Client-managed

Privy client-side SDKs enable fully user self-custodial wallets by default via fully-managed authorization keys.

Client-side user authorization keys are session-based authorization keys available via Privy client SDKs, and issued on the user’s device. These authorization keys are managed internally by Privy client SDKs and are used to authenticate with Privy’s wallet API. User authorization keys are only accessible when the user is authenticated.

If you are using Privy via a client-side SDK, user authorization keys are entirely invisible—you do not have to manually interact with authorization keys in order to create or transact with wallets.

Learn more about the User authorization key API architecture here.

​

Signing using client-managed user authorization keys

For some advanced integrations, your app may need to interact with your users’ authorization keys directly. For example, if your app requires 2-of-2 quorum approvals from both the user’s authorization key and a service-controlled key, then you may need to collect a user signature first.

Privy client SDKs enable you to sign with your user’s authorization key directly. Typically, this interface is used to sign user-authorized requests, which are then sent to the Privy wallet API. Include the resulting authorization signature as a request header when making requests to the wallet API.

​

Usage

const { authorizationKey } = useUserAuthorizationKey();

// This is the public key associated with the user's authorization key.
authorizationKey.publicKey;

// Sign a wallet API request using the user's authorization key.
// This generates a P-256 cryptographic signature over the input.
const authorizationSignature = await authorizationKey.request({
  method: 'sign',
  params: walletRequestBody,
});