Wallet Types
There are two types of wallets that can be created using the Wallet API in CDP SDK, depending on how the private keys are managed: Coinbase-Managed (2-of-2) Wallets and Developer-Managed (1-of-1) Wallets.
Looking for more information on the differences between Smart Wallet and Wallet API? See our Wallet Comparison.
Use the following table to understand the differences between Coinbase-Managed Wallets and Developer-Managed Wallets:
| Feature | Coinbase-Managed (2-of-2) | Developer-Managed (1-of-1) |
|---|---|---|
| Custody model | Developer custodied | Developer custodied |
| Key management | Secured by Coinbase and the developer | Secured by the developer |
| Key structure | 2-of-2 | 1-of-1 |
| Key export | Cannot be exported | Can be exported via CDP SDK |
| Key storage | Stored securely in developer’s AWS account | Stored by the developer |
| Developer Experience | Use Coinbase Server-Signer | Developer implements private key storage |
| Setup time | 10 minutes to provision infrastructure | A few seconds to set up the SDK |
Coinbase-Managed (2-of-2) Wallets
Wallet API offers Coinbased-Managed 2-of-2 Wallets, leveraging advanced cryptographic techniques for enhanced usability and security.
These wallets use Multi-Party Computation (MPC) to split private keys into two shares between Coinbase and the developer, ensuring improved security.
To use Coinbase-Managed (2-of-2) Wallets, set up your Server-Signer.
Secure your CDP Secret API Key
- MPC does not safeguard your CDP API keys or account credentials. If your CDP login or API keys are compromised, funds held in your API Wallet could potentially be at risk, even when using the 2-of-2 MPC option.
- Coinbase recommends that you store your secret API keys in a dedicated solution such as AWS secret manager, Azure Key Vault, or some other secure storage option. Your CDP account can be used to create new API keys and should be stored securely using a password manager. Always follow the principle of least privilege when deciding who within your organization can access your CDP account funds.
Developer-Managed (1-of-1) Wallets
Developer-Managed wallets are 1-of-1 wallets for which the developer manages the private keys. These wallets are not protected by Coinbase, and a compromised or lost private key could result in loss of funds. You can export the private key for such wallets through the CDP SDK. Secure the exported private keys from CDP SDK using a strong encryption algorithm (e.g., AES-256) before persisting in a database. Ensure you create cloud / offline backups of your encrypted data store.
See Developer-Managed Wallets for more information.