POST
/
v1
/
wallets
/
{wallet_id}
/
export
curl --request POST \
  --url https://api.privy.io/v1/wallets/{wallet_id}/export \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "encryption_type": "HPKE",
  "recipient_public_key": "<base64-encoded-recipient-public-key>"
}'

{
  "encryption_type": "HPKE",
  "ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
  "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}

This endpoint exports a wallet’s private key using Hybrid Public Key Encryption (HPKE). The following HPKE configuration is supported:

  • KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
  • KDF (Key Derivation Function): HKDF_SHA256
  • AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
  • Mode: BASE
curl --request POST \
  --url https://api.privy.io/v1/wallets/{wallet_id}/export \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "encryption_type": "HPKE",
  "recipient_public_key": "<base64-encoded-recipient-public-key>"
}'

{
  "encryption_type": "HPKE",
  "ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
  "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}

​
Headers

​
privy-app-id
string
required

ID of your Privy app.

​
privy-authorization-signature
string

Request authorization signature. If multiple signatures are required, they should be comma separated.

​
Path Parameters

​
wallet_id
string
required

ID of the wallet to export.

​
Body

​
encryption_type
string
required

Currently only supports HPKE (Hybrid Public Key Encryption).

​
recipient_public_key
string
required

Base64-encoded public key of the recipient who will decrypt the private key. This key must be generated securely and kept confidential.

​
Response

​
encryption_type
string
required

Will be HPKE to indicate Hybrid Public Key Encryption was used.

​
ciphertext
string
required

Base64-encoded encrypted private key.

​
encapsulated_key
string
required

Base64-encoded ephemeral public key used in the HPKE encryption process. Required for decryption.