Keys

Edit online

The Key object is a core resource in the IBM Digital Asset Haven API. It represents a distributed private key that is secured by the IBM Digital Asset Haven MPC network. You never access the private key material directly. Instead, you reference the Key by its unique keyId when you perform signing operations or when you create Wallet objects

A Key object provides two primary capabilities for developers:
  • Creating Wallet objects across supported blockchains.
  • Signing arbitrary data for advanced transaction workflows.
Creating Multi‑chain Wallets from a Key
A Key is blockchain agnostic. A single Key can derive multiple Wallet objects across different networks. This creates a one‑to‑many relationship that reduces operational complexity because you only need to reference one keyId to manage assets on several chains.Example:
  • Key (identified by keyId)
    • Wallet on Ethereum (with walletId and address)
    • Wallet on Solana (with walletId and address)
    • Wallet on Bitcoin (with walletId and address)
To create a new Wallet, call the Create Wallet endpoint and include the signingKey field in the request body to specify which Key will control the Wallet.
Performing Raw Signing

The Key object can also perform raw signing operations. Raw signing is required for any workflow that involves constructing transactions manually, such as interacting with smart contracts or signing off‑chain messages.To perform raw signing, send a POST request to:POST /keys/{keyId}/signatures

The API returns a signature that your application can use to assemble and broadcast a transaction. Your application is responsible for gas management, nonce handling, and final transaction submission.

Broadcasting

The Key object only signs data. Broadcasting is performed at the Wallet level because it is network specific. Use the Sign and Broadcast endpoint when you want IBM Digital Asset Haven to broadcast the transaction after signing.

Security Model

For developers, the security model is straightforward. A Key is an inaccessible secret. You can trigger signing operations, but you can never read or export the underlying private key. The IBM Digital Asset Haven MPC architecture enforces this guarantee across all supported networks.