!(function () {
  var e = [
    "identify",
    "page",
    "startAutoPage",
    "stopAutoPage",
    "startAutoIdentify",
    "stopAutoIdentify",
  ];
  function t(o) {
    return Object.assign(
      [],
      e.reduce(function (r, n) {
        return (
          (r[n] = function () {
            return o.push([n, [].slice.call(arguments)]), o;
          }),
          r
        );
      }, {})
    );
  }
  window.unify || (window.unify = t(window.unify)),
    window.unifyBrowser || (window.unifyBrowser = t(window.unifyBrowser));
  var n = document.createElement("script");
  (n.async = !0),
    n.setAttribute(
      "src",
      "https://tag.unifyintent.com/v1/7Kk92osLC7vgqrstznftZA/script.js"
    ),
    n.setAttribute(
      "data-api-key",
      "wk_gHe63XaT_7Ayfg866Ci5SHWgeNTkqUjxYGdKDUfT7"
    ),
    n.setAttribute("id", "unifytag"),
    (document.body || document.head).appendChild(n);
})();


Learn how Turnkey achieves innovative, cloud scale, no single point of failure security.

Overview

Security & Architecture

Turnkey

Before diving into the code, let's set up your organization and conjure up an API keypair to unlock the full potential of Turnkey!

Account Setup

Turnkey operates at the **cryptographic curve** level rather than specific assets. As a result Turnkey is asset agnostic and can be used with any type of asset as long as we support the underlying curve.

Turnkey infrastructure is flexible by default. We intentionally prioritize low-level primitives in our product to avoid creating blockers for developers building new kinds of applications on Turnkey.

Examples

Using LLMs

Turnkey provides a variety of client and server SDKs which simplify interacting with Turnkey's API. The SDKs offer methods, utilities, and helper functions to quickly implement features and perform common workflows.

Introduction

SDK Reference

Typescript | Browser

JavaScript Browser

The [`@turnkey/sdk-server`](https://www.npmjs.com/package/@turnkey/sdk-server) package exposes functionality that lets developers build server-side functionality for applications that interact with the Turnkey API.

Typescript | Server

JavaScript Server

React

This documentation contains guides for using Turnkey's React Native compatible [JavaScript packages](https://github.com/tkhq/sdk/tree/main/packages).

React Native

Turnkey offers native tooling for interacting with the API using Golang. See [https://github.com/tkhq/go-sdk](https://github.com/tkhq/go-sdk) for more details.

Golang

Turnkey offers native tooling for interacting with the API using Rust. See [https://github.com/tkhq/rust-sdk](https://github.com/tkhq/rust-sdk) for more details.

Rust

Ruby

This quickstart will guide you through Turnkey’s onboarding, adding an API key, creating a wallet, and signing your first Ethereum transaction.

Using the CLI

This documentation contains guides for using the Flutter SDK.

Flutter

Turnkey offers support for interacting with the API using Python. See [https://github.com/tkhq/python-sdk](https://github.com/tkhq/python-sdk) for more details.

Python

This guide aims to cover the process for migrating from lower-level Turnkey SDK (i.e. `@turnkey/{ http, api-key-stamper, webauthn-stamper, iframe-stamper }`) libraries, to our more recent abstractions: `@turnkey/{ sdk-browser, sdk-server, sdk-react }`

Migration Path

Review our [API Introduction](/developer-reference/api-overview/intro) to get started.

API Reference

Activities are requests to securely execute a workload in Turnkey.

Activities

Create API Keys

Create Authenticators to authenticate requests to Turnkey

Create Authenticators

Create Invitations to join an existing Organization

Create Invitations

Creates Oauth providers for a specified user - BETA

Create Oauth Providers

Create Policies

Create Policy

Create a private key tag and add it to private keys.

Create Private Key Tag

Create Private Keys

Create a read only session for a user (valid for 1 hour)

Create Read Only Session

Create Read Write Session

Create Sub-Organization

Create User Tag

Create Users

Create Wallet

Derive additional addresses using an existing wallet

Create Wallet Accounts

Delete API Keys

Delete Authenticators

Delete Invitation

Removes Oauth providers for a specified user - BETA

Delete Oauth Providers

Delete Policy

Delete Private Key Tags within an Organization

Delete Private Key Tags

Delete Private Keys

Delete Sub Organization

Delete User Tags

Delete Users

Delete Wallets

Export Private Key

Export Wallet

Export Wallet Account

Import Private Key

Import Wallet

Init Email Recovery

Init Generic OTP

Init Import Private Key

Init Import Wallet

Init OTP auth

Create a session for a user through stamping client side (api key, wallet client, or passkey client)

Login with a Stamp

Login with Oauth

Login with OTP

Authenticate a user with an Oidc token (Oauth) - BETA

Oauth

Authenticate a user with an OTP code sent via email or SMS

OTP auth

Perform Email Auth

Completes the process of recovering a user by adding an authenticator

Recover a user

Removes an organization feature. This activity must be approved by the current root quorum.

