Since this is a server-side SDK, the wallets are not self-custodial.
PIN is weak — not recommended for production.A user-typed PIN is a short, low-entropy string. Anyone who shoulder-surfs the PIN, observes a phishing form, or compromises the browser at typing time can decrypt the wallet’s private key. PIN remains in the SDK only as a fallback recovery surface for users who lose access to their platform authenticator.Production embedded-wallet apps should default to a platform passkey (Touch ID, Face ID, Windows Hello, Android biometrics) via the @chipi-stack/chipi-passkey package. For SHHH V8.4 wallets, signerKind: "WEBAUTHN_P256" keeps the private key inside the platform authenticator — it never leaves the device, never reaches Chipi servers, and is never derived from a user-typed secret.Only prompt for a PIN as the encryption key when:
- The user explicitly opted into a PIN-only flow (e.g. cold-storage / paper-backup recovery), or
- The platform genuinely has no WebAuthn / biometric support available.
If you are migrating an existing PIN-based wallet to a passkey, look up useMigrateWalletToPasskey in your framework’s hook docs. Install the Backend SDK
npm install @chipi-stack/backend
Get your API Keys
- Go to your API Keys in the Chipi Dashboard
- Copy your Public Key (
pk_prod_xxxx) and Secret Key (sk_prod_xxxx)
Keep your Secret Key secure and never expose it in client-side code or version control.
Initialize the SDK
Create a new instance of the ChipiServerSDK with your API keys:import { ChipiServerSDK, Chain, ChainToken } from "@chipi-stack/backend";
const serverClient = new ChipiServerSDK({
apiPublicKey: "pk_prod_your_public_key",
apiSecretKey: "sk_prod_your_secret_key",
});
Create Your First Wallet
Now you can create a wallet for your users:const newWallet = await serverClient.createWallet({
params: {
encryptKey: "user-secure-pin",
externalUserId: "your-user-id-123",
chain: Chain.STARKNET,
},
});
console.log('New wallet created:', newWallet);
// Output: { publicKey: "0x...", encryptedPrivateKey: "...", walletType: "CHIPI", ... }
Make Your First Transfer
Transfer tokens between wallets:const transferResult = await serverClient.transfer({
params: {
encryptKey: "user-secure-pin",
wallet: {
publicKey: newWallet.publicKey,
encryptedPrivateKey: newWallet.encryptedPrivateKey,
},
amount: "100",
token: ChainToken.USDC,
recipient: "0x1234567890abcdef...",
},
});
console.log('Transfer completed:', transferResult);
Environment Variables (Recommended)
For production applications, store your API keys as environment variables:# .env
CHIPI_PUBLIC_KEY=pk_prod_your_public_key
CHIPI_SECRET_KEY=sk_prod_your_secret_key
const serverClient = new ChipiServerSDK({
apiPublicKey: process.env.CHIPI_PUBLIC_KEY!,
apiSecretKey: process.env.CHIPI_SECRET_KEY!,
});
Next Steps
Now that you have the basic setup working, explore more advanced features:
Security Best Practices
- Never expose your secret API key in client-side code
- Use environment variables for API keys in production
- Validate user inputs before making API calls
- Implement proper error handling and logging
