How to create Managed Wallets and cover transaction fees on Solana

Tatum Managed Wallets are a fully custodial solution for handling private keys and account addresses on any of several supported blockchains. Managed wallets are generated securely on Tatum’s servers and clients can perform transactions with them without having to send private keys or set up their own on-premise key management system.

These features are currently in the Alpha version.

How to generate managed wallets

To generate a managed wallet, simply use the following API call:​

curl --request POST \
  --url \
  --header 'content-type: application/json' \
  --header 'x-api-key: REPLACE_KEY_VALUE' \
  --data '{"chain":"SOL"}'

The required parameters are:

x-api-key - your Tatum API key

chain - the blockchain on which you will generate the wallet. Tatum Managed Wallets can currently be generated on:

  • Binance Smart Chain

  • Ethereum

  • Klaytn

  • Harmony

  • Celo

  • Polygon

  • Solana

  • Litecoin

  • Bitcoin

The response will contain the following:

walletId - The ID used in place of a private key to sign transactions from the wallet.

address - The blockchain deposit address to which assets will be sent.

chain - The blockchain on which the managed wallet is created.

Now, the managed wallet can receive any assets on the blockchain on which it was generated.

How to export the private key of a managed wallet

If you as an app provider or one of your users would like to have full control of their own private keys to their wallet, the private key of the managed wallet can be exported.

Sending private keys over the Internet is not secure. If you export the private key of a managed wallet, there is a chance that the key can be compromised along the way. Please bear this in mind before exporting the private keys of your managed wallets.

To export the private key of your managed wallet, use the following API call, and set the query parameter export to "true"

curl --request GET \
  --url '{id}?export=SOME_BOOLEAN_VALUE' \
  --header 'x-api-key: REPLACE_KEY_VALUE'

How to sign transactions and transfer assets from a managed wallet

This feature is currently available ONLY on Solana. It allows you to cover the fees connected to any third-party transaction and pay for them from your paid Tatum plan. This applies to any transaction on the Solana blockchain - transfer of SOL, SPL tokens, minting or transferring NFTs, or invoking programs.

In order to do this, a Tatum fee address must be used as a feePayer address while creating the transaction. The following addresses are the Tatum fee addresses for Solana mainnet and devnet:

Mainnet address: DSpHmb7hLnetoybammcJBJiyqMVR3pDhCuW6hqVg9eBF

Devnet address: 5zPr5331CtBjgVeLedhmJPEpFaUsorLCnb3aCQPsUc9w

The following steps describe how to prepare a transaction for signing:

  1. Construct a transaction using the Solana SDK.

  2. Serialize the transaction to a HEX data string.

  3. Pass this string to Tatum’s API for signing.

Types of private keys for signing transactions

The transaction can require multiple private keys for signing - that of the fee payer, the sender of the SOL assets, the minting key during NFT mint operation etc. The private keys that are managed by Tatum — the fee payer, or the key of that managed wallet (in the case of a managed wallet holding SOL assets) — must be referenced in a list of walletIds to be used. The fee payer key is used by default, doesn't have to be mentioned in the list of wallets used for signing.

The external private keys (those not managed by Tatum) can either sign the transaction before it is serialized or be passed to Tatum’s API in their raw form.

It is ONLY ACCEPTABLE acceptable to pass private keys in their raw form to Tatum's API when using keys that can be exposed without posing any threat of losing assets due to their potential exposure. Otherwise, private keys should never be sent to Tatum’s API (or anywhere over the Internet) in their raw form.

Transaction payload example

This transaction payload will send SOL from account HrJtQTy2RW9c6y41RvN8x3bEiD6Co74AuhER2MGCpa58 to FZAS4mtPvswgVxbpc117SqfNgCDLTCtk5CoeAtt58FWU.

 import { LAMPORTS_PER_SOL, PublicKey, SystemProgram, Transaction } from '@solana/web3.js'
  const from = 'HrJtQTy2RW9c6y41RvN8x3bEiD6Co74AuhER2MGCpa58'
  const to = 'FZAS4mtPvswgVxbpc117SqfNgCDLTCtk5CoeAtt58FWU'
  const amount = '0.000001'
  const devnet_fee_payer = '5zPr5331CtBjgVeLedhmJPEpFaUsorLCnb3aCQPsUc9w'
  const fromPubkey = new PublicKey(from)
  const transaction = new Transaction({ feePayer: new PublicKey(devnet_fee_payer) })
      fromPubkey: fromPubkey,
      toPubkey: new PublicKey(to),
      lamports: new BigNumber(amount).multipliedBy(LAMPORTS_PER_SOL).toNumber(),
  transaction.recentBlockhash = '7WyEshBZcZwEbJsvSeGgCkSNMxxxFAym3x7Cuj6UjAUE' // any arbitrary block hash, will be replaced later in the process
  return transaction.compileMessage().serialize().toString('hex')

In the above example, the developer has 2 options for how to sign the transaction:

  1. If the sender address HrJtQTy2RW9c6y41RvN8x3bEiD6Co74AuhER2MGCpa58 is managed using a Tatum managed wallet with the ID 0b1eae3d-2520-4903-8bbf-5dec3ad2a5d4, the final payload to the custodial/transaction endpoint would look like this:

  "chain": "SOL",
  "txData": "020001044a22af97a838a504e6f7c0b18d779afcea612da50794cc1dac641861fc1ab14afa5cacaf91c298694e64bb5496916c3c68a32affb92d4bcd2736fbb00169d57bd840de2a454960308f688cd3ee308c1fa01ecfa0b03770aaaf3b52d71d46c31d000000000000000000000000000000000000000000000000000000000000000060d38e0da20dc5900b7e902c918eae6a95e2d90af154b53a422f4ab26b050f4f01030201020c02000000e803000000000000",
  "walletIds": [
      "key": "0b1eae3d-2520-4903-8bbf-5dec3ad2a5d4",
      "type": "MANAGED"

2. If the sender address is not managed, the transaction can be signed with the private key of the address before the serialization. The payload will look like this:

  "chain": "SOL",
  "txData": "020001044a22af97a838a504e6f7c0b18d779afcea612da50794cc1dac641861fc1ab14afa5cacaf91c298694e64bb5496916c3c68a32affb92d4bcd2736fbb00169d57bd840de2a454960308f688cd3ee308c1fa01ecfa0b03770aaaf3b52d71d46c31d000000000000000000000000000000000000000000000000000000000000000060d38e0da20dc5900b7e902c918eae6a95e2d90af154b53a422f4ab26b050f4f01030201020c02000000e803000000000000",
  "walletIds": []

To sum it up...

So now you know how to generate a managed wallet to receive assets, export its private key, and sign transactions on Solana using Tatum's fee payer addresses to cover the gas fees with your paid Tatum plan. Nice work!

Last updated