Skip to main content
The End User Accounts APIs enable end users to directly create, manage, and use their accounts. They are typically accessed via the CDP Web SDK, which handles end-user authentication and Temporary Wallet Secret management on behalf of the developer. The End User Accounts APIs offer end users full control over their accounts, including the ability to sign transactions and messages, and to export their accounts’ private keys.

Delegated Signing

Delegated signing allows developers to sign and send transactions on behalf of an end user without requiring the end user to be present at signing time. This is useful for background operations, automated workflows, and scenarios where the developer’s server needs to act on the end user’s behalf. To use delegated signing, the end user must first create a short-lived delegation grant by authenticating with their access token and Temporary Wallet Secret. The grant specifies an expiresAt timestamp that defines how long the developer is authorized to sign on the end user’s behalf. Once a delegation grant is active, the developer’s server can use its CDP API key to perform signing operations for that end user. The delegation middleware transparently validates that an active (non-expired, non-revoked) grant exists for the {project, user} pair before allowing the operation to proceed. Grant lifecycle:
  • Delegation grants are scoped to a single project and end user pair.
  • Grants are time-bounded by the expiresAt timestamp and are automatically cleaned up after expiration.
  • Grants can be revoked early by either the end user (using their access token and TWS) or the developer (using their API key), via the RevokeDelegationForEndUser endpoint.
  • Only one active grant can exist per {project, user} pair at a given time.