Skip to main content

API Reference (1.0)

Review our API Introduction to get started.

Organizations

An Organization is the highest level of hierarchy in Turnkey. It can contain many Users, Private Keys, and Policies managed by a Root Quorum. The Root Quorum consists of a set of Users with a consensus threshold. This consensus threshold must be reached by Quorum members in order for any actions to take place.

See Root Quorum for more information

Create Sub-Organization

Create a new Sub-Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateSubOrganizationIntentV4)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Update Root Quorum

Set the threshold and members of the root quorum. This must be approved by the current root quorum.

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (UpdateRootQuorumIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Invitations

Invitations allow you to invite Users into your Organization via email. Alternatively, Users can be added directly without an Invitation if their ApiKey or Authenticator credentials are known ahead of time.

See Users for more information

Create Invitations

Create Invitations to join an existing Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_INVITATIONS"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateInvitationsIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_INVITATIONS",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Delete Invitation

Delete an existing Invitation

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_DELETE_INVITATION"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (DeleteInvitationIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_DELETE_INVITATION",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Policies

Policies allow for deep customization of the security of your Organization. They can be used to grant permissions or restrict usage of Users and Private Keys. The Policy Engine analyzes all of your Policies on each request to determine whether an Activity is allowed.

See Policy Overview for more information

Get Policy

Get details about a Policy

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

policyId
required
string

Unique identifier for a given Policy.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "policyId": "string"
}

Response samples

Content type
application/json
{
  • "policy": {
    }
}

List Policies

List all Policies within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "policies": [
    ]
}

Create Policy

Create a new Policy

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_POLICY_V3"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreatePolicyIntentV3)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_POLICY_V3",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Delete Policy

Delete an existing Policy

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_DELETE_POLICY"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (DeletePolicyIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_DELETE_POLICY",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Update Policy

Update an existing Policy

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_UPDATE_POLICY"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (UpdatePolicyIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_UPDATE_POLICY",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Features

Remove Organization Feature

Removes an organization feature

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_REMOVE_ORGANIZATION_FEATURE"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (RemoveOrganizationFeatureIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_REMOVE_ORGANIZATION_FEATURE",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Set Organization Feature

Sets an organization feature

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_SET_ORGANIZATION_FEATURE"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (SetOrganizationFeatureIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_SET_ORGANIZATION_FEATURE",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Wallets

Wallets contain collections of deterministically generated cryptographic public / private key pairs that share a common seed. Turnkey securely holds the common seed, but only you can access it. In most cases, Wallets should be preferred over Private Keys since they can be represented by a mnemonic phrase, used across a variety of cryptographic curves, and can derive many addresses.

Derived addresses can be used to create digital signatures using the corresponding underlying private key. See Signers for more information

Get Wallet

Get details about a Wallet

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

walletId
required
string

Unique identifier for a given Wallet.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "walletId": "string"
}

Response samples

Content type
application/json
{
  • "wallet": {
    }
}

List Wallets Accounts

List all Accounts wirhin a Wallet

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

walletId
required
string

Unique identifier for a given Wallet.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "walletId": "string"
}

Response samples

Content type
application/json
{
  • "accounts": [
    ]
}

List Wallets

List all Wallets within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "wallets": [
    ]
}

Create Wallet

Create a Wallet and derive addresses

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_WALLET"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateWalletIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_WALLET",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Create Wallet Accounts

Derive additional addresses using an existing wallet

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateWalletAccountsIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Export Wallet

Exports a Wallet

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_EXPORT_WALLET"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (ExportWalletIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_EXPORT_WALLET",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Export Wallet Account

Exports a Wallet Account

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (ExportWalletAccountIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Signers

Signers allow you to create digitial signatures. Signatures are used to validate the authenticity and integrity of a digital message. Turnkey makes it easy to produce signatures by allowing you to sign with an address. If Turnkey doesn't yet support an address format you need, you can generate and sign with the public key instead by using the address format ADDRESS_FORMAT_COMPRESSED.

Sign Raw Payload

Sign a raw payload

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (SignRawPayloadIntentV2)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Sign Transaction

Sign a transaction

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_SIGN_TRANSACTION_V2"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (SignTransactionIntentV2)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_SIGN_TRANSACTION_V2",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Private Keys

Private Keys are cryptographic public / private key pairs that can be used for cryptocurrency needs or more generalized encryption. Turnkey securely holds all private key materials for you, but only you can access them.

