Welcome to the dynamic world of Web3. Whether you're a seasoned blockchain enthusiast or stepping into the decentralized sphere for the first time, this guide tailored for Developer-Controlled Wallets using Circle's Web3 Services Console awaits.
Harness the power of Web3 technology to provide an unparalleled experience for your users, while maintaining full control and enhanced security over their wallets. Let's take a peek at the standout features that make the Web3 Services Console an irresistible choice for your application
Advanced Security
Benefit from MPC technology, which eliminates single points of failure and enhances security against unauthorized access and theft.
Innovative Blockchain Functionality
Grant users access to digital currencies, NFTs, and other blockchain-powered experiences with ease.
Blockchain Agnostic
Build once, deploy across multiple blockchains, such as Ethereum, Polygon, and Avalanche.
Reliable Operations Monitoring
Built-in transaction logs, user-level monitoring, and error reporting help you troubleshoot and support your users effectively.
Instant Access
Get started immediately, with pay-as-you-go pricing and no upfront fees or contracts.
Before we dive in, there's a special feature we'd like to introduce that can significantly enhance your learning and experimenting experience: our "Try It Out" components.
Our Postman provides you with an interactive environment where you can directly test API requests in the simplest way possible.
As you navigate through the tutorial, you'll notice certain steps come with a "Try It Out" option. All you need to do is input the necessary details into the provided fields and send the request. You'll receive instant feedback and can see how the request would function in a real-world setting.
Please note that the input parameters of the 'Try It Out' component may differ from those of the actual endpoint. For instance, we automatically generate the Entity Secret Ciphertext to simplify the process and ensure a better experience for you.
Your data's security is our utmost priority. When using our "Try It Out" components, data is only stored within the context of the current page. This means a simple page refresh clears all input information and removes it. It's therefore a secure, risk-free environment for you to play around in.
However, if you still have concerns about security or simply don't wish for certain details to be used in any manner, you're not obliged to use this feature. It's an additional offering and in no way mandatory.
Upon completing this tutorial, you also have the option to delete your API key and rotate your Entity Secret should you choose to do so.
If you already have an account, you can skip straight to creating your API key and experiencing the power of the Web3 Services Console firsthand!
Unlock the myriad of features in this Quickstart guide with an account on Circle's Web3 Services Console.
Unlock the myriad of features in this Quickstart guide with an account on Circle's Web3 Services Console.
To truly harness the power of our Web3 Services Platform, you'll need an API key. Think of this key as your personalized handshake with our APIs; it's your passport to Web3 awesomeness.
Before we dive in, let's distinguish between two crucial concepts: Testnet and Mainnet.
Sandbox
Testnet is your practice field. It's a sandbox environment designed for testing and refining your applications. Here, you can freely experiment and validate your use cases without risking real assets because the transactions do not involve actual digital currencies.
Production
Conversely, Mainnet is the actual playing field. It's the live network where real transactions occur, using real digital currencies. Actions on the Mainnet yield immediate results and deal with actual assets.
While jumping straight into Mainnet might be tempting, it's essential to first validate your use cases in Testnet. This gives you the opportunity to ensure everything works as intended before deploying in a live, real-stakes environment. Transitioning to Mainnet is a breeze once you've thoroughly tested on Testnet.
For the purposes of this tutorial, and to ensure a risk-free learning experience, we'll be focussing on Testnet. The Testnet API key acts as your passport to this sandbox environment.
For this guide, you'll be setting up a restricted API key. This key only interacts with Developer Controlled Wallets, ensuring safety and simplicity.
-
1
Make sure you're logged into our Web3 Services Console.
-
2
Open up your API key section and create a new API key through the CTA in the top right corner. Open API Key Section
-
3
Assign a name to your new key, choose Restricted Key and ensure permissions are only set for Programmable Wallets.
-
4
Once generated, copy your key and store it safely. This is crucial. We will not be able to show it to you again. Do not share it publicly! #ADD THIS TO POSTMAN#
With your Testnet API key in hand you're now primed to:
Experiment with confidence
Test applications, smart contracts and other blockchain innovations without fearing real-world consequences. Mistakes here come with zero financial risk.
Leverage universal compatibility
Testnet prepares you for deployments on multiple blockchains. Whether it's Ethereum, Polygon or Avalanche, you'll get a feel for how your solutions interact across diverse ecosystems.
