Blockchain API

Appearance

Getting Started with Wallets on Chaingateway

Introduction

Chaingateway provides two methods for generating wallets: Password-Protected Wallets and Unsecure Wallets. Below, we describe both approaches, their security implications, and usage examples.

1. Password-Protected Wallets (Recommended)

If you provide a password body parameter in your request to /api/v2/{blockchain}/addresses, the generated wallet will have its private key stored securely in an encrypted format.

Security Mechanism

  • The private key is encrypted using your password and additional internal encryption mechanisms.
  • When sending transactions, you provide the password instead of the private key.
  • This method increases security by ensuring private keys are never exposed in API requests.

Password Management

  • Updating Password: Use UPDATE /api/v2/{blockchain}/addresses/{address} with parameters old_password and new_password.
  • Exporting Private Key: Use POST /api/v2/{blockchain}/addresses/export/{address} to retrieve your private key (requires password).

Store your password securely

We never store private keys or passwords within our application—neither in our database nor in our logging or exception mechanisms. If you lose your password, we cannot restore your wallet's private key.

Example Request

shell
curl --request POST \
  --url https://app.chaingateway.io/api/v2/ethereum/addresses \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
  "password": "architecto"
}'
php
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://app.chaingateway.io/api/v2/ethereum/addresses');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(["password" => "architecto"]));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer YOUR_SECRET_TOKEN',
    'Content-Type: application/json'
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
javascript
fetch('https://app.chaingateway.io/api/v2/ethereum/addresses', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_SECRET_TOKEN',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ password: 'architecto' })
})
.then(response => response.json())
.then(data => console.log(data));
python
import requests
headers = {
    'Authorization': 'Bearer YOUR_SECRET_TOKEN',
    'Content-Type': 'application/json'
}
data = {"password": "architecto"}
response = requests.post('https://app.chaingateway.io/api/v2/ethereum/addresses', headers=headers, json=data)
print(response.json())

Example Transactions

shell
curl --request POST \
  --url https://app.chaingateway.io/api/v2/ethereum/transactions \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
  "from": "0xSenderAddress",
  "to": "0xRecipientAddress",
  "amount": "100",
  "password": "password"
}'

2. Unsecure Wallets (Use with Caution)

If you do not provide a password in your address creation request, the private key will be returned directly in the response. This means that the private key must be securely stored and managed on your end.

Only use for non-permanent wallets

Since the private key is included in the response, it is your responsibility to securely store and protect it. We strongly recommend using password-protected wallets instead. If someone gains access to your private key, they can control all funds in the wallet.

Security Risks

  • The private key is exposed in the API response, making it vulnerable if intercepted.
  • If an attacker gains access to the private key, they can fully control the wallet.
  • This method should only be used for temporary wallets or single-use addresses.

Example Request

shell
curl --request POST \
  --url https://app.chaingateway.io/api/v2/tron/addresses \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
php
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://app.chaingateway.io/api/v2/tron/addresses');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(["activated" => true]));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer YOUR_SECRET_TOKEN',
    'Content-Type: application/json'
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
javascript
fetch('https://app.chaingateway.io/api/v2/tron/addresses', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_SECRET_TOKEN',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ activated: true })
})
.then(response => response.json())
.then(data => console.log(data));
python
import requests
headers = {
    'Authorization': 'Bearer YOUR_SECRET_TOKEN',
    'Content-Type': 'application/json'
}
data = {"activated": True}
response = requests.post('https://app.chaingateway.io/api/v2/tron/addresses', headers=headers, json=data)
print(response.json())

Example Transactions

shell
curl --request POST \
  --url https://app.chaingateway.io/api/v2/ethereum/transactions \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
  "from": "0xSenderAddress",
  "to": "0xRecipientAddress",
  "amount": "100",
  "password": "password"
}'