Recover Wallet By Secret
API Documentation: Recover Wallet By Secret
Overview
This API endpoint allows you to recover an MPC wallet by secret file which was generated when create a new MPC wallet. This API endpoint is useful when user loses access to their existing account but have their own secret and want to recover their existing account to a new account
- HTTP Method: POST
- Endpoint:
/api/<VERSION>/account/recover
Request Body Parameters
pin(optional): (Only for Version 2) The PIN code for the user's account. The PIN code must be a 6-digit number.isCustodian(optional): (Only for Version 2) The boolean value to determine whether you want to create a custodian account or not. If the value is true, the account will be created as a custodian account. If the value is false, the account will be created as a non-custodian account. (Default: true)file(required): The file containing the secret from the end user's device, created when initially creating the wallet.
Differences Between Non-Custodial and Custodial Accounts:
- Non-custodian account: Neither our system nor your client stores the user's secret0, the user is solely responsible for securely storing their secret0. This setup ensures that your client cannot access or intercept the user's secret0. Users can download their secret0 file through Xellar Passport (opens in a new tab)
- Custodian account: Your client is responsible for securely managing the user's secret0 data and its download link. Either the user or your client can access the secret0 file via the download link provided in the response data.
File in request body parameters must be a file with extension .xellar, containing secret0 value from Create Wallet Endpoint or Recover Wallet By Secret Endpoint.
Request
Request Headers
Authorization(required): JWT token which was generated when user login and do not have an MPC wallet.x-client-secret(required): Client secret which was generated when register in Xellar Embedded Wallet API Service Dashboard.
Example Request Syntax
curl -X POST -H "Content-Type: application/json" -H "x-client-secret: $YOUR_CLIENT_SECRET" -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" -F "file=@/path/to/secret_file" -F "pin=123456" -F "isCustodian=true" <BASE_URL>/api/<VERSION>/account/recoverResponse
The response will include a JSON object with the following properties:
status(number): The HTTP status code of the response (e.g., 200 for success).message(string): A message providing additional information about the operation.data(object): An object containing the user access token, secret0, secret0Link & wallet address.- walletToken : JWT token used to access the Wallet Operation endpoint.
- secret0 : The encrypted secret that user’s need to save in order to recover their wallet if user lose access to the account.
- secret0Link : Temporary link to download recovery file. The value is same as secret0 value, but it is already saved in .xellar file. The link will be expired in 5 minutes after being created.
- address : User’s MPC wallet address.
Example Response
V1
{
"status": 200,
"message": "Recover wallet successfully",
"data": {
"walletToken": "your_wallet_token_here",
"secret0": "your_secret_here",
"secret0Link": "temporary_link_to_download_secret0_file",
"address": "your_address"
}
}V2
This response only works on v2
Custodian Account
{
"status": 200,
"message": "Recover wallet successfully",
"data": {
"walletToken": "your_wallet_token_here",
"refreshToken": "your_refresh_token_here",
"secret0": "your_secret_here",
"secret0Link": "temporary_link_to_download_secret0_file",
"address": "your_address"
}
}Non-Custodian Account
{
"status": 200,
"message": "Recover wallet successfully",
"data": {
"walletToken": "your_wallet_token_here",
"refreshToken": "your_refresh_token_here",
"secret0Link": "https://passport.xellar.co/?download_recoverykey",
"address": "your_address"
}
}For custodian account implementation, you can see in Custodian implementation
Remember to save secret0 value from response data to file with file extension .xellar. This file will be useful if user want to recover their wallet to new account.