> ## Documentation Index > Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt > Use this file to discover all available pages before exploring further. # Migrate from Fireblocks > Move a user's Fireblocks Non-Custodial Wallet (NCW) into a Dynamic embedded wallet, preserving their addresses. Migration takes over the key material from a user's Fireblocks Non-Custodial Wallet (NCW) and provisions Dynamic [embedded wallets](/overview/wallets/embedded-wallets/mpc/overview) for it. It is a single cross-chain operation: one call migrates the device across every supported chain and keeps the addresses the user already had. **Before you start.** This is for applications already running a Fireblocks NCW integration. Migration imports that device's keys into a Dynamic embedded wallet for the **currently signed-in Dynamic user** — your Fireblocks wallet is not changed or disabled. Migration currently supports **EVM** and **Solana**; other chains return a per-chain failure for now. ## How it works The migration runs inside Dynamic's [embedded-wallet iframe](/overview/wallets/embedded-wallets/mpc/architecture), served from `https://app.dynamicauth.com`. The Fireblocks key takeover and per-chain key derivation happen in that sandboxed iframe — the raw key material never enters your application's page context. During the takeover, the Fireblocks NCW SDK (running in the iframe) exchanges MPC protocol messages with Fireblocks. It does **not** call Fireblocks directly. Instead it relays each message through **your backend's RPC endpoint**, which forwards it to Fireblocks using your Fireblocks API credentials. The flow per message: 1. The iframe sends the NCW message to `POST {backendBaseUrl}/api/devices/{deviceId}/rpc`, with your application's auth token for the user as a bearer token. 2. Your backend relays the message to Fireblocks and returns the response unchanged. 3. The iframe completes the takeover, derives each chain's key, and imports it into the Dynamic embedded wallet. Your Fireblocks API key and secret stay on your backend. The browser only ever holds your application's auth token for the user — never a Fireblocks credential. ## Prerequisites Fireblocks migration is behind a feature flag. [Contact support](https://www.dynamic.xyz/contact) to enable it for your environment before the settings below appear. In your [environment settings](https://app.dynamic.xyz/dashboard/embedded-wallets/dynamic), configure the Fireblocks migration backend: * **Backend base URL** — the base URL of your backend (HTTPS required). The iframe calls `{backendBaseUrl}/api/devices/{deviceId}/rpc`. * **Environment** — `sandbox` or `production`, matching the Fireblocks environment the NCW device belongs to. Fireblocks migration settings in the Dynamic dashboard Implement `POST /api/devices/{deviceId}/rpc` to relay NCW messages to Fireblocks: * **Request** — header `Authorization: Bearer ` (your application's auth token for the user), body `{ "message": "" }`. * **Action** — authenticate the token, then forward the message to Fireblocks with the Fireblocks server SDK, `invokeWalletRpc(walletId, deviceId, message)`, and return the Fireblocks response JSON unchanged. Your Fireblocks API credentials live here, on the backend. Resolve the `walletId` from the authenticated user behind the token. See the [Fireblocks NCW backend demo](https://github.com/fireblocks/ncw-backend-demo) for a reference implementation. The RPC request originates from the Dynamic iframe origin, `https://app.dynamicauth.com`. Your `/rpc` endpoint must allow CORS from that origin — allow the `POST` method and the `Content-Type` and `Authorization` request headers. Without CORS, the browser blocks the request and the takeover fails with a network error before any message reaches Fireblocks. ## Migrate with the SDK Once the dashboard and backend are configured, call the migration from your SDK: