signs the on-chain bind/allocate/deposit/withdraw.

POST /auth/challenge   { "address": "0x…signer…" }
POST /auth/login       { "address": "0x…signer…", "signature": "0x…" }
→ { "token": "eyJ…", "expires_at": … }
  • Outcome: a 1-hour JWT for the signer. That wallet can now quote.
  • Branch: the signer and the maker identity may be the same wallet or different ones. If different, the funded wallet (the one holding the general balance) must be the wallet that signs the on-chain allocate/bind — the relayer JWT only gates RFQ reads and writes.

Step 3 — Rotate the signer

To move signing to a new wallet, authenticate the new wallet and stop using the old JWT.

  1. Run Step 2 with the new wallet's address and signature.
  2. Discard the old wallet's JWT. It expires within the hour on its own; until then, treat it as live and revoke access to it.
  • Outcome: the new wallet holds a valid JWT; the old one ages out.
  • Branch: if the funded wallet itself is changing — not just the quoting signer — withdraw the general balance to the new wallet (withdraw(token, amount) from the old, deposit from the new) before retiring the old key. A JWT rotation does not move funds.

The old JWT stays valid until it expires (up to 1 hour). If the old key is compromised, rotating the JWT is not enough — withdraw any funded balance to a safe wallet immediately.

Step 4 — Know what you cannot assign

The operator role is CRX governance. You cannot grant it, take it, or delegate it.

  • You assign: the signer (Step 2), and which funded wallet holds the desk's balance.
  • The operator assigns: the MAKER/TAKER roles themselves, via the approver. The credit flag DEFAULT is stamped by the contract only.
  • Nobody assigns: a path for the operator to move your collateral. It can ban or terminate the firm; it cannot reach the funds against the on-chain proof.

The role model in full is in Roles & Capabilities (~4 min).

Next: Act as a Sentinel (~6 min) — watch the book and step in when a position needs attention.