Remove Organization Feature

Sets an organization feature. This activity must be approved by the current root quorum.

Set Organization Feature

Sign Raw Payload

Sign multiple raw payloads with the same signing parameters

Sign Raw Payloads

Sign Transaction

Update Policy

Update human-readable name or associated private keys. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail.

Update Private Key Tag

Set the threshold and members of the root quorum. This activity must be approved by the current root quorum.

Update Root Quorum

Update a User in an existing Organization

Update User

Update human-readable name or associated users. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail.

Update User Tag

Update Wallet

Verify Generic OTP

Queries are read requests to Turnkey's API. They allow you to retrieve data about your organization and its resources.

Queries

Get Activity

Get API key

Get API keys

Get Authenticator

Get details about authenticators for a user

Get Authenticators

Get quorum settings and features for an organization

Get Configs

Get details about Oauth providers for a user

Get Oauth providers

Get Policy

Get Private Key

Get all suborg IDs associated given a parent org ID and an optional filter.

Get Suborgs

Get User

Get all email or phone verified suborg IDs associated given a parent org ID.

Get Verified Suborgs

Get Wallet

Get Wallet Account

List all Activities within an Organization

List Activities

List Policies

List all Private Key Tags within an Organization

List Private Key Tags

List all Private Keys within an Organization

List Private Keys

List all User Tags within an Organization

List User Tags

List Users

List Wallets

List Wallets Accounts

Get basic information about your current API or WebAuthN user and their organization. Affords Sub-Organization look ups via Parent Organization for WebAuthN or API key users.

Who am I?

At Turnkey we’ve developed a security framework that allows us, and eventually our users, to prove that all systems with security critical workloads are running exactly the software we expect at any given time, no single engineer can access any enclave or reconstruct a secret, and the system is always safe as long as enclaves are not compromised.

Our Approach

Non-Custodial Key Management

A core security anchor at Turnkey is the ability to prove to ourselves and our users that all systems within secure enclaves are running exactly the software we expect at any given time. To accomplish this, all security-critical Turnkey services, which perform actions including key generation, signing, and our policy engine, are deployed in secure enclaves.

Secure Enclaves

To run our applications in secure enclaves, we built QuorumOS: a minimal, immutable, and deterministic Linux unikernel build system for use cases that require high security and accountability. QuorumOS also contains an initialization and attestation framework for running applications within this environment.

Quorum Deployments

Enclave applications in Turnkey’s infrastructure are stateless meaning, there is no persistent data held behind the enclave boundary. Instead, data is held in a PostgreSQL instance in our primary AWS account. Before any enclave applications operate on the data in a Turnkey account, it first verifies that that data has been recently notarized by Turnkey’s notarizer. A recent stamp could be the result of an update or initiated by the heartbeat service.

Verifiable Data

We have a comprehensive disaster recovery process in place for all critical Turnkey data.

Disaster Recovery

Turnkey does not trust anything running outside of secure enclaves. See [our approach](/security/our-approach) for more details. When enclaves and end-users need to exchange private information, we've rely on a protocol based on [HPKE](https://datatracker.ietf.org/doc/html/rfc9180) to establish a **secure channel**.

Enclave Secure Channels

Enclave to end-user secure channels

We have published an in-depth whitepaper describing the principles with which we've built Turnkey and explaining in great detail the infrastructure foundations as well as the system architecture underpinning our product.

The Turnkey Whitepaper

Turnkey highly values the security of our software, services, and systems and we actively encourage the ethical reporting of any security vulnerabilities discovered. We invite researchers and users to report potential security vulnerabilities to our Bug Bounty Program via the form below, or to us via email at [security@turnkey.com](mailto:security@turnkey.com). When submitting a report via email, please provide a thorough description of the vulnerability, including steps to reproduce it and its potential impact.

Reporting a Vulnerability

Welcome to the home of your new documentation

Start building awesome documentation in under 5 minutes

Quickstart

Development

Text, title, and styling in standard markdown

Markdown Syntax

Code Blocks

Add image, video, and other HTML elements

Images and Embeds

Mintlify gives you complete control over the look and feel of your documentation using the mint.json file

Global Settings

The navigation field in mint.json defines the pages that go in the navigation menu

Navigation

Reusable, custom snippets to keep content in sync

Reusable Snippets

Example section for showcasing API endpoints

Returns all plants from the system that the user has access to

Get Plants

Create Plant

Deletes a single plant based on the ID supplied

Security

Security & Architecture

Our approach

Non-custodial key management

Secure enclaves

Quorum deployments

Verifiable data

Disaster recovery

Enclave secure channels

The Turnkey Whitepaper

Reporting a vulnerability