Authorization for wallet transactions

The Xyxyx API requires an authorization key for any on-chain operation (e.g., minting or transferring tokens, or deploying contracts). You have two primary options for providing this authorization:

Use your existing wallet private key to sign transactions for as many operations as you need.
Generate single-transaction (or limited-use) keys that grant only a constrained level of authority — often just for one operation or a fixed set of operations.

Below, we discuss each approach in detail, including tool suggestions for generating single-transaction or limited-use keys.

1. Using your wallet private key

Overview You provide your existing wallet private key each time you call the API, allowing all signed transactions to originate from that wallet.

Advantages

Simplicity: Setup is straightforward. You already have a private key; just provide it when making API requests.
No repeated key generation: You don’t need to create new keys for every transaction.

Considerations

Security risk: If your private key is leaked, an attacker could sign unlimited transactions without further approval.
User responsibility: The Xyxyx API does not store your private key. You must protect it and supply it securely for each request.

This approach is best suited for frequent transactions where managing multiple, short-lived keys would be cumbersome.

2. Using single-transaction (or limited-use) keys

Overview Single-use or limited-use keys provide fine-grained authorization. They can be configured so they are only valid for one transaction, or they may expire after a certain time or number of uses. This approach significantly reduces the risk of ongoing wallet exposure.

Advantages

Enhanced security: Even if the key is compromised, the attacker can only submit transactions that the key was specifically authorized to handle.
Granular control: Each transaction authorization is discrete, preventing accidental reuse.

Considerations

Repeated setup: You must generate a new key or signature for each transaction or batch of transactions.
Additional complexity: Some solutions may require specialized smart contracts or scripts to manage key validity or expiration.

This method is ideal for high-value operations or any scenario where limiting the scope of each transaction is paramount.

Tool Suggestions and How to Generate Limited-Use Keys

1. Ephemeral Wallet Generation with Ethers

Ethers.js Library
- A straightforward way to create a new wallet is using functions like ethers.Wallet.createRandom().
- Fund this ephemeral wallet only with the amount of ETH or tokens needed for a single transaction.
- Provide the ephemeral wallet’s private key to the Xyxyx API for one-time use.
- After the transaction completes, discard or drain the wallet, ensuring no lingering value remains.

2. Gnosis Safe (Multi-Sig / Module Approach)

Multiple Signature Workflow
- Deploy a Gnosis Safe and authorize specific modules or sub-accounts for limited, single-transaction actions.
- This can be extended with Safe Modules to restrict spending limits or transaction counts.

3. OpenZeppelin Defender or Relayers

Managed Infrastructure
- Platforms like OpenZeppelin Defender offer “Relayers” that store a key and can be configured to only sign specific transactions or enforce a time/window limit.
- This allows you to delegate minimal authority to a service which then orchestrates exactly one or a limited number of transactions on your behalf.

4. Meta-Transaction Services (e.g., Biconomy, Gas Station Network)

Abstracted Gas & Permissions
- You generate a signature for a single operation, and the meta-transaction provider executes it on-chain.
- This method can prevent your main private key from ever being directly used by the DApp or API.

Which approach is right for you?

Frequent, Low-to-Moderate Risk Transactions
- If your operations are routine and you trust the environment where you provide the key, using a single wallet private key may be enough.
- Ensure you follow strong key management and operational security practices.
High-Value or Security-Critical Operations
- When you cannot risk your primary wallet’s exposure, or your use case demands ultra-fine control, single-transaction (limited-use) keys are the safer choice.
- Tools like ephemeral wallets, Gnosis Safe modules, or meta-transaction relayers can give you peace of mind and limit potential damage in case of a breach.

Summary

Whether you opt for a full private key or single-transaction/limited-use key, the Xyxyx API supports secure blockchain transactions on your behalf. Single-transaction keys add a layer of protection for high-risk scenarios, while reusing your main private key is often simpler for ongoing, automated tasks. By choosing the right method — and the right tools — you can balance convenience with the level of security you require.

PreviousA4 NextFunction insights

Last updated 22 days ago

Authorization for wallet transactions

The Xyxyx API requires an authorization key for any on-chain operation (e.g., minting or transferring tokens, or deploying contracts). You have two primary options for providing this authorization:

Use your existing wallet private key to sign transactions for as many operations as you need.
Generate single-transaction (or limited-use) keys that grant only a constrained level of authority — often just for one operation or a fixed set of operations.

Below, we discuss each approach in detail, including tool suggestions for generating single-transaction or limited-use keys.

1. Using your wallet private key

Overview You provide your existing wallet private key each time you call the API, allowing all signed transactions to originate from that wallet.

Advantages

Simplicity: Setup is straightforward. You already have a private key; just provide it when making API requests.
No repeated key generation: You don’t need to create new keys for every transaction.

Considerations

Security risk: If your private key is leaked, an attacker could sign unlimited transactions without further approval.
User responsibility: The Xyxyx API does not store your private key. You must protect it and supply it securely for each request.

This approach is best suited for frequent transactions where managing multiple, short-lived keys would be cumbersome.

2. Using single-transaction (or limited-use) keys

Advantages

Enhanced security: Even if the key is compromised, the attacker can only submit transactions that the key was specifically authorized to handle.
Granular control: Each transaction authorization is discrete, preventing accidental reuse.

Considerations

Repeated setup: You must generate a new key or signature for each transaction or batch of transactions.
Additional complexity: Some solutions may require specialized smart contracts or scripts to manage key validity or expiration.

This method is ideal for high-value operations or any scenario where limiting the scope of each transaction is paramount.

Tool Suggestions and How to Generate Limited-Use Keys

1. Ephemeral Wallet Generation with Ethers

Ethers.js Library
- A straightforward way to create a new wallet is using functions like ethers.Wallet.createRandom().
- Fund this ephemeral wallet only with the amount of ETH or tokens needed for a single transaction.
- Provide the ephemeral wallet’s private key to the Xyxyx API for one-time use.
- After the transaction completes, discard or drain the wallet, ensuring no lingering value remains.

2. Gnosis Safe (Multi-Sig / Module Approach)

Multiple Signature Workflow
- Deploy a Gnosis Safe and authorize specific modules or sub-accounts for limited, single-transaction actions.
- This can be extended with Safe Modules to restrict spending limits or transaction counts.

3. OpenZeppelin Defender or Relayers

Managed Infrastructure
- Platforms like OpenZeppelin Defender offer “Relayers” that store a key and can be configured to only sign specific transactions or enforce a time/window limit.
- This allows you to delegate minimal authority to a service which then orchestrates exactly one or a limited number of transactions on your behalf.

4. Meta-Transaction Services (e.g., Biconomy, Gas Station Network)

Abstracted Gas & Permissions
- You generate a signature for a single operation, and the meta-transaction provider executes it on-chain.
- This method can prevent your main private key from ever being directly used by the DApp or API.

Which approach is right for you?

Frequent, Low-to-Moderate Risk Transactions
- If your operations are routine and you trust the environment where you provide the key, using a single wallet private key may be enough.
- Ensure you follow strong key management and operational security practices.
High-Value or Security-Critical Operations
- When you cannot risk your primary wallet’s exposure, or your use case demands ultra-fine control, single-transaction (limited-use) keys are the safer choice.
- Tools like ephemeral wallets, Gnosis Safe modules, or meta-transaction relayers can give you peace of mind and limit potential damage in case of a breach.

Summary

PreviousA4 NextFunction insights

Last updated 22 days ago