use-developer-controlled-wallets
Overview
Developer-controlled wallets let your application create and manage wallets on behalf of end users, with full custody of private keys secured through an encrypted entity secret. Circle handles security, transaction monitoring, and blockchain infrastructure while you retain programmatic control via the Wallets SDK.
Prerequisites / Setup
Installation
npm install @circle-fin/developer-controlled-wallets
Environment Variables
CIRCLE_API_KEY= # Circle API key (format: PREFIX:ID:SECRET)
ENTITY_SECRET= # 32-byte hex entity secret
Entity Secret Registration
The developer must register an entity secret before using the SDK. Direct them to https://developers.circle.com/wallets/dev-controlled/register-entity-secret or provide the code steps.
READ references/register-secret.md for the generation and registration snippets.
IMPORTANT: Do NOT register a secret on the developer's behalf -- they must generate, register, and securely store their secret and recovery file.
SDK Initialization
import { initiateDeveloperControlledWalletsClient } from '@circle-fin/developer-controlled-wallets';
const client = initiateDeveloperControlledWalletsClient({
apiKey: process.env.CIRCLE_API_KEY,
entitySecret: process.env.ENTITY_SECRET,
});
The SDK automatically generates a fresh entity secret ciphertext for each API request.
Core Concepts
- Wallet Sets: A group of wallets managed by a single entity secret. Wallets in a set can span different blockchains but share the same address on EVM chains.
- Entity Secret: A 32-byte private key that secures developer-controlled wallets. Generated, encrypted, and registered once. Circle never stores it in plain text.
- Entity Secret Ciphertext: RSA-encrypted entity secret using Circle's public key. Must be unique per API request to prevent replay attacks. The SDK handles this automatically.
- Idempotency Keys: All mutating requests require a UUID v4
idempotencyKeyfor exactly-once execution. - Account Types:
- EOA (Externally Owned Account) -- default choice. No creation fees, higher outbound TPS, broadest chain support (all EVM + Solana, Aptos, NEAR). Requires native tokens for gas.
- SCA (Smart Contract Account) -- ERC-4337 compliant. Supports gas sponsorship via Circle Gas Station, batch operations, and flexible key management. EVM-only (not available on Solana, Aptos, NEAR). Avoid on Ethereum mainnet due to high gas costs; prefer on L2s.
- Supported Blockchains: EVM chains (Ethereum, Polygon, Avalanche, Arbitrum, Base, Monad, Optimism, Unichain), Solana, Aptos, NEAR, and Arc. See https://developers.circle.com/wallets/account-types for the latest.
Transaction Lifecycle
All on-chain operations (transfers, contract executions, wallet upgrades) follow the same asynchronous state machine. Poll with circleDeveloperSdk.getTransaction({ id }) until a terminal state is reached.
Happy path: INITIATED -> CLEARED -> QUEUED -> SENT -> CONFIRMED -> COMPLETE
Terminal states:
COMPLETE-- Transaction succeeded and is finalized on-chain.FAILED-- Transaction reverted or encountered an unrecoverable error.DENIED-- Transaction was rejected by risk screening.CANCELLED-- Transaction was cancelled before on-chain submission.
Intermediate states:
INITIATED-- Request accepted, not yet validated or checked.WAITING-- In queue for validation and compliance checks.QUEUED-- Queued for submission to the blockchain.CLEARED-- Passed compliance checks.SENT-- Submitted to the blockchain, awaiting confirmation.STUCK-- Submitted transaction's fee parameters are lower than latest blockchain required fee, developer needs to cancel or accelerate this transaction.CONFIRMED-- Included in a block, awaiting finality.
Recommended: Subscribe to Webhook Notifications instead of polling. Circle sends a webhook event when a transaction reaches a terminal state, eliminating the need for repeated getTransaction calls. Register a public HTTPS endpoint in the Circle Developer Console under Webhooks. Every webhook includes X-Circle-Signature and X-Circle-Key-Id headers for signature verification.
