In-App Wallet Architecture
Enterprise-grade security for your in-app wallets
Security is paramount for Shinami's in-app wallet solution. This section details how we manage that responsibility and how it relates to interacting with the In-App Wallet API.
Keys are used for wallet creation and transaction signing. Each wallet key pair is independently generated by the Shinami Key Service upon request from your app. They are not hierarchical and there’s no “root key.” These wallet keys are under shared custody of your app and Shinami, in that both parties will need to come together in order to sign transactions.
Each wallet key is recoverable from three pieces of data:
- Wallet secret - managed by the app (you)
- Wallet salt - managed by Shinami
- Encrypted wallet key - managed by Shinami
At rest, neither party has access to all three pieces. For security isolation, the Shinami side is split into two proprietary services: Shinami Key Service and Shinami Wallet Service. The following data flow charts show who is exposed to which pieces of data. Notably, the Shinami Key Service is a compute-only service with no state persistence. It has strict input / output policies where secret materials are never leaked outside.
Key Generation Data Flow
Transaction Signing Data Flow
With this separation, it is possible for the Shinami Key Service to be hosted by the app or an independent 3rd party. This provides a trustless guarantee that all parties remain zero-knowledge of the actual wallet keys at all times.
End-to-end API Interactions
The diagrams below further detail the interaction between your app, the Shinami Key Service and Shinami Wallet Service when using the In-App Wallet API.
Gasless Transaction Execution
Updated about 20 hours ago