- * TEE Express is a service that simplifies wallet management for developers. Unlike traditional wallet solutions that require complex key management, TEE Express handles all key management internally, providing a streamlined API for wallet operations. TEE Express leverages secure enclave technology to ensure that private keys never leave the secure environment. All wallet operations, including creation, signing, and key management, are performed within a trusted execution environment (TEE). This provides enterprise-grade security while maintaining the simplicity of a REST API. The service supports Ethereum wallets and provides endpoints for wallet creation, transaction signing, and message signing. All operations are authenticated using JWT tokens passed in the Authorization header, ensuring secure access to user wallets. **Migration Notice:** If you\'re an existing customer, your users\' wallets have been automatically migrated to TEE Express. There\'s no action required on your part - all existing wallets are now accessible through the TEE Express API using the same JWT tokens you currently use for authentication. Simply update your API calls to use the TEE Express endpoints, and pass your existing JWT token in the Authorization header for all requests. **Authentication:** - An API key via the `X-Magic-API-Key` header or a secret key via the `X-Magic-Secret-Key` header. - The OIDC provider ID via the `X-OIDC-Provider-ID` header. - Bearer token in the `Authorization` header. **Data Hashing for Signing:** For personal sign operations, encode your data as base64: ```typescript const message = Buffer.from(data, \'utf-8\').toString(\'base64\'); ``` For signing transaction data or other structured data, provide a keccak256 hash: ```typescript import { MessageTypes, SignTypedDataVersion, TypedDataUtils, TypedDataV1, TypedMessage, typedSignatureHash, } from \'@metamask/eth-sig-util\'; import { resolveProperties, Signature, Transaction, TransactionLike, TransactionRequest } from \'ethers\'; const computeEip712Hash = ( data: TypedMessage<MessageTypes>, version: SignTypedDataVersion.V3 | SignTypedDataVersion.V4, ): string => { const hashBuffer = TypedDataUtils.eip712Hash(data, version); return \'0x\' + hashBuffer.toString(\'hex\'); }; const personalSign = async (data: string) => { const message = Buffer.from(data, \'utf-8\').toString(\'base64\'); const body = { message_base64: message, chain: \'ETH\' }; return await fetch(\'/v1/wallet/personal-sign\', { method: \'POST\', body: JSON.stringify(body) }); }; const signTypedDataV1 = async (data: TypedDataV1) => { const rawDataHash = typedSignatureHash(data); const body = { raw_data_hash: rawDataHash, chain: \'ETH\' }; return await fetch(\'/v1/wallet/sign\', { method: \'POST\', body: JSON.stringify(body) }); }; const signTypedDataV3 = async (data: TypedMessage<MessageTypes>) => { const rawDataHash = computeEip712Hash(data, SignTypedDataVersion.V3); const body = { raw_data_hash: rawDataHash, chain: \'ETH\' }; return await fetch(\'/v1/wallet/sign\', { method: \'POST\', body: JSON.stringify(body) }); }; const signTypedDataV4 = async (data: TypedMessage<MessageTypes>) => { const rawDataHash = computeEip712Hash(data, SignTypedDataVersion.V4); const body = { raw_data_hash: rawDataHash, chain: \'ETH\' }; return await fetch(\'/v1/wallet/sign\', { method: \'POST\', body: JSON.stringify(body) }); }; const signTransaction = async (tx: TransactionRequest) => { const resolvedTx = await resolveProperties(tx); const txForSigning = { ...resolvedTx }; delete txForSigning.from; const btx = Transaction.from(txForSigning as TransactionLike); const body = { raw_data_hash: btx.unsignedHash, chain: \'ETH\' }; const res = await fetch(\'/v1/wallet/sign\', { method: \'POST\', body: JSON.stringify(body) }); const { r, s, v } = res.json(); btx.signature = Signature.from({ r, s, v }); return btx.serialized; }; ```
0 commit comments