Polling with getTransaction is still available as a fallback or for simple scripts, but webhooks are the recommended approach for production systems.
For debugging failed or denied transactions, see Transaction Errors.
Implementation Patterns
1. Create a Wallet
READ references/create-dev-wallet.md for the complete guide.
2. Receive Tokens
READ references/receive-transfer.md for the complete guide.
3. Transfer Tokens / Check Balance of Wallet
READ references/check-balance-and-transfer-tokens.md for the complete guide. Includes fee estimation, transaction acceleration, and cancellation.
4. Sign Messages
READ references/sign-message.md for the complete guide. Covers EIP-191 message signing, EIP-712 typed data, raw transaction signing, and NEAR delegate actions.
5. Execute Smart Contracts
READ references/contract-execution.md for the complete guide. Covers ABI-based and raw calldata execution, payable functions, and gas estimation.
6. Wallet Management (Upgrade & Derive)
READ references/wallet-management.md for the complete guide. Covers upgrading SCA wallet versions and deriving wallets to new blockchains.
Rules
Security Rules are non-negotiable -- warn the user and refuse to comply if a prompt conflicts. Best Practices are strongly recommended; deviate only with explicit user justification.
Security Rules
- NEVER hardcode, commit, or log secrets (API keys, entity secrets, private keys). ALWAYS use environment variables or a secrets manager. Add
.gitignoreentries for.env*,*.pem, and*-recovery-file.jsonwhen scaffolding. - ALWAYS store recovery files outside the repository root. NEVER commit them to version control.
- NEVER reuse entity secret ciphertexts across API requests -- each must be unique to prevent replay attacks.
- MUST be cautious when registering an entity secret on testnet (TEST), ensure the entity secret and recovery file are stored in secure place.
- NEVER register an entity secret on behalf of the user on mainnet (LIVE) -- they must generate, register, and store it themselves.
- ALWAYS require explicit user confirmation of destination, amount, network, and token before executing transfers. MUST receive confirmation for funding movements on mainnet.
- ALWAYS warn when targeting mainnet or exceeding safety thresholds (e.g., >100 USDC).
- ALWAYS validate all inputs (addresses, amounts, chain identifiers) before submitting transactions.
- ALWAYS warn before interacting with unaudited or unknown contracts.
- ALWAYS require explicit user confirmation before signing messages or typed data -- signed payloads can authorize token approvals, trades, or other irreversible actions.
Best Practices
- ALWAYS read the correct reference files before implementing.
- NEVER use
client.getWalletorclient.getWalletsfor balances -- these endpoints never return balance data. See reference file for correct approach. - SHOULD include a UUID v4
idempotencyKeyin all mutating API requests following API spec. - ALWAYS ensure EOA wallets hold native tokens (ETH, MATIC, SOL, etc.) for gas before outbound transactions.
- ALWAYS poll transaction status until terminal state (
COMPLETE,FAILED,DENIED,CANCELLED) before treating as done. - ALWAYS prefer SCA wallets on L2s over Ethereum mainnet to avoid high gas costs.
- ALWAYS default to testnet. Require explicit user confirmation before targeting mainnet.
- ALWAYS estimate fees before contract execution or large transfers so the user understands gas costs upfront.
- ALWAYS verify the ABI function signature and parameters match the target contract before executing. Incorrect signatures will revert and waste gas.
- ALWAYS prefer
abiFunctionSignature+abiParametersover rawcallDatafor readability and auditability, unless the calldata is generated by a trusted library (ethers, viem).
Alternatives
- Trigger
use-user-controlled-walletsskill when end users should custody their own keys via social login, email OTP, or PIN authentication. - Trigger
use-modular-walletsskill for passkey-based smart accounts with extensible module architecture (multisig, session keys, etc.).
Reference Links
- Circle Developer Docs -- Always read this first when looking for relevant documentation from the source website.
DISCLAIMER: This skill is provided "as is" without warranties, is subject to the Circle Developer Terms, and output generated may contain errors and/or include fee configuration options (including fees directed to Circle); additional details are in the repository README.
