Keys, accounts, and permissions

FIO Private/Public Keys

FIO Chain’s is registered at index 235/0x800000eb on the SLIP-44.

FIO Private Keys follow standard Wallet Import Format (WIF) standard and public keys follow well-known base58 encoding with FIO prefix, for example:


For those who have integrated EOSIO, FIO public keys follows the same format, except the prefix is FIO instead of EOS.

The derivation path for FIO is:


To test your FIO key derivation, use this mnemonic phrase:

valley alien library bread worry brother bundle hammer loyal barely dune brave

This is the expected Private Key:


This is the expected Public Key:


To obtain a private key from a seed phrase, you can use the BIP 39 tool by Ian Coleman as described in this video.

FIO Accounts

FIO keys are tied to FIO accounts. FIO uses a custom hash function, which when applied to a FIO Public Key, produces a FIO account name (a FIO account is equivalent to a FIO actor). There is no way to create a custom name for an account.

In order to make it easier for developers to be able to integrate with the FIO Blockchain, FIO accounts are created automatically in the following instances:

  • FIO tokens are sent to a FIO public key using /transfer_tokens_pub_key and the supplied recipient’s public key is not associated to an account.
  • A FIO Address or FIO Domain is registered and the supplied “owner’s public key” does not belong to an existing account.


When a FIO Account is ceated, the corresponding FIO Public Key is assigned the owner and active permissions. The implicit default permission linked to all actions is active, which sits one level below the owner permission within the hierarchy structure. The active permission can do anything the owner permission can, except changing the keys associated with the owner.

FIO Chain uses the same permission model as EOSIO, except that:

  • Only one public key can be specified for any one account
  • “waits” are not supported
  • Custom permissions are not currently supported by the SDKs, so some wallets may not handle accounts with custom permissions.
  • It is important to note that the only way to send tokens is to use /transfer_tokens_pub_key (trnsfiopubky) which will always send the funds to the account which is a hash of the public key. This is true even if that key is set as permission on other accounts.

linkauth can be used to set custom permissions. Refer to the linkauth code example which shows how to create a custom permission that can be used to register a FIO Address on a private FIO Domain.