Wallet Management
Getting Started with Wallets on Chaingateway
Section titled “Getting Started with Wallets on Chaingateway”Introduction
Section titled “Introduction”Chaingateway provides two methods for generating wallets: Password-Protected Wallets and Unsecure Wallets. Below, we describe both approaches, their security implications, and usage examples.
1. Password-Protected Wallets (Recommended)
Section titled “1. Password-Protected Wallets (Recommended)”If you provide a password body parameter in your request to /api/v2/{blockchain}/addresses, the generated wallet will have its private key stored securely in an encrypted format.
Security Mechanism
Section titled “Security Mechanism”- The private key is encrypted using your password and additional internal encryption mechanisms.
- When sending transactions, you provide the
passwordinstead of the private key. - This method increases security by ensuring private keys are never exposed in API requests.
Password Management
Section titled “Password Management”- Updating Password: Use
UPDATE /api/v2/{blockchain}/addresses/{address}with parametersold_passwordandnew_password. - Exporting Private Key: Use
POST /api/v2/{blockchain}/addresses/export/{address}to retrieve your private key (requires password).
::: danger Store your password securely We never store private keys or passwords within our application—neither in our database nor in our logging or exception mechanisms. If you lose your password, we cannot restore your wallet’s private key. :::
Example Request
Section titled “Example Request”curl --request POST \ --url https://app.chaingateway.io/api/v2/ethereum/addresses \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --header 'Content-Type: application/json' \ --data '{ "password": "architecto"}'<?php$ch = curl_init();curl_setopt($ch, CURLOPT_URL, 'https://app.chaingateway.io/api/v2/ethereum/addresses');curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(["password" => "architecto"]));curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Authorization: Bearer YOUR_SECRET_TOKEN', 'Content-Type': 'application/json']);$response = curl_exec($ch);curl_close($ch);echo $response;fetch('https://app.chaingateway.io/api/v2/ethereum/addresses', { method: 'POST', headers: { 'Authorization': 'Bearer YOUR_SECRET_TOKEN', 'Content-Type': 'application/json' }, body: JSON.stringify({ password: 'architecto' })}).then(response => response.json()).then(data => console.log(data));import requestsheaders = { 'Authorization': 'Bearer YOUR_SECRET_TOKEN', 'Content-Type': 'application/json'}data = {"password": "architecto"}response = requests.post('https://app.chaingateway.io/api/v2/ethereum/addresses', headers=headers, json=data)print(response.json())Example Transactions
Section titled “Example Transactions”curl --request POST \ --url https://app.chaingateway.io/api/v2/ethereum/transactions \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --header 'Content-Type: application/json' \ --data '{ "from": "0xSenderAddress", "to": "0xRecipientAddress", "amount": "100", "password": "password"}'2. Unsecure Wallets (Use with Caution)
Section titled “2. Unsecure Wallets (Use with Caution)”If you do not provide a password in your address creation request, the private key will be returned directly in the response. This means that the private key must be securely stored and managed on your end.
::: danger Only use for non-permanent wallets Since the private key is included in the response, it is your responsibility to securely store and protect it. We strongly recommend using password-protected wallets instead. If someone gains access to your private key, they can control all funds in the wallet. :::
Security Risks
Section titled “Security Risks”- The private key is exposed in the API response, making it vulnerable if intercepted.
- If an attacker gains access to the private key, they can fully control the wallet.
- This method should only be used for temporary wallets or single-use addresses.
Example Request
Section titled “Example Request”curl --request POST \ --url https://app.chaingateway.io/api/v2/tron/addresses \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --header 'Content-Type: application/json'<?php$ch = curl_init();curl_setopt($ch, CURLOPT_URL, 'https://app.chaingateway.io/api/v2/tron/addresses');curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(["activated" => true]));curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Authorization: Bearer YOUR_SECRET_TOKEN', 'Content-Type': 'application/json']);$response = curl_exec($ch);curl_close($ch);echo $response;fetch('https://app.chaingateway.io/api/v2/tron/addresses', { method: 'POST', headers: { 'Authorization': 'Bearer YOUR_SECRET_TOKEN', 'Content-Type': 'application/json' }, body: JSON.stringify({ activated: true })}).then(response => response.json()).then(data => console.log(data));import requestsheaders = { 'Authorization': 'Bearer YOUR_SECRET_TOKEN', 'Content-Type': 'application/json'}data = {"activated": True}response = requests.post('https://app.chaingateway.io/api/v2/tron/addresses', headers=headers, json=data)print(response.json())Example Transactions
Section titled “Example Transactions”curl --request POST \ --url https://app.chaingateway.io/api/v2/ethereum/transactions \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --header 'Content-Type: application/json' \ --data '{ "from": "0xSenderAddress", "to": "0xRecipientAddress", "amount": "100", "password": "password"}'