Skip to main content

Overview

This guide shows how to combine Turnkey wallets with the vaults.fyi API to discover yields, build deposit and withdraw transactions, and execute them under a Turnkey policy that restricts signing to approved vault contracts. vaults.fyi is an infrastructure layer for DeFi yield. One API provides discovery, ready-to-sign transaction payloads, and position tracking across 80+ protocols and 1,000+ yield strategies on Ethereum, Base, Arbitrum, Optimism, Polygon, and 15+ other networks. Coverage spans stablecoin vaults (Morpho, Sky, Aave, Euler, Spark), vaults accepting liquid staking collateral (wstETH, rETH), and emerging strategies as soon as curators launch them.

Direct-to-protocol, with no wrapper contract

vaults.fyi returns calldata against the underlying protocol contracts directly. The user’s position is identical to one they would hold by interacting with Morpho, Sky, or Aave from any other wallet. There is no intermediary proxy holding funds on the user’s behalf, no idle cash buffer dragging APY, and no required user-facing fee. This has two consequences worth understanding before you integrate:
  1. No lock-in for your users. If you stop using vaults.fyi, every existing user position remains a real, addressable position in the canonical vault. Users can continue to manage it from any tool that supports the underlying protocol.
  2. Your portfolio view sees every existing position. The positions endpoint reads on-chain state directly across every supported protocol, so it returns positions the user already holds in DeFi outside your app, not only the ones they deposited through your integration.

Getting started

Before you begin, complete the Turnkey Quickstart. You should have:
  • A Turnkey organization ID
  • A root user with an API key pair
  • A non-root user with a separate API key pair, which we’ll restrict with a policy below
  • A wallet with an Ethereum account funded with ETH for gas and USDC on Base Mainnet
Sign up at the vaults.fyi portal to get a VAULTS_FYI_API_KEY. The working example can be found here.

Install dependencies

Initialize the vaults.fyi SDK

Setting up the policy for the non-root user

We’ll restrict the non-root signer to only the contract addresses that vaults.fyi will actually target for a given vault. The simplest approach is an address allowlist. For most ERC-4626 vaults (Morpho, Aave, Euler), the deposit targets the vault contract directly. But some protocols route through intermediary contracts. For example, Veda Boring Vaults route deposits through a Teller contract whose address differs from the vault. Rather than hardcoding addresses, we do a dry-run: call the vaults.fyi deposit and redeem endpoints, collect the tx.to addresses from the responses, and build the policy from those.
Because vaults.fyi handles all protocol-specific encoding internally, the same address allowlist works regardless of which protocol or curator the vault belongs to. There is no need to enumerate per-protocol function selectors. To support more vaults, run the dry-run for each vault or extend the allowlist.

Set up the Turnkey signer

We’ll use @turnkey/viem to create a Turnkey custom signer backed by the non-root API key, so every transaction is evaluated against the policy above.

Build and execute a deposit

getActions returns the ordered list of transactions required to perform an action against a vault. For a deposit, this is typically an ERC-20 approval followed by the vault deposit call.
The calldata targets the canonical vault contract (or the protocol’s routing contract). The resulting position is held by the user’s Turnkey-controlled address against the underlying protocol, with no proxy holding funds on their behalf.

Check positions

getPositions reads on-chain state and returns every vault position the user holds across every supported network and protocol, including positions the user opened outside your app. This is the call to power a portfolio view that reflects the user’s full DeFi footprint, not only the deposits they made through your integration.

Withdraw

Use getActions with the redeem action. Pass all: true to redeem the full position, or amount for a specific share amount.
For protocols with redemption cooldowns (Sky sUSDS, Ethena sUSDe, and similar), the action enum also exposes request-redeem, start-redeem-cooldown, and claim-redeem. Check getTransactionsContext for the current step the user needs to take.

Setting up the policy for reward claims

Reward claim transactions might target different contracts than deposit and redeem. Use the same dry-run approach: fetch claimable rewards, build the claim transactions, and extract the tx.to addresses for the policy.

Claim rewards

Reward claiming is a two-step flow. First, fetch what’s claimable:
Then build and execute the claim transactions. The response is keyed by network; each network has its own currentActionIndex and actions array.

Monetization

vaults.fyi gives integrators two independent revenue streams. Use either, both, or neither. Curator-side rebates. Curators with rebate agreements in place route a share of their performance fees back to you on attributed deposits, settled automatically. The user pays the same fee they would pay going direct to the protocol, so this revenue stream costs your user nothing. Optional integrator-set user fees. If you want to charge your users on top of the underlying yield, you can set any fee you choose, from zero to whatever the market will bear. This is fully optional and entirely your call. There is no minimum, no required cut, and no wrapper contract intermediating the deposit. Configure both from the vaults.fyi portal.

Summary

You’ve now learned how to:
  • Discover the actual contract addresses vaults.fyi will target and build a Turnkey policy from them automatically
  • Build and execute deposit, redeem, and reward-claim transactions against the canonical vault contracts directly
  • Track positions across every supported network
For the full API reference, see docs.vaults.fyi and the live OpenAPI spec at https://api.vaults.fyi/v2/documentation/.