To sign blockchain transactions, you MUST use mnemonics to generate private keys and addresses, and you NEED to use private keys.

A mnemonic phrase is generated when you create a wallet on most blockchains. This phrase is essentially a password to your wallet that can be used to generate both wallet addresses and private keys. Anyone who knows your wallet’s mnemonic phrase can easily take everything it holds.

When you generate an address using a mnemonic phrase, you also must generate a private key specific to the address to send funds from the address. As with mnemonics, if anyone gets hold of your private keys, they can easily steal everything held at the associated addresses.

Private keys and mnemonics are the only things that can unlock your crypto assets and approve transactions. If you lose access to them, you will lose access to your assets forever.

Private key and mnemonic fields in Tatum’s API endpoints

Many Tatum API endpoints contain fromPrivateKey and mnemonic fields.

This is only intended for testing and demo purposes on testnet where using private keys and mnemonics is fast and convenient. After you test whatever you might be building, you should never use the blockchain wallets, addresses, or private keys that you exposed again.

Tatum’s solution for protecting your keys and mnemonics

Tatum platform allows you work with private keys and mnemonics without ever sending them over the Internet.

For production usage, you should use Tatum Key Management System (KMS) to generate private keys, mnemonics, and sign transactions locally and securely.

Whenever a privateKey or mnemonic field is present in an API endpoint in Tatum, you should replace them with a signatureId that is generated by KMS.