> ## Documentation Index
> Fetch the complete documentation index at: https://docs.privy.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Self-custodial user wallets

Common flows to create self-custodial user wallets include:

* **Creating wallets with a user owner.** This configures wallets such that users are the only entity that can update policies, update owners, add signers, and export the wallet. If you create wallets via one of Privy's client-side SDKs, your app's wallets are automatically created with user owners.
* **Creating wallets with a *1-of-n* key quorum, where one element of the key quorum is the user**. This gives users full permissions over their wallet, while enabling other parties to easily update wallets (e.g. policies and signers) and take actions with them.

You can extend self-custodial user wallets to support various use cases, as outlined below.

### Enabling offline actions

Many apps want to configure user wallets such that apps can take certain actions with these wallets, even when the user is offline. This includes use cases like **limit orders, agentic trading on behalf of users (e.g. with a Telegram bot), or portfolio rebalancing.**

For offline actions, Privy generally recommends:

<Steps>
  <Step title="Create a wallet with a user owner">
    To ensure the wallet can only be updated by the user, create the wallet with a user owner. If
    you use one of Privy's client-side SDKs to create wallets, wallets are created with a user owner
    by default.
  </Step>

  <Step title="Add an authorization key as an additional signer">
    Next, add an authorization key controlled by your server as an additional signer on the wallet.
    You can also configure the additional signer to have a specific set of policies associated with
    it, restricting the actions it can take. You can do this via one of Privy's [client-side
    SDKs](/wallets/using-wallets/signers/overview) or [REST
    API](/wallets/wallets/create/create-a-wallet)
  </Step>

  <Step title="Execute scoped transactions with your additional signer">
    Your additional signer can now execute actions, such as signing messages or sending
    transactions, subject to its policies. These actions can occur while the user is offline.
  </Step>
</Steps>

### Enabling wallet updates from the server

Many apps want the server to be able to update a wallet, such as updating the policies or signers associated with a wallet, even when the user is offline.

For server-side wallet updates, Privy generally recommends:

<Steps>
  <Step title="Create a wallet with a 1-of-k key quorum">
    Create your wallet with a *1-of-k* key quorum, whose elements include at least a **user owner**
    and an **authorization key** controlled by your server. You can do this via Privy's [REST
    API](/wallets/wallets/create/create-a-wallet).
  </Step>

  <Step title="Add an authorization key as an additional signer">
    Next, add an authorization key controlled by your server as an additional signer on the wallet.
    You can also configure the additional signer to have a specific set of policies associated with
    it, restricting the actions it can take. You can do this via one of Privy's [client-side
    SDKs](/wallets/using-wallets/signers/overview) or [REST
    API](/wallets/wallets/create/create-a-wallet)
  </Step>

  <Step title="Update the wallet with your authorization key">
    As a satisfying member of the key quorum that owns the wallet, **your server's authorization key
    can unilaterally update the policies and additional signers assigned to the wallet**. This
    enables your app to update wallet configurations, even when users are offline.
  </Step>
</Steps>

### Sending transactions from your server

Many apps would like users to explicitly authorize transactions, but to send transaction requests from their server for increased reliability, retries, and various other use cases.

To send transactions from your server by default:

<Tabs>
  <Tab title="Using Privy as your authentication provider">
    <Steps>
      <Step title="Create wallets with a user owner">
        To ensure the wallet can only be controlled by the user, create the wallet with a user
        owner. If you use one of Privy's client-side SDKs to create wallets, wallets are created
        with a user owner by default.
      </Step>

      <Step title="Request a signature over your transaction request">
        [Construct your transaction request](/controls/authorization-keys/using-owners/sign) and use
        Privy's [client-side SDKs'
        methods](/controls/authorization-keys/using-owners/sign#react%2C-expo) to have the user sign
        the transaction request.
      </Step>

      <Step title="Execute the transaction request from your server">
        Send your user's authorization signature from your client to your server, and [send your
        transaction request](/controls/authorization-keys/using-owners/action) with the user's
        signature to Privy's API.
      </Step>
    </Steps>
  </Tab>

  <Tab title="Using your own authentication provider">
    <Steps>
      <Step title="Create wallets with a user owner">
        To ensure the wallet can only be controlled by the user, create the wallet with a user
        owner. If you use one of Privy's client-side SDKs to create wallets, wallets are created
        with a user owner by default.
      </Step>

      <Step title="Request a user key">
        Next, given a user's access token from your authentication provider, [request a user
        key](/controls/authorization-keys/keys/create/user/request) from Privy's API. You will use
        this key to sign transaction requests to Privy's aPI.
      </Step>

      <Step title="Sign the request with your user key">
        Next, [construct your transaction request](/controls/authorization-keys/using-owners/sign)
        and use Privy's [sign the transaction
        request](/controls/authorization-keys/using-owners/sign) with the user key
      </Step>

      <Step title="Execute the transaction request from your server">
        Send your user's authorization signature from your client to your server, and [send your
        transaction request](/controls/authorization-keys/using-owners/action) with the user's
        signature to Privy's API.
      </Step>
    </Steps>
  </Tab>
</Tabs>

### Requiring users and servers to approve transactions

Many apps want to require both users and servers to approve transactions. This can be used to enhance the security of your application; for example, by requiring the server to approve transactions, compromise of a user's account cannot be used to unilaterally take action with the user's wallet.

To enable a configuration where both users and servers must approve transactions, Privy recommends the following:

<Steps>
  <Step title="Create a wallet with a m-of-k key quorum, with m ≥ 2">
    Create your wallet with a *m-of-k* key quorum with *m ≥ 2*, whose elements include at least a
    **user owner** and an **authorization key** controlled by your server. You can do this via
    Privy's [REST API](/wallets/wallets/create/create-a-wallet).
  </Step>

  <Step title="Have users and server(s) both sign transaction requests">
    Next, construct your transaction request and have
    [users](/controls/authorization-keys/owners/configuration/user#sending-transactions-from-your-server)
    *and* [servers](/controls/authorization-keys/using-owners/sign) sign the transaction request.
  </Step>

  <Step title="Execute your transaction request with the user and server signature">
    Next, construct your transaction request and have
    [users](/controls/authorization-keys/owners/configuration/user#sending-transactions-from-your-server)
    *and* [servers](/controls/authorization-keys/using-owners/sign) sign the transaction request.
  </Step>
</Steps>

### Exporting wallets from the server

Many apps want the server to to have the ability to export the private key for a user's wallet. This can be used to self-host a recovery site where users can export their private key outside of your core application.

To enable this, Privy generally recommends:

<Steps>
  <Step title="Create a wallet with a 1-of-k key quorum">
    Create your wallet with a *1-of-k* key quorum, whose elements include at least a **user owner**
    and an **authorization key** controlled by your server. You can do this via Privy's [REST
    API](/wallets/wallets/create/create-a-wallet).
  </Step>

  <Step title="Export the wallet from your server">
    As a satisfying member of the key quorum that owns the wallet, **your server's authorization key
    can unilaterally export the wallet**. Follow [this guide](/wallets/wallets/export) to export the
    private key for your user's wallet from the server.
  </Step>
</Steps>