Skip to main content
EVMSolana

Overview

Embedded Wallets provide secure, user-friendly authentication methods that eliminate the complexity of traditional crypto wallets. Users can access their wallets through familiar authentication patterns like email one-time passwords (OTP), SMS, and social logins, without ever dealing with seed phrases or browser extensions.
Ready to implement authentication? Check out the Implementation Guide for step-by-step integration instructions.

Email OTP

Email OTP is the primary authentication method for Embedded Wallets, providing a secure and familiar experience for users.
  1. User enters email: The user provides their email address in your application
  2. OTP sent: A 6-digit one-time password is sent to their email
  3. User verifies: The user enters the OTP in your application
  4. Wallet access: Upon successful verification, the wallet is created or accessed
  • Time-limited codes: OTPs expire after 10 minutes for security
  • Rate limiting: Protection against brute force attempts
  • Secure delivery: Emails sent through Coinbase’s trusted infrastructure
  • Device binding: Wallets are cryptographically bound to the user’s device
  • No passwords to remember: Users don’t need to create or manage passwords
  • Instant onboarding: New users can create a wallet in seconds
  • Familiar process: Similar to authentication flows users already know
  • Cross-device support: Users can access their wallet from up to 5 devices

Email Customization

By default, all emails are sent without customization. If you’d like to use a custom email template featuring your app’s name and logo, reach out to us on Discord, and we’ll get you set up within one business day.

SMS OTP

SMS-based one-time passwords are available as an additional authentication method, providing users with more flexibility in how they access their wallets.
  1. User enters phone number: The user provides their phone number in your application
  2. OTP sent: A 6-digit one-time password is sent to their phone number
  3. User verifies: The user enters the OTP in your application
  4. Wallet access: Upon successful verification, the wallet is created or accessed
  • Time-limited codes: OTPs expire after 5 minutes for security
  • Rate limiting: Protection against brute force attempts
  • Secure delivery: Text messages sent through Coinbase’s trusted infrastructure
  • Device binding: Wallets are cryptographically bound to the user’s device
  • No passwords to remember: Users don’t need to create or manage passwords
  • Instant onboarding: New users can create a wallet in seconds
  • Familiar process: Similar to authentication flows users already know
  • Cross-device support: Users can access their wallet from up to 5 devices
This feature is currently supported for phone numbers from the following countries - Brazil, Canada, Colombia, India, Kenya, Mexico, Philippines, United Arab Emirates, United Kingdom, United States of America. If you’d like to enable the feature in additional regions, reach out to us on Discord.
SMS security considerations:
  • SMS authentication is inherently vulnerable to SIM swapping attacks, where attackers can take over a user’s phone number.
  • You should weigh the convenience of logging in with SMS with the potential for a user’s wallet to be taken control of.

Social login providers

Social login through Google is supported via our SDK using OAuth 2.0. We offer Coinbase-owned OAuth login, allowing users to recognize and trust Coinbase’s brand during the login process.
  1. User initiates social login: The user clicks on a familiar button like “Sign in with Google”
  2. User logs in: The user is redirected to the login flow from the OAuth provider
  3. User verifies: The user completes login
  4. Wallet access: Upon successful verification, the wallet is created or accessed
  • Time-limited codes: Social login sessions are managed using a refresh and access token model with configurable expiration
  • Rate limiting: Protection against brute force attempts
  • Secure delivery: Login is facilitated by Coinbase’s trusted brand.
  • No passwords to remember: Users don’t need to create or manage passwords
  • Instant onboarding: New users can create a wallet in seconds
  • Familiar process: Similar to authentication flows users already know
  • Cross-device support: Users can access their wallet from up to 5 devices
OAuth authentication support:
  • OAuth2 login is currently only supported via web. An upcoming release will add support for React Native.

Developer-delegated authentication

This feature is in development and coming soon. This will enable applications with existing authentication systems to integrate Embedded Wallets seamlessly with their current user authentication flow.
I