Dfns API Documentation
  • 👋Welcome
  • Getting Started
    • Onboarding to Dfns
    • Dfns Environments
    • Core API Objects
    • Supported Assets
    • Postman
    • Dfns SDKs
    • Dashboard Videos
  • API Docs
    • Introduction
    • Authentication
      • Delegated Authentication
        • Delegated Registration
        • Delegated Registration Restart
        • Delegated Login
      • User Action Signing
        • Create User Action Signature Challenge
        • Create User Action Signature
      • Registration
        • Create User Registration Challenge
        • Complete User Registration
        • Complete End User Registration with Wallets
        • Resend Registration Code
        • Social Registration
      • Login
        • Create User Login Challenge
        • Complete User Login
        • Social Login
        • Logout
        • Send Login Code
      • Users
        • List Users
        • Create User
        • Get User
        • Activate User
        • Deactivate User
        • Archive User
      • Service Accounts
        • List Service Accounts
        • Create Service Account
        • Get Service Account
        • Update Service Account
        • Activate Service Account
        • Deactivate Service Account
        • Archive Service Account
      • Applications
        • List Applications
        • Create Application
        • Create Server-Signed Application
        • Get Application
        • Update Application
        • Activate Application
        • Deactivate Application
        • Archive Application
      • Personal Access Tokens
        • List Personal Access Tokens
        • Create Personal Access Token
        • Get Personal Access Token
        • Update Personal Access Token
        • Activate Personal Access Token
        • Deactivate Personal Access Token
        • Archive Personal Access Token
      • Credentials
        • Credentials Overview
        • API Reference
          • Create Credential Code
          • Create Credential Challenge
          • Create Credential Challenge With Code
          • Create Credential
          • Create Credential With Code
          • Deactivate Credential
          • Activate Credential
          • List Credentials
      • Recovery
        • Send Recovery Code Email
        • Create Recovery Challenge
        • Create Delegated Recovery Challenge
        • Recover User
    • Wallets
      • Create Wallet
      • Update Wallet
      • Delegate Wallet
      • Get Wallet by ID
      • List Wallets
      • Get Wallet Assets
      • Get Wallet NFTs
      • Get Wallet History
      • Tag Wallet
      • Untag Wallet
      • Transfer Asset from Wallet
      • Get Wallet Transfer Request by ID
      • List Wallet Transfer Requests
      • Sign and Broadcast Transaction from Wallet
        • Algorand: Broadcast Transaction
        • Bitcoin/Litecoin: Broadcast Transaction
        • Cardano: Broadcast Transaction
        • EVM: Broadcast Transaction
        • Polkadot: Broadcast Transaction
        • Solana: Broadcast Transaction
        • Stellar: Broadcast Transaction
        • Tezos: Broadcast Transaction
        • TRON: Broadcast Transaction
        • XRP Ledger (aka Ripple): Broadcast Transaction
      • Get Wallet Transaction Request by ID
      • List Wallet Transaction Requests
      • Generate Signature from Wallet
        • Algorand: Generate Signature
        • Aptos: Generate Signature
        • Bitcoin/Litecoin: Generate Signature
        • Cardano: Generate Signature
        • Cosmos Appchain: Generate Signature
        • EVM: Generate Signature
        • Polkadot: Generate Signature
        • Solana: Generate Signature
        • Stellar: Generate Signature
        • Tezos: Generate Signature
        • TRON: Generate Signature
        • TON: Generate Signature
        • XRP Ledger (aka Ripple): Generate Signature
        • Pseudo Networks (All other chains): Generate Signature
      • Get Wallet Signature Request by ID
      • List Wallet Signature Requests
      • Advanced Wallet APIs
        • Import Wallet
        • Export Wallet
    • Fee Sponsors
      • Create Fee Sponsor
    • Keys
      • Create Key
      • Get Key by ID
      • List Keys
    • Networks
      • Estimate fees
      • Read Contract
    • Policy Engine
      • Policies Overview
      • API Reference
        • Create Policy
        • Get Policy
        • List Policies
        • Update Policy
        • Archive Policy
        • Get Approval
        • List Approvals
        • Create Approval Decision
    • Permissions
      • Permissions Overview
      • API Reference
        • Get Permission
        • List Permissions
        • Create Permission
        • Update Permission
        • Archive Permission
        • Assign Permission
        • Revoke Permission
        • List Permission Assignments
    • Webhooks
      • Create Webhook
      • Get Webhook
      • List Webhooks
      • Update Webhook
      • Delete Webhook
      • Ping Webhook
      • Get Webhook Event
      • List Webhook Events
    • Dfns Change Log
    • API Errors
  • Integrations
    • Exchanges
      • Exchange Configuration
        • Kraken Setup
        • Binance Setup
        • Coinbase Prime Setup
      • API Reference
        • Create Exchange
        • List Exchanges
        • Get Exchange
        • Delete Exchange
        • List Exchange Accounts
        • List Exchange Account Assets
        • Create Exchange Deposit
        • Create Exchange Withdrawal
    • AML / KYT
      • Chainalysis
    • Staking
      • API Reference
        • Create Stake
        • Create Stake Action
        • List Stakes
        • List Stake Actions
        • get Rewards
    • Fiat On/Off-Ramps
    • Account Abstraction on EVMs
  • Advanced Topics
    • Authentication
      • API Authentication
      • Request Headers
      • Credentials
        • Generate a Key Pair
        • User Credentials
        • Access Token Credentials
        • Storing WebAuthn Credentials in Password Managers
      • Request Signing
      • API objects
    • Delegated Signing
    • API Idempotency
    • FAQ
  • Guides
    • Passkey Settings - Migration guide
Powered by GitBook
On this page
  • Required Permissions
  • Wallet Export Flow
  • Request body
  • 200 Response example
  1. API Docs
  2. Wallets
  3. Advanced Wallet APIs

