Skip to main content

Overview

The official Go module github.com/0xkey-io/sdk-go provides:
  • Generated API client (go-swagger) for 0xkey activities
  • API key generation and request signing (pkg/apikey)
  • HPKE enclave encryption for OTP and import/export (pkg/enclave_encrypt)
  • Session JWT verification (pkg/crypto)
  • Local key storage (pkg/store/local)
Use it for server-side automation: Company Wallets, delegated access, OTP backends, and batch signing.

Prerequisites

  1. Go 1.21+
  2. A 0xkey organization (Quickstart)
  3. An API keypair registered to that organization (private key stays on your machine)
Generate and register keys with the examples/apikey helper. A standalone 0xkey CLI is Coming soon.

Installation

Current release: v0.1.0 on pkg.go.dev.

Configure API keys

The SDK reads keys from ~/.config/0xkey/keys/ when you pass sdk.WithAPIKeyName("default"). After creating a key with the CLI, ensure the key name matches what you pass to WithAPIKeyName. Alternatively, load a key programmatically:

First request (Whoami)

Runnable copy: examples/whoami.

Custom API host

For staging or local-gateway:
Local HTTP (no TLS):
Enclave-backed flows (email OTP) also need signer/notarizer public keys — see examples/email_otp.

Sub-packages

Import sub-packages independently when you do not need the full sdk.New() wrapper.

Example workflows


Error handling

API errors can be inspected as *runtime.APIError:
Custom logging: sdk.WithLogger(yourLogger) — see Go SDK overview.

Next steps

Delegated access

Policy-scoped backend signing

TypeScript server

Node.js equivalent of server automation

API stamps

How requests are authenticated

pkg.go.dev

Generated API reference