POST
/
v1
/
wallets
/
{wallet_id}
/
export
curl --request POST \
  --url https://api.privy.io/v1/wallets/{wallet_id}/export \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "encryption_type": "HPKE",
  "recipient_public_key": "<base64-encoded-recipient-public-key>"
}'
{
  "encryption_type": "HPKE",
  "ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
  "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}

This endpoint exports a wallet’s private key using Hybrid Public Key Encryption (HPKE). The following HPKE configuration is supported:

  • KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
  • KDF (Key Derivation Function): HKDF_SHA256
  • AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
  • Mode: BASE
curl --request POST \
  --url https://api.privy.io/v1/wallets/{wallet_id}/export \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "encryption_type": "HPKE",
  "recipient_public_key": "<base64-encoded-recipient-public-key>"
}'
{
  "encryption_type": "HPKE",
  "ciphertext": "N3rWFx85foeomDu8054VcwNBIwPkVNt4i5m2av1sXsXeWrIicVGwutFist12MmnI",
  "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE="
}

Headers

privy-app-id
string
required

ID of your Privy app.

privy-authorization-signature
string

Request authorization signature. If multiple signatures are required, they should be comma separated.

Path Parameters

wallet_id
string
required

ID of the wallet to export.

Body

encryption_type
string
required

Currently only supports HPKE (Hybrid Public Key Encryption).

recipient_public_key
string
required

Base64-encoded public key of the recipient who will decrypt the private key. This key must be generated securely and kept confidential. The public key sent should be in DER or PEM format. It is recommended to use DER format.

Response

encryption_type
string
required

Will be HPKE to indicate Hybrid Public Key Encryption was used.

ciphertext
string
required

Base64-encoded encrypted private key.

encapsulated_key
string
required

Base64-encoded ephemeral public key used in the HPKE encryption process. Required for decryption.