Export Private Key
You can export the decrypted private key from a server wallet. This is useful for migration or backup scenarios.
| Parameter | Type | Description |
|---|
organizationId | string | Organization ID from your authenticated session |
address | string | Wallet address to export |
embeddedPrivateKey | string | Your 64-char hex access key |
blockchain | string | 'evm' or 'solana' |
The exported key gives full control over the wallet. Handle it with extreme care — encrypt it at rest, never log it, and never transmit it over insecure channels.
Error Handling
The SDK throws typed errors that preserve the backend’s error code and message. Wrap your calls in try/catch to handle them gracefully:
Common Error Codes
| Status | Error Type | When It Happens |
|---|
400 | ValidationError | Missing required fields (e.g. stamped payload fields for whoami or signTransaction) |
401 | UnauthorizedError | Token missing or expired, and automatic refresh failed |
409 | ConflictError | userIdentity already registered with a different access key or public key |
MFA (Multi-Factor Authentication)
The SDK includes MFA methods for additional security on sensitive operations:
Security Best Practices
Store secrets securely
Never hardcode accessKey or API keys in source code. Use a secrets manager:
Never expose keys in frontend code
The @abstraxn/server-signer package is designed for Node.js backends. If you need wallet functionality in a browser, use @abstraxn/signer-react instead.
Avoid logging sensitive data
Do not log raw access keys, private keys, or full signatures in production:
Rotate and audit
- Rotate API keys periodically from the Abstraxn Dashboard
- Monitor your wallet transactions for unexpected activity
- Use separate
userIdentity values for different services (e.g. payout-service, minting-service)
Wallet policies (temporarily unavailable)
Wallet policies (recipient blacklist, amount caps, contract whitelist) are not available on the live API yet. See Wallet policies for status. Use interaction policies for Agent Kit guardrails in the meantime.
Deprecated Aliases
These methods still work but will be removed in a future version:
| Deprecated | Use Instead |
|---|
ensureServerWalletSession(...) | authenticate(...) |
createViemClient(...) | createPublicClient(...) |
Next Steps