This repo contains a sample application for demonstration purposes only, walking through how to create sub-organizations, create a wallet, and sign with the @turnkey/solana signer (with transactions sponsored by the parent org!), using passkeys. Please feel free to play with this example and file an issue if there are improvements to be made! ❤️
The flow showcases 3 ways to make requests to Turnkey:
- the initial request to create a new sub-organization is authenticated in the NextJS backend with an API signature (using
API_PUBLIC_KEY/API_PRIVATE_KEYfrom your.env.localfile) - the request to log back in is signed on the frontend with your passkey, but it's passed to the NextJS backend as a signed request (the body, stamp, and url are POSTed). This lets the backend submit this request on your behalf, get your sub-organization ID, and fetch details about your wallet (parent organizations have read-only access to their sub-organizations).
- the request to sign a message is done 100% client-side via a Turnkey Solana signer (see @turnkey/solana): it's signed with your passkey, and submitted from the browser to the Turnkey API directly.
- the request to sign a transaction is also done on the client-side, but the transaction is initially created on the server-side and signed by the fee payer, which is a wallet belonging to the parent org.
If you want to see a Solana demo with API keys instead of passkeys, head to the example with-solana.
You can try this example quickly on Stackblitz. Follow the instructions below --> Stackblitz Instructions
Make sure you have Node.js installed locally; we recommend using Node v18+.
$ git clone https://github.com/tkhq/sdk
$ cd sdk/
$ corepack enable # Install `pnpm`
$ pnpm install -r # Install dependencies
$ pnpm run build-all # Compile source code
$ cd examples/with-solana-passkeys/The first step is to set up your Turnkey organization and account. By following the Quickstart guide, you should have:
- A public/private API key pair for Turnkey
- An organization ID
Once you've gathered these values, add them to a new .env.local file. Notice that your API private key should be securely managed and never be committed to git.
$ cp .env.local.example .env.localNow open .env.local and add the missing environment variables:
API_PUBLIC_KEYAPI_PRIVATE_KEYNEXT_PUBLIC_BASE_URLNEXT_PUBLIC_ORGANIZATION_IDNEXT_PUBLIC_RPID=localhost# replace with domain in productionNEXT_PUBLIC_SERVER_SIGN_URL=http://localhost:3000/api# replace with backend URL in productionNEXT_PUBLIC_FEE_PAYER_ADDRESS="<fee payer address>"# parent org wallet that pays for fees
$ pnpm run devThis command will start a NextJS app on localhost. If you navigate to http://localhost:3000 in your browser, you can follow the prompts to create a sub organization, create a private key for the newly created sub-organization, and sign a message using your passkey with a Solana custom account!
Example Link: https://stackblitz.com/edit/stackblitz-starters-h5pmnu
To use the example you need the following
- Turnkey Organization
- API key for the root user (both public and private key needed)
- Solana wallet for Parent org (created within turnkey UI)
- Airdrop devnet SOL to parent org wallet using devnet faucet → https://faucet.solana.com/
Set the following environment variables in .env.local
API_PUBLIC_KEY→ Public key of your API associated with root userAPI_PRIVATE_KEY→ Private key of your API associated with root userNEXT_PUBLIC_ORGANIZTION_ID→ org ID of the Turnkey organization that you’re usingNEXT_PUBLIC_BASE_URL--> This will be preset with https://api.turnkey.comNEXT_PUBLIC_RPID--> this should be pre-filled with the valuelocal-credentialless.webcontainer.iowhich is the RPID required in the Stackblitz environmentNEXT_PUBLIC_SERVER_SIGN_URL→ fill this out with the url in the browser of Stackblitz followed by “/api” --> for example: https://stackblitzstarters2psu3g-5wkd--3000--134daa3c.local-credentialless.webcontainer.io/api. This needs to be replaced as in the note belowNEXT_PUBLIC_FEE_PAYER_ADDRESS--> the address of the Solana address with airdropped funds
NOTE: when you update .env.local file (or any file) in Stackblitz, the project will get forked and a new Stackblitz environment will get created. This means that you'll have to NEXT_PUBLIC_SERVER_SIGN_URL will have to be updated to be the Stackblitz environment broswer URL + the suffix "/api"
- run `npm install && npm run build && npm run dev"
- follow example flow
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL TURNKEY BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.