Use the @abstraxn/agent-kit npm package from your backend only. It wraps Agent Kit REST and Abstraxn server wallet provisioning so each agent gets an EVM (and optionally Solana) address plus a one-time access key for signing.
For bring-your-own-wallet (MetaMask, viem, no accessKey), see External wallet.
Prerequisites
Install
Initialize the client
| Env variable | Example | Purpose |
|---|
ABSTRAXN_API_KEY | From dashboard Overview | Application-scoped key |
AGENT_KIT_BASE_URL | https://dev-agent-kit.abstraxn.com | Override for dev/staging |
Create an agent (primary flow)
createAgent() is the flow used in the sample backend API (NestJS). It:
- Registers the agent in Agent Kit (
POST /agents under the hood).
- Provisions an Abstraxn server wallet (P-256 access key + organization).
- Returns
wallet.accessKey — required for all future signing and autonomous actions.
What to store in your database
| Field | Secret? | Used for |
|---|
agent.id | No | Agent Kit id, MCP agent_id, identity APIs |
agent.apiKey | Yes | Per-agent MCP auth (alternative to app key + agent_id) |
wallet.accessKey | Critical | Server wallet auth — signing, x402, transfers |
wallet.evmAddress | No | Display, balance, transfers |
wallet.organizationId | No | Server signer RPC client scope |
userIdentity | No | Must match authenticate() calls |
accessKey cannot be retrieved again. If you lose it, create a new agent or implement a key-rotation flow with your Abstraxn contact. Encrypt the column (see ENCRYPTION_KEY in the sample app).
Reference: how the sample backend persists secrets
Sign and send transactions (autonomous actions)
After onboarding, load the decrypted accessKey and use getServerSigner():
Your backend uses this path when:
Other SDK methods
| Method | When to use |
|---|
listAgents / getAgent | Admin dashboards, sync with your DB |
updateAgent / deleteAgent | Lifecycle management |
updateSpendPolicy | Cap paid MCP tool spend per agent (x402) |
createInteractionPolicy / listInteractionPolicies / getInteractionPolicy / updateInteractionPolicy / deleteInteractionPolicy | Off-chain guardrails before MCP tool calls (interaction policies) |
registerAgentIdentity | ERC-8004 on-chain identity — supported chainId: 1, 11155111, 137, 80002, 8453, 84532, 56, 97, 42161, 43114 (details) |
createAgentDirect | Agent row only, no auto-wallet (advanced) |
bindAgent | Attach existing EVM/Solana addresses |
MCP from your backend
Point MCP at the same URL as the dashboard MCP URL:
When using the application API key, pass agent_id in tool arguments for multi-agent apps:
Or use each agent’s agent.apiKey as the MCP Authorization value (no agent_id required).
Security checklist
- Store
ABSTRAXN_API_KEY and all accessKey values only on the server.
- Encrypt
accessKey at rest; never log it.
- Do not pass
accessKey to the browser or mobile clients.
- Use per-user auth (JWT) in your API; map users to agent rows in your DB.
Next steps