Foster innovation
Unleash your creativity and brainstorm new blockchain solutions. In the Testnet environment, you're free to innovate without constraints.
Work in swift iterations
Quickly iterate and refine your projects based on feedback and test results. The flexible nature of Testnet allows for rapid prototyping, enabling faster progress and improved outcomes.
Welcome to another crucial aspect of Developer-Controlled Wallets: The Entity Secret.
At its core, the Entity Secret is a powerful 32-byte key specifically designed to fortify the security of Developer Controlled wallets. But it's not just about complexity; it's about the unique properties it brings to the table.
Exclusivity
It's a string created by you, and only you are privy to it. It's your secret password, your individualized cryptographic stamp.
Enhanced Security for Critical API Requests
Actions like creating wallets or initiating transactions? They all require this secret. By appending the encrypted Entity Secret to these requests, you're adding an extra layer of verification and security.
Dynamic Protection
The need to re-encrypt the Entity Secret for every new relevant API request ensures that a static, potentially compromised variable is never exposed. Each request becomes unique, enhancing security against malicious attacks.
Sole Authority
Our platform does not store the Entity Secret. It's a double-edged sword: it ensures only you can invoke private keys, maintaining your control. But it also puts the onus on you to safeguard this secret diligently.
The Entity Secret is a testament to the trust and power our platform bestows upon its developers. With it, you can seamlessly access the myriad features of developer-controlled wallets while ensuring their robust security. However, with such power comes significant responsibility. The management, encryption, and updating of the Entity Secret falls squarely on your shoulders.
This essence of mutual trust and shared responsibility epitomizes the decentralized spirit of the web3 world. You're not just a developer; you're a custodian of security, an advocate of decentralized power.
Feeling the gravity? Don't worry! We will guide you on managing this secret effectively.
openssl rand -hex 32
Remember to keep it safe. It's like the key to your home; you wouldn't want to lose it or give it away. Securely store it, as you'll need it to create an Entity Secret Ciphertext in the following steps. And remember, your secret key is just that, a secret. Keep it confidential and secure at all times!
Now that you've generated your unique Entity Secret, let's take the next pivotal step. We'll be converting this secret into a Ciphertext and registering it. Once that's out of the way, you'll be primed to create your first wallet. Exciting, isn't it?
The first thing you'll need is your entity's public key, accessible through our APIs with the help of your API key. This key is pivotal: it's the tool that will encrypt your Entity Secret, ensuring its contents remain between you and us, and no one else.
const fetch = require('node-fetch'); const url = 'https://api.circle.com/v1/w3s/config/entity/publicKey'; const options = { method: 'GET', headers: {'Content-Type': 'application/json', Authorization: 'Bearer <YOUR_API_KEY>'} }; fetch(url, options) .then(res => res.json()) .then(json => console.log(json)) .catch(err => console.error('error:' + err));**Try it out:**Fetching your public key
Once you have the public key, you'll use RSA encryption to secure your Entity Secret. Immediately after, you'll transform this encrypted data into the Base64 format. This resultant Ciphertext, exactly 684 characters long, ensures the data remains intact and interpretable when received.
The code provided will take care of generating a unique Entity Secret Ciphertext everytime it is executed.
const forge = require('node-forge') const entitySecret = forge.util.hexToBytes('YOUR_ENTITY_SECRET') const publicKey = forge.pki.publicKeyFromPem('YOUR_PUBLIC_KEY') const encryptedData = publicKey.encrypt(entitySecret, 'RSA-OAEP', { md: forge.md.sha256.create(), mgf1: { md: forge.md.sha256.create(), }, }) console.log(forge.util.encode64(encryptedData))**Try it out:**Generate Entity Secet Ciphertext
After ensuring the Entity Secret's safety, it's time to register the resulting Ciphertext in our Web3 Services Console. This crucial step authenticates your data, setting the stage for every interaction that follows with our Developer-Controlled Wallets.
Register your Entity Secret Ciphertext
During registration, a recovery file will be presented. This is crucial. Should you ever misplace your Entity Secret, this file is your lifeline. Store it in a safe and accessible place.
Successfully navigating this processs not only secures your Entity Secret but also cements a foundation of trust for operations with our developer controlled wallets. We value your data's security and aim for a frictionless experience.
Here are some helpful links:
🎥Watch and learn: Watch our step-by-step walkthrough of the guide
📖Read docs: Check out our developer documentation.