Export Wallet

POST /wallets/{walletId}/export

  • This endpoint is not enabled by default. Contact Dfns to have it activated.

  • User action signature required. See User Action Signing for more information.

  • Request headers required. See Request Headers for more information.

  • Authentication required. See Authentication Headers for more information.

Dfns secures private keys by generating them as MPC key shares in our decentralized key management network. Our goal is to eliminate all single points of failure (SPOFs) associated with blockchain private keys.

In certain circumstances, however, customers require Dfns to export a wallet (export its private key) . In this case, Dfns exposes the following endpoint which can be used in conjunction with our export SDK.

Dfns can not guarantee the security of exported keys as we have no way to control blockchain transactions once the single point of failure has been reconstituted. For this reason, this feature is restricted to customers who have signed a contractual addendum limiting our liability for exported keys. Additionally, exported keys can no longer be used to sign within the Dfns platform. Please contact your sales representative for more information.

Required Permissions

Name
Conditions

Wallets:Export

Always Required

Wallet Export Flow

The wallet private key which you need to export, will never be transmitted through Dfns system in one piece, or in clear (un-encrypted). The process follows this flow:

  1. On your side (client-side), with the help of our export SDK library, you create an "export context" locally. This will generate an encryption/decryption key pair to perform the export in a secure way. This step corresponds to this line in our SDK wallet export example.

  2. You then call the Wallet Export endpoint, providing the API with the previous encryption key for secure export. This step corresponds to this line in our SDK wallet export example.

  3. On Dfns side, the export encryption key gets transmitted to each node of your Signing Cluster (Your Signing Cluster is the network of nodes, also referred as "signers", where your wallet private key shares are securely stored). Each signer node will encrypt the corresponding key share to be exported. All encrypted key shares are then transmitted back to you.

  4. On your side (client-side), with the help of our export SDK library, you will then decrypt each encrypted key share, and re-compose the key shares into a single private key (the wallet private key). This step corresponds to this line in our SDK wallet export example.

Request body

Property
Type - Required/Optional
Description

encryptionKey

String - Required

The public key of an asymmetric key pair used to encrypt the key shares prior to transmission.

supportedSchemes

Object Array - Required

An object with the format shown below.

supportedSchemes

Property
Type - Required/Optional
Description

protocol

String - Required

Always "CGGMP21" for now. Additional signature schemes will be added in the future.

curve

String - Required

Always "secp256k1" per above.

Example JSON

{
    "encryptionKey": "AQNiFCgqtXFvRdNVciLzZ0hjZxumwtP0hfCrUDsymzWU5A==",
    "supportedSchemes": [
        {
            "protocol": "CGGMP21",
            "curve": "secp256k1"
        }
    ]
}

