Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Developers

Cloaked provides API and SDK access for integrating Cloaked into your application or automating operations for teams. This page covers account types, authentication methods, API access, and signing flows.

Account Types

Individual

Created automatically on registration. One signer, threshold of 1. Everything described in How It Works applies — an individual account is the default.

Team

Multiple signers with k-of-n threshold signing. Team accounts are created via the API and support:

  • Configurable signer count and threshold (e.g. 2-of-3)
  • API-key authenticated operations (payment address generation, quotes)
  • Async signature collection — signers don't need to be online simultaneously
  • Auto-relay when the signing threshold is met

Authentication Methods

Cloaked's key model requires a single high-entropy secret to derive viewing and spending capabilities. The SDK is agnostic about where that secret comes from — any source that can produce a deterministic, reproducible value works.

Wallet Signatures

Sign a deterministic message with any EOA wallet (MetaMask, Rabby, hardware wallets, etc.). The signature is transformed into scoped capabilities via the same derivation described in Key Derivation. A PIN is also required when using wallet connect — it is combined with your wallet address to construct the message your wallet signs, adding an explicit confirmation step that protects against blind signing. Passkey users do not need a PIN since the biometric prompt itself serves as the confirmation step.

Passkey PRFs

The WebAuthn PRF extension allows passkeys to return a deterministic secret bound to a relying party. No wallet required — biometric authentication (Face ID, fingerprint, Windows Hello) produces the entropy directly. Browser-native, phishing-resistant, and works on any device with a platform authenticator.

Embedded Wallets & Agents

For programmatic and agent use cases, embedded wallet providers (Privy, Turnkey, Fireblocks, etc.) can supply the signing entropy. This enables:

  • Automated payment address generation
  • Server-initiated sends via API keys
  • Agent-driven operations without human-in-the-loop signing

API Access

Team accounts authenticate via API keys for server-to-server integration. The API supports:

  • Payment addresses — generate stealth addresses programmatically
  • Quotes — coin selection and fee estimation
  • Sends — build transactions, collect signatures, auto-relay

Individual accounts can also use API keys for the same operations.

Signing Flow

Individual

The client signs the transaction directly, and it is relayed immediately.

Team

  1. A quote locks the stealth addresses needed to cover the send amount
  2. A transaction intent (the unsigned transaction details) is created from the quote, producing a digest
  3. Each signer retrieves their derived key material and signs the digest
  4. When the threshold is met, the transaction is assembled and relayed automatically

Signers can submit signatures independently and asynchronously — no coordinated online session is required.