Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.0xkey.io/llms.txt

Use this file to discover all available pages before exploring further.

00 / OVERVIEW
0xkey is the programmable account layer for applications that need real private keys. Every signing operation runs inside a Trusted Execution Environment (TEE); raw keys never leave the enclave. Whether you’re building DeFi, payments, or AI agents, 0xkey gives you the cryptographic primitives and authentication surface to ship securely.

Quickstart

Set up your organization and make your first API call

Embedded Wallets

Create in-app wallets for your users

Company Wallets

Institutional signing automation (coming soon)

API reference

Explore all available endpoints

Roadmap

See what’s available today vs. coming soon

What 0xkey provides

0xkey’s Phase 1 focus is Embedded Wallets and public API compatibility. All private key operations are performed inside TEE enclaves — raw keys never leave the enclave boundary.

Embedded Wallets

Create wallets on behalf of your users with a fully customizable authentication layer.
FeatureDescription
AuthenticationPasskeys (WebAuthn), Email OTP, SMS OTP (Partial — API only), Email magic-link, Google OIDC
Sub-organizationsEach user gets a fully isolated organization
SessionsRead-write / read-only API key sessions with HPKE credential bundles
Policy engineCEL-based policies with EVM, Solana, and EIP-712 transaction contexts
Signingsecp256k1, Ed25519, P-256 inside the enclave; address derivation for all major chains
Embedded Wallet KitTypeScript / React (@0xkey-io/react-wallet-kit) and an Auth Proxy for backend forwarding
In-enclave transaction parsing and policy contexts cover EVM and Solana today; other chains support address derivation + raw signing only. On-chain broadcast is not yet wired (Phase 1 returns a mock for eth_send_raw_transaction and errors for high-level send activities). See the Roadmap for the full status matrix.

Company Wallets

Institutional signing automation with role-based policies and multi-party approvals — see Company Wallets (coming soon). Phase 1 focuses on Embedded Wallets; see the Roadmap.

Core concepts

0xkey uses a hierarchical model of organizations, users, and wallets. Instead of directly managing private keys, wallets are accessed through authenticators.
  • Organizations — top-level entities that represent your application
  • Sub-organizations — isolated organizations for each end user; parent orgs cannot modify their contents
  • Users — resources within an org that submit activities via credentials (API key, passkey, OAuth)
  • Wallets — HD seed phrases that derive multiple chain accounts
  • Policies — govern all signing activities; root users can bypass the policy engine
  • Activities — any state-changing operation (sign, create, update) submitted to the API
Read the full Concepts overview for details.

Architecture

0xkey runs all security-critical workloads inside secure enclaves powered by QuorumOS. Key properties:
  • Raw private keys are never exposed to 0xkey engineers, your software, or your team
  • Every organization change is cryptographically stamped inside the enclave before the policy engine acts on it
  • No single engineer can deploy enclaves or reconstruct secrets
Learn more in the Security section.

Start building

Account setup

Create your organization and API keypair

Embedded Wallet quickstart

Integrate wallets in minutes with the Wallet Kit

Authentication

Passkeys, OTP, OAuth, and email auth

API overview

Stamps, queries, and activity submissions