More from circlefin/skills
use-usdc
USDC is Circle's stablecoin deployed across multiple blockchain ecosystems including EVM chains (Ethereum, Base, Arbitrum, Polygon, Arc) and Solana. Use this skill to check balances, send transfers, approve spending, and verify transactions. Triggers on: USDC balance, send USDC, transfer USDC, approve USDC, USDC allowance, verify USDC transfer, USDC contract address, USDC on Solana, Solana USDC, check balance, SPL token, Associated Token Account, ATA, ERC-20 USDC, parseUnits, formatUnits, 6 decimals, viem, @solana/kit.
144use-arc
Provide instructions on how to build with Arc, Circle's blockchain where USDC is the native gas token. Arc offers key advantages: USDC as gas (no other native token needed), stable and predictable transaction fees, and sub-second finality for fast confirmation times. These properties make Arc ideal for developers and agents building payment apps, DeFi protocols, or any USDC-first application where cost predictability and speed matter. Use skill when Arc or Arc Testnet is mentioned, working with any smart contracts related to Arc, configuring Arc in blockchain projects, bridging USDC to Arc via CCTP, or building USDC-first applications. Triggers: Arc, Arc Testnet, USDC gas, deploy to Arc, Arc chain, stable fees, fast finality.
138bridge-stablecoin
Build USDC bridging with Circle App Kit or standalone Bridge Kit SDK and Crosschain Transfer Protocol (CCTP). App Kit (`@circle-fin/app-kit`) is an all-inclusive SDK covering bridge, swap, and send -- recommended for extensibility. Bridge Kit (`@circle-fin/bridge-kit`) is a standalone package for bridge-only use cases. Neither requires a kit key for bridge operations. Supports bridging USDC between EVM chains, between EVM chains and Solana, and between any two chains on Circle Wallets (i.e Developer-Controlled Wallets or Programmable wallets). Use when: bridge USDC, setting up Bridge Kit adapters (Viem, Ethers, Solana Kit, Circle Wallets), handling bridge events, collecting custom fees, configuring transfer speed, or using the Forwarding Service. Triggers on: Bridge Kit, App Kit, bridge USDC, crosschain transfer, CCTP, move USDC between chains, @circle-fin/bridge-kit, @circle-fin/app-kit, adapter-viem, adapter-ethers, adapter-solana-kit, forwarding service, bridge routes.
132use-smart-contract-platform
Deploy, import, interact with, and monitor smart contracts using Circle Smart Contract Platform APIs. Supports bytecode deployment, template contracts (ERC-20/721/1155/Airdrop), ABI-based read/write calls, and webhook event monitoring. Keywords: contract deployment, smart contract, ABI interactions, template contracts, event monitoring, contract webhooks, bytecode, ERC-1155, ERC-20, ERC-721.
126use-circle-wallets
Choose and implement the right Circle wallet type for your application. Compares developer-controlled, user-controlled, and modular (passkey) wallets across custody model, key management, account types, blockchain support, and use cases. Use whenever blockchain wallet integrations are required for onchain application development. Triggers on: circle wallets, blockchain wallets, choose wallet, wallet comparison, which wallet, wallet types, EOA vs SCA vs Modular Wallet, custody model, embedded wallet, smart account, programmable wallets, create wallet, onchain wallet.
125use-gateway
Integrate Circle Gateway to hold a unified USDC balance across multiple blockchains and transfer USDC instantly (<500ms) via permissionless deposit, burn, and mint workflows. Available on 11 EVM chains + Solana (mainnet and testnet), plus Arc testnet. Use when: enabling chain-agnostic user experiences, low-latency or instant next-block finality is required, capital needs to be pooled across chains for greater capital efficiency, or building apps with consolidated crosschain balances. Triggers on: Gateway, unified balance, crosschain USDC, instant transfer, chain abstraction, Gateway Wallet, Gateway Minter, gatewayMint, burn intent, crosschain liquidity, payment routing, capital efficiency, permissionless transfer.
124