Embedded Wallets
How it works

How it Works

Wallet Creation

When a user signs into an application using their email or social logins for the first time, a wallet is generated on the user's device. The corresponding wallet key for this wallet is securely split into three shards.

  • Shard A is stored securely on the user's device. For web applications, this is stored on the browser, or for mobile apps, it is in a secure enclave.
  • Shard B is stored using a combined encrypted symmetric and asymmetric key known to Xellar and then stored in the AWS Cloud.
  • Shard C is encrypted by user authentication and stored in the IPFS network to keep the key decentralized through Xellar’s high performance private IPFS Gateway.

Embedded Wallet Scope

Embedded Wallets are scoped to applications per API key. If users use the same email to sign in to a different application using Embedded Wallets, the application will manage an entirely different wallet.

Benefits of single application scoped wallets

  • Each application has limited access only to wallets created through their application. It cannot manage wallets from other applications.
  • Users may only view tokens sent or purchased from your application.
  • You can manage your own subset of users through your own

Security & privacy

TLS Encryption

To increase security and privacy, private keys or wallet "seed phrases" are never stored or sent over a network. TLS encryption is used in transit for internal and external communications with Xellar's back-end and databases. TLS encryption is also required for third-party vendors.

AES-256

Data backups and storage are encrypted with AES-256.

Threshold secret sharing

Using threshold secret sharing, Xellar cannot reconstruct a user's private key, thereby providing a non-custodial wallet. Additionally, a customer's assets are safe even if Xellar or the application developer (you) is compromised. In a compromised situation, an attacker may only be able to access one of three shards, which is inadequate to reconstruct the wallet's private key.

User Permissions

Xellar provides a comprehensive user permission system through Xellar Passport that gives users complete control over their wallet access. Users can:

  • View all applications that currently have access to their wallet
  • Grant permissions to applications they trust, allowing them to perform wallet operations
  • Revoke permissions for any application at any time, immediately removing their access to the wallet

This permission system ensures that users maintain full control over their wallet access and can manage which applications can interact with their funds. Users can review and manage these permissions through the Xellar Passport interface, providing transparency and security for all wallet interactions.

OverviewGetting Started