The Private Key ID or any derived address can be used to create digital signatures. See Signers for more information

Get Private Key

Get details about a Private Key

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

privateKeyId
required
string

Unique identifier for a given Private Key.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "privateKeyId": "string"
}

Response samples

Content type
application/json
{
  • "privateKey": {
    }
}

List Private Keys

List all Private Keys within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "privateKeys": [
    ]
}

Create Private Keys

Create new Private Keys

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreatePrivateKeysIntentV2)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Export Private Key

Exports a Private Key

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_EXPORT_PRIVATE_KEY"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (ExportPrivateKeyIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_EXPORT_PRIVATE_KEY",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Private Key Tags

Private Key Tags allow you to easily group and permission Private Keys through Policies.

List Private Key Tags

List all Private Key Tags within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "privateKeyTags": [
    ]
}

Create Private Key Tag

Create a private key tag and add it to private keys.

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreatePrivateKeyTagIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Update Private Key Tag

Update human-readable name or associated private keys. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail.

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (UpdatePrivateKeyTagIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Users

Users are responsible for any action taken within an Organization. They can have ApiKey or Auuthenticator credentials, allowing you to onboard teammates to the Organization, or create API-only Users to run as part of your infrastructure.

Get User

Get details about a User

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

userId
required
string

Unique identifier for a given User.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "userId": "string"
}

Response samples

Content type
application/json
{
  • "user": {
    }
}

List Users

List all Users within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "users": [
    ]
}

Create Users

Create Users in an existing Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_USERS_V2"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateUsersIntentV2)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_USERS_V2",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Update User

Update a User in an existing Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_UPDATE_USER"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (UpdateUserIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_UPDATE_USER",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

User Tags

User Key Tags allow you to easily group and permission Users through Policies.

List User Tags

List all User Tags within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "userTags": [
    ]
}

Create User Tag

Create a user tag and add it to users.

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_USER_TAG"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateUserTagIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_USER_TAG",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Update User Tag

Update human-readable name or associated users. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail.

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_UPDATE_USER_TAG"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (UpdateUserTagIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_UPDATE_USER_TAG",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

User Recovery

Init Email Recovery

Initializes a new email recovery

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (InitUserEmailRecoveryIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Recover a user

Completes the process of recovering a user by adding an authenticator

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_RECOVER_USER"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (RecoverUserIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_RECOVER_USER",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Authenticators

Authenticators are WebAuthN hardware devices, such as a Macbook TouchID or Yubikey, that can be used to authenticate requests.

Get Authenticator

Get details about an authenticator

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

authenticatorId
required
string

Unique identifier for a given Authenticator.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "authenticatorId": "string"
}

Response samples

Content type
application/json
{
  • "authenticator": {
    }
}

Get Authenticators

Get details about authenticators for a user

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

userId
required
string

Unique identifier for a given User.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "userId": "string"
}

Response samples

Content type
application/json
{
  • "authenticators": [
    ]
}

Create Authenticators

Create Authenticators to authenticate requests to Turnkey

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateAuthenticatorsIntentV2)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Delete Authenticators

Remove authenticators from a User

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_DELETE_AUTHENTICATORS"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (DeleteAuthenticatorsIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_DELETE_AUTHENTICATORS",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

API Keys

API Keys are used to authenticate requests

See our CLI for instructions on generating API Keys

Create API Keys

Add api keys to an existing User

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_CREATE_API_KEYS"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (CreateApiKeysIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_CREATE_API_KEYS",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Delete API Keys

Remove api keys from a User

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_DELETE_API_KEYS"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (DeleteApiKeysIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_DELETE_API_KEYS",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Sessions

Who am I?

Get basic information about your current API or WebAuthN user and their organization. Affords Sub-Organization look ups via Parent Organization for WebAuthN users.

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization. If the request is being made by a WebAuthN user and their Sub-Organization ID is unknown, this can be the Parent Organization ID; using the Sub-Organization ID when possible is preferred due to performance reasons.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string"
}

Response samples

Content type
application/json
{
  • "organizationId": "string",
  • "organizationName": "string",
  • "userId": "string",
  • "username": "string"
}

Activities

Activities encapsulate all the possible actions that can be taken with Turnkey. Some examples include adding a new user, creating a private key, and signing a transaction.