200 Response example

{
    "publicKey": "0363fd944987c22382c2f34f8ffc53e1fc1e2def96baacd9cbaa5ff51bfb308e2b",
    "minSigners": 3,
    "curve": "secp256k1",
    "protocol": "CGGMP21",
    "encryptedKeyShares": [
        {
            "signerId": "9R4OQb12f8PrEQwFmwZ58ZsNHs6EcGQPWF3fSzhXbVk=",
            "encryptedKeyShare": "Op1j4tQYry0GA5rCgqNXoP+feWxdCNLwkx0rS6GKPD/JtfuXAIwEhurlo60ckAo2L/w5KLoq8RH41GR2TlNJgcvtqa2a+hCgeM/X86hjeqhqWaKq50PkNS1RxrIgrzuL3UkxyvStYyiZMcdWalSYCSrE5rJ61dSD+EpflX34VjAC2GnNa+T3TNam9455tCp56HqNaqDsEXTg+rvEkYs8VxSBm9enRbRepZvQ0YU+vvJotn5rkef7R8aR++Y1sfcKWMG8b4ivdDth1jdFXDmogq94nwloRlohmRaaoSRU6A7HwbDcgwreV/MDcOMK7n8QgSGDw17o/JID4OUtkL7V5P5Jm9ENVp5d1I/UdoRONTk9zlGMcb4Qje8="
        },
        {
            "signerId": "lGcHWQmdLtJ+4S+RIBFq704/Nox2bugUctVeLL0wPW8=",
            "encryptedKeyShare": "617Qp7YyF+tlbNzsGF1dmnLlm2F6CFBVpwSg/o2RWAyUmCQAULPn0yXXFmYqCJuJ93wPhXeA2GMXjbZDTMRtSpI1BRxBAtDaQSgQeO2z59/VxXoFvCQMCl+QsrwzoisAnS3qG7HnpltT53Bf5B8h5k/Ezb0zMWFrz2y6X9Oodh/yIQDtCUIUgImkKtfTApOLOZgR+o0xcljLR5w2uqDNS1ED16ZXLocLqt3gqhxfApHNT5WsT6q3P02svUn9uztts8LZliAyBZxted1rqVPaoTjrmGoOCjJdTk4PP7EuYGa7o9C69jmdJycPXjyuWQFp8fo+nNwm5qEC+oPG7aeoC8A2r1x1b/O8HjGxSl+pjY+Z/shaIg+5Xzw="
        },
        {
            "signerId": "EX5PdJFcutVTJCgAcSGGGy264JwnrOLLyrZIqMHG67I=",
            "encryptedKeyShare": "YvUd5t8yNxilhZujk3QUaTDy/ZL4smL3s9Av82dQTpoV6BnWq3EZfPVjiYSB64o5Louq7PCmqzuP/30A35RSPFEYexIRlS6koIcod3J/mmVeV/Huw1D+J9xBfanCN1FgsnO4zlLRSpNmysuBRgkHV7KHf0rbMVQkDa6daZa8CMahMW15ASLx8Tmfg7xA22VgFI9emXMwi55RDsn4xFL238lrGKjfKUcf6awxNX62/9o6A2FehoFIOVDX/4nRXysa4mqRNhNF2PIOZYr5UtraTeyO+xvASMgvr4UH49YFFbKkf3YrEp9u/FPmeahD4kRal56tXYjRQ2kCAl2H2Qy5SOi0G3knL7e3rAcIHArimmd4bqujVLT2igI="
        },
        {
            "signerId": "ZokM6nUhGXHYhtQYE/NTeBEz5udvx13Ympcd1raQ4Fc=",
            "encryptedKeyShare": "W8pFNu7hpLBHCk4xnR7sIxZKfEEiRNTG5oWyemDGoaZ+qqJ7rzLVbpK0MdkNNVU9NSRMr3pIpDKvo2VkwZq+PDhfNaHHOOHexlzPIcu5pfRS/RlJWZAue5Ems1zNkM13qKLjkarvwNVCfoUUTtUGnzfFw34W/JvkMA3yOTFs0B8EyCfrtiEixrzPgvmM9/D3Nej3nzZRkLCImralwMxOUFj/xo9DG4y7KiAICiMk1v36tgXHj7jo5sC+Z2JVzNHRsg/zNshUeuTlb7vy5cgkXXuz4EO6nivJOvCNuOPPMIQlx8AA/ATxWt1ZS2+IgWwr/BjEqXW9xEMCLpXQwOoO+7SKR4C7d3goG5OZweGYKHwQDc6f47HQmo4="
        },
        {
            "signerId": "KaGnB8iWVpRKBRh+/sAJ0gz1cAZtjhHPufGRgkOXENo=",
            "encryptedKeyShare": "7ZZMXgm31nIA3Dhaq45GzAbis67Eq7IQoy3orM/xm0x8xOmM/EXj1vWiC0PXx/vnFvdHg/jQSfBEBeQV0lV/lvVUEJD3D4rD+7GffEkNLIz71gKlJ4pZYyPnDcXSzsrcapREWa4j6ZGVNEYrjcXroVbLqa8xhStww5E0XTdQ0RMLKcmzEyDeF5BQuZKik2Q8JRqJmGhwtwxdCkG2SR4m28BbIHGJzKkQDCW92dq6Wls2rpf1Y0aaVzOYEJkbib8g0ulZS4EdR7FF/mp4cAAuZPWhoxA9RB6Z3WQUvuH7fIOZ1t43XF+nQ1WYgXKqnv48r4gsuLjy+9oD7xDydjqrbIF0c6gqYRdcR8z/CjYaGrHxAEdbauioNwo="
        }
    ]
}

Last updated 1 year ago