Private Keys and Mnemonic Phrases

To sign blockchain transactions, you MUST use mnemonics to generate private keys and addresses, and you NEED to use private keys.

A mnemonic phrase is generated when you create a wallet on most blockchains. This phrase is essentially a password to your wallet that can be used to generate both wallet addresses and private keys. Anyone who knows your wallet’s mnemonic phrase can easily take everything it holds.

When you generate an address using a mnemonic phrase, you also must generate a private key specific to the address to send funds from the address. As with mnemonics, if anyone gets hold of your private keys, they can easily steal everything held at the associated addresses.

Private keys and mnemonics are the only things that can unlock your crypto assets and approve transactions. If you lose access to them, you will lose access to your assets forever.

NEVER give access to your mnemonics or private keys to anyone. Your private keys should NEVER leave your secure perimeter and should not be sent over the Internet, not even via HTTPS connection. Tatum will never ask for your keys or mnemonics, and you should NEVER send them to the Tatum API.

There are public endpoints on Tatum API which accept or produce sensitive information like private key or mnemonics. These endpoints are only present for test use and quick prototyping, not for production usage.

Private key and mnemonic fields in Tatum’s API endpoints

Many Tatum API endpoints contain fromPrivateKey and mnemonic fields.

This is only intended for testing and demo purposes on testnet where using private keys and mnemonics is fast and convenient. After you test whatever you might be building, you should never use the blockchain wallets, addresses, or private keys that you exposed again.

Tatum does not store any sensitive data such as private keys or mnemonics that we receive in your API calls. However, we still recommend that you discard any private keys or mnemonics that used on on API calls on testnet.

Tatum’s solution for protecting your keys and mnemonics

Tatum platform allows you work with private keys and mnemonics without ever sending them over the Internet.

For production usage, you should use Tatum Key Management System (KMS) to generate private keys, mnemonics, and sign transactions locally and securely.

Whenever a privateKey or mnemonic field is present in an API endpoint in Tatum, you should replace them with a signatureId that is generated by KMS.

Last updated