SDK APIs Overview
The WaaS SDK is a client-side React Native library for participating in the MPC operations initiated on WaaS MPCKeyService.
Essential APIs
There are several essential APIs in the SDK, and they are generally called in the following order:
Summary
Device Setup
initMPCSdk - Call first, before any other API is called.
bootstrapDevice - Call once per device--subsequent calls are ignored. It accepts the passcode used to encrypt key material in the phone’s security module.
getRegistrationData - Use the string returned by getRegistrationData to call RegisterDevice (MPCKeyService), which registers the device with WaaS servers.
computeMPCOperation - Call to process the MPC operations returned from ListMPCOperations, e.g., for CreateDeviceGroup and CreateSignature.
Recovery
computePrepareDeviceArchiveMPCOperation - Call to process the MPC operations of type
PrepareDeviceArchivereturned from ListMPCOperations.exportPrivateKeys - Call to export the private keys corresponding to MPCKeys derived from a particular DeviceGroup.
computePrepareDeviceBackupMPCOperation - Call to process the MPC operations of type
PrepareDeviceBackupreturned from ListMPCOperations.exportDeviceBackup - Call to export the device backup for a DeviceGroup.
computeAddDeviceMPCOperation - Call to process the MPC operations of type
AddDevicereturned from ListMPCOperations.
Recovery Edge Cases
- resetPasscode - Call to reset the passcode used to encrypt the backups and archives of the DeviceGroups containing this Device.
Additional APIs are provided in the SDK for convenience; but we don't recommend them. Instead, secure your application with a proxy server in between the device and WaaS servers for all API calls, including ListMPCOperations.
Device Setup
1. initMPCSdk
Initializes the MPC SDK. This function must be invoked before any MPC SDK methods are called.
@returns: A promise with the string "success" on successful initialization; a rejection otherwise.
2. bootstrapDevice
Bootstraps the Device with the given passcode. The passcode is used to generate a private/public key pair that encodes the back-up material for WaaS keys created on this Device.
This function should be called exactly once per Device per application, and should be called before the Device is registered with getRegistrationData.
It is the responsibility of the application to track whether bootstrapDevice has been called for the Device.
@param passcode: Passcode to protect all key materials in the secure enclave.@returns: A promise with the string "bootstrap complete" on successful initialization; a rejection otherwise.
3. getRegistrationData
Retrieves the data required to call RegisterDevice on MPCKeyService.
@returns: A promise with theregistrationDataon success; a rejection otherwise.
4. computeMPCOperation
Computes an MPCOperation, given mpcData from the response of ListMPCOperations API on MPCKeyService.
@param mpcData: The mpcData from ListMPCOperationsResponse on MPCKeyService.@returns: A promise with the string "success" on successful MPC computation; a rejection otherwise.
Recovery
5. computePrepareDeviceArchiveMPCOperation
Computes a PrepareDeviceArchive MPCOperation, given mpcData from the response of ListMPCOperations API on MPCKeyService and passcode for the Device.
@param mpcData: The mpcData from ListMPCOperationsResponse on MPCKeyService.@param passcode: The passcode set for the Device on BootstrapDevice call.@returns: A promise with the string "success" on successful MPC computation; a rejection otherwise.
6. exportPrivateKeys
Exports private keys corresponding to MPCKeys derived from a particular DeviceGroup. This method only supports exporting private keys that back EVM addresses. This function is recommended to be called while the Device is on airplane mode.
@param mpcKeyExportMetadata: The metadata to be used to export MPCKeys. This metadata is obtained from the response of GetDeviceGroup RPC in MPCKeyService. This metadata is a dynamic value, ensure you pass the most recent value of this metadata.@param passcode: Passcode protecting key materials in the device, set during the call to BootstrapDevice.@returns: A promise with the ExportPrivateKeysResponse on success; a rejection otherwise.
7. computePrepareDeviceBackupMPCOperation
Computes a PrepareDeviceBackup MPCOperation, given mpcData from the response of ListMPCOperations API on MPCKeyService and passcode for the Device.
@param mpcData: The mpcData from ListMPCOperationsResponse on MPCKeyService.@param passcode: The passcode set for the Device on BootstrapDevice call.@returns: A promise with the string "success" on successful MPC computation; a rejection otherwise.
8. exportDeviceBackup
Exports the device backup that is created after successfully computing a PrepareDeviceBackup MPCOperation. It is recommended to store this backup securely in a storage provider of your choice.
@returns: A promise with the backup as hex-encoded string; a rejection otherwise.
If the existing Device is lost, follow the below steps:
- Bootstrap the new Device with the same passcode as the old Device.
- Register the new Device.
- Initiate AddDevice MPCOperation using the AddDevice RPC in the MPCKeyService.
- Compute AddDevice MPCOperation with the computeAddDeviceMPCOperation method using this exported device backup.
9. computeAddDeviceMPCOperation
Computes an AddDevice MPCOperation, given mpcData from the response of ListMPCOperations API on MPCKeyService and passcode for the Device.
@param mpcData: The mpcData from ListMPCOperationsResponse on MPCKeyService.@param passcode: The passcode set for the Device on BootstrapDevice call.@param deviceBackup: The backup retrieved from the exportDeviceBackup call after successful computation of a PrepareDeviceBackup MPCOperation.@returns: A promise with the string "success" on successful MPC computation; a rejection otherwise.
Recovery Edge Cases
10. resetPasscode
Resets the passcode used to encrypt the backups and archives of the DeviceGroups containing this Device.
While there is no need to call bootstrapDevice again, it is the client's responsibility to call and participate in PrepareDeviceArchive and PrepareDeviceBackup operations afterwards for each DeviceGroup the Device was in. This function can be used when/if the end user forgets their old passcode.
@param newPasscode: The new passcode to use to encrypt backups and archives associated with the Device.@returns: A promise with the string "passcode reset" on successful initialization, or a rejection otherwise.
Wallet Creation
11. computeMPCWallet
Computes an MPCWallet. Computing an MPCWallet consists of two steps:
- Compute the MPC operation to create the DeviceGroup.
- Compute the MPC operation to prepare device archive for the DeviceGroup. Users are provided with this convenience API to compute both MPC operations using one single API call. Users have the choices to compute the two MPC operations separately.
@param deviceGroup: The resource name of the DeviceGroup from the createMPCWallet response.@param passcode: Passcode protecting key materials in the device, set during the call to BootstrapDevice.@param pollInterval: The interval at which to poll for the pending operation in milliseconds. If not provided, a reasonable default will be used.@returns: A promise with the string "success" on successful MPC wallet computation; a rejection otherwise.