Skip to main content
POST
https://api.privy.io
/
v1
/
wallets
/
{wallet_id}
/
export
curl --request POST \
  --url https://api.privy.io/v1/wallets/{wallet_id}/export \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "encryption_type": "HPKE",
  "recipient_public_key": "<base64-encoded-recipient-public-key>"
}'

{
  "encryption_type": "HPKE",
  "ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
  "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}
This endpoint exports a wallet’s private key using Hybrid Public Key Encryption (HPKE). The following HPKE configuration is supported:
  • KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
  • KDF (Key Derivation Function): HKDF_SHA256
  • AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
  • Mode: BASE
curl --request POST \
  --url https://api.privy.io/v1/wallets/{wallet_id}/export \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "encryption_type": "HPKE",
  "recipient_public_key": "<base64-encoded-recipient-public-key>"
}'

{
  "encryption_type": "HPKE",
  "ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
  "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}

Headers

privy-app-id
string
required
ID of your Privy app.
privy-authorization-signature
string
Request authorization signature. If multiple signatures are required, they should be comma separated.

Path Parameters

wallet_id
string
required
ID of the wallet to export.

Body

encryption_type
string
required
Currently only supports HPKE (Hybrid Public Key Encryption).
recipient_public_key
string
required
Base64-encoded public key of the recipient who will decrypt the private key. This key must be generated securely and kept confidential. The public key sent should be in base64-encoded DER format.

Response

encryption_type
string
required
Will be HPKE to indicate Hybrid Public Key Encryption was used.
ciphertext
string
required
Base64-encoded encrypted private key. The private key format depends on the wallet type: base58 for Solana wallets, hex for EVM wallets.
encapsulated_key
string
required
Base64-encoded ephemeral public key used in the HPKE encryption process. Required for decryption.