Simplified Transactions API authentication

Joaquim Verges

You can now use the Transaction API with just your project secret key.

When you create a new project, we now initialize a secure Vault automatically for you which lets you create server wallets and transact immediately with just your project secret key.

curl -X POST "https://engine.thirdweb.com/v1/write/contract" \
  -H "Content-Type: application/json" \
  -H "x-secret-key: <your-project-secret-key>" \
  -d '{
    "executionOptions": {
      "from": "<your-server-wallet-address>",
      "chainId": "84532"
    },
    "params": [
      {
        "contractAddress": "0x...",
        "method": "function mintTo(address to, uint256 amount)",
        "params": ["0x...", "100"]
      }
    ]
  }'

• Before: Performing transactions with your server wallets required BOTH a project secret key (x-secret-key) AND a vault access token (x-vault-access-token).
• After: You can now do server wallet transactions with ONLY your project secret key

Your project secret key is now all you need to access thirdweb infrastructure and your server wallets from your backends.

If you've already created a vault for your project, nothing changes, you can continue using your vault access tokens normally.

When you create a project, we generate a secret key that only you have access to. We do not store that secret key only a hash of it. At project creation time, we now generate a Vault access token, encrypt with your project secret key, and store it.

This lets you now interact with your vault as long as you pass your secret key to the thirdweb transaction API.

At any point, you can choose to take control of your own Vault keys by revoking the Vault keys from the vault tab. This will invalidate any previous keys and generate new ones that you can store those yourself.

Happy building!