Conversation
|
Preview deployment for your docs. Learn more about Mintlify Previews.
|
| Wallet Kit provides a drop-in component that handles the entire import flow, including encryption | ||
| and secure transport. | ||
| Integrate Turnkey into your application to enable wallet import and recovery operations. The | ||
| [NodeJS server SDK](https://github.com/tkhq/sdk/tree/main/examples/import-in-node) is well oriented |
There was a problem hiding this comment.
Just double checking that this is intended, it currently links to an example that uses the Turnkey server sdk rather than linking to the server sdk itself
There was a problem hiding this comment.
good catch, I did ponder what the right link for this should be. I think seeing the sdk in action is most helpful here, its relatively easy to find the package from the example but the opposite is not true.
| You can use the [Embedded Wallet Kit](/reference/embedded-wallet-kit) for fast integration, or [Turnkey SDKs](/sdks/introduction) and the [API](/api-reference/overview) for more customization. Leading apps like [Moonshot](https://www.turnkey.com/customers/how-moonshot-powers-millions-of-self-custodial-wallets-using-turnkey), [Infinex](https://www.turnkey.com/customers/making-onchain-ux-seamless-with-infinex-and-turnkey), and [Axiom](https://www.turnkey.com/customers/axiom-global-defi-trading-platform) use Turnkey for embedded consumer wallets in production. | ||
| Turnkey delivers a secure, flexible solution for embedding end-user wallets directly into your | ||
| application. Users sign in with familiar methods (passkeys, email, OAuth), without seed phrases, | ||
| browser extensions, or external wallets. Turnkey lets you compose your app's core experiences |
There was a problem hiding this comment.
but you can sign in with an external wallet 🤔
There was a problem hiding this comment.
but I don't think its relevant in this context
| Leading apps like | ||
| [Moonshot](https://www.turnkey.com/customers/how-moonshot-powers-millions-of-self-custodial-wallets-using-turnkey), | ||
| [Infinex](https://www.turnkey.com/customers/making-onchain-ux-seamless-with-infinex-and-turnkey), | ||
| and [Axiom](https://www.turnkey.com/customers/axiom-global-defi-trading-platform) use Turnkey for |
There was a problem hiding this comment.
nit: feel like Axiom should be the first one
| multiple signed actions in a time window. Read-only sessions suit low-touch apps where you mainly | ||
| need to read data (e.g., via parent-org access or a read-only session token). | ||
| - **Storage:** IndexedDB (web) for persistent, client-held sessions without exposing keys to your | ||
| JavaScript; SecureStorage (mobile); or LocalStorage (keys in app-accessible storage). |
There was a problem hiding this comment.
not relevant to your change but why do we mention local storage here?
| - **Trusted vs. untrusted separation:** Verification and execution run only inside secure enclaves. Trusted and untrusted infrastructure are strictly separated so that a breach of your app or backend does not expose keys or signing capability. | ||
| - **Keys never leave the enclave:** Private keys live in | ||
| [Trusted Execution Environments (TEEs)](/security/secure-enclaves). All derivation and signing | ||
| happen inside verifiable infrastructure; only signatures are returned. |
There was a problem hiding this comment.
idk how I feel about the:
"only signatures are returned"
feels like it doesn't fit and not necessarily true. For example our eth send transaction does both signing and broadcasting but does not return a signature!
| integrity. Raw keys are never exposed to your app or to Turnkey. | ||
| - **Authenticator-bound requests:** Every sensitive operation is signed by a user-held authenticator | ||
| (passkey, email, etc.). The enclave verifies the signature and then performs the operation. No | ||
| request, no signing; a compromise outside the enclave cannot move funds. See |
There was a problem hiding this comment.
this feels a bit weird:
"no request, no signing"
| verified. | ||
| - **Scoped, programmable control:** Choose non-custodial, hybrid, or app-controlled custody. | ||
| [Policies](/concepts/policies/quickstart) and sub-organization isolation limit who can sign what. | ||
| - **Trusted vs. untrusted separation:** Verification and execution run only inside secure enclaves. |
There was a problem hiding this comment.
feels like this says the same thing as *Authenticator-bound requests
| User authentication flows into a signed request to Turnkey. Inside the enclave, the [policy engine](/concepts/policies/overview) evaluates the request; key derivation and signing follow, and only the signature is returned. Your app can then broadcast the transaction through another provider or with [Turnkey Transaction Management](https://docs.turnkey.com/concepts/transaction-management#construction-and-broadcast). For data flow and infrastructure details, see [Embedded Wallets overview](/embedded-wallets/overview) and [Secure enclaves](/security/secure-enclaves). | ||
| User authentication flows into a signed request to Turnkey. Inside the enclave, the | ||
| [policy engine](/concepts/policies/overview) evaluates the request; key derivation and signing | ||
| follow, and only the signature is returned. Your app can then broadcast the transaction through |
There was a problem hiding this comment.
we sign and broadcast in the same activity, there is no way currently to broadcast just a signature currently (I beleive)
| organizationId: process.env.NEXT_PUBLIC_ORGANIZATION_ID!, | ||
| authProxyConfigId: process.env.NEXT_PUBLIC_AUTH_PROXY_CONFIG_ID!, | ||
| }; | ||
| const initResult = await turnkeyClient.apiClient().initImportWallet({ |
There was a problem hiding this comment.
I don't think have an .apiClient, also believe we have some sugared methods you can use here instead of using our httpClient
|
|
||
| const result = await apiClient.pollTransactionStatus({ | ||
| sendTransactionStatusId: txStatusId, | ||
| const walletImportResult = await turnkeyClient.apiClient().importWallet({ |
There was a problem hiding this comment.
same thing here, no apiClient this is a sdk-server thing I believe
3 participants
No description provided.