Activities that modify your Organization are processed asynchronously. To confirm processing is complete and retrieve the Activity results, these activities must be polled until that status has been updated to a finalized state: COMPLETED when the activity is successful or FAILED when the activity has failed

Get Activity

Get details about an Activity

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

activityId
required
string

Unique identifier for a given Activity object.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "activityId": "string"
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

List Activities

List all Activities within an Organization

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
organizationId
required
string

Unique identifier for a given Organization.

filterByStatus
Array of strings (ActivityStatus)
Items Enum: "ACTIVITY_STATUS_CREATED" "ACTIVITY_STATUS_PENDING" "ACTIVITY_STATUS_COMPLETED" "ACTIVITY_STATUS_FAILED" "ACTIVITY_STATUS_CONSENSUS_NEEDED" "ACTIVITY_STATUS_REJECTED"

Array of Activity Statuses filtering which Activities will be listed in the response.

object (Pagination)
filterByType
Array of strings (ActivityType)
Items Enum: "ACTIVITY_TYPE_CREATE_API_KEYS" "ACTIVITY_TYPE_CREATE_USERS" "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS" "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD" "ACTIVITY_TYPE_CREATE_INVITATIONS" "ACTIVITY_TYPE_ACCEPT_INVITATION" "ACTIVITY_TYPE_CREATE_POLICY" "ACTIVITY_TYPE_DISABLE_PRIVATE_KEY" "ACTIVITY_TYPE_DELETE_USERS" "ACTIVITY_TYPE_DELETE_API_KEYS" "ACTIVITY_TYPE_DELETE_INVITATION" "ACTIVITY_TYPE_DELETE_ORGANIZATION" "ACTIVITY_TYPE_DELETE_POLICY" "ACTIVITY_TYPE_CREATE_USER_TAG" "ACTIVITY_TYPE_DELETE_USER_TAGS" "ACTIVITY_TYPE_CREATE_ORGANIZATION" "ACTIVITY_TYPE_SIGN_TRANSACTION" "ACTIVITY_TYPE_APPROVE_ACTIVITY" "ACTIVITY_TYPE_REJECT_ACTIVITY" "ACTIVITY_TYPE_DELETE_AUTHENTICATORS" "ACTIVITY_TYPE_CREATE_AUTHENTICATORS" "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG" "ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS" "ACTIVITY_TYPE_SET_PAYMENT_METHOD" "ACTIVITY_TYPE_ACTIVATE_BILLING_TIER" "ACTIVITY_TYPE_DELETE_PAYMENT_METHOD" "ACTIVITY_TYPE_CREATE_POLICY_V2" "ACTIVITY_TYPE_CREATE_POLICY_V3" "ACTIVITY_TYPE_CREATE_API_ONLY_USERS" "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM" "ACTIVITY_TYPE_UPDATE_USER_TAG" "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG" "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2" "ACTIVITY_TYPE_CREATE_ORGANIZATION_V2" "ACTIVITY_TYPE_CREATE_USERS_V2" "ACTIVITY_TYPE_ACCEPT_INVITATION_V2" "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION" "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V2" "ACTIVITY_TYPE_UPDATE_ALLOWED_ORIGINS" "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2" "ACTIVITY_TYPE_UPDATE_USER" "ACTIVITY_TYPE_UPDATE_POLICY" "ACTIVITY_TYPE_SET_PAYMENT_METHOD_V2" "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V3" "ACTIVITY_TYPE_CREATE_WALLET" "ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS" "ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY" "ACTIVITY_TYPE_RECOVER_USER" "ACTIVITY_TYPE_SET_ORGANIZATION_FEATURE" "ACTIVITY_TYPE_REMOVE_ORGANIZATION_FEATURE" "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2" "ACTIVITY_TYPE_SIGN_TRANSACTION_V2" "ACTIVITY_TYPE_EXPORT_PRIVATE_KEY" "ACTIVITY_TYPE_EXPORT_WALLET" "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4" "ACTIVITY_TYPE_EMAIL_AUTH" "ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT"

Array of Activity Types filtering which Activities will be listed in the response.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "filterByStatus": [
    ],
  • "paginationOptions": {
    },
  • "filterByType": [
    ]
}

Response samples

Content type
application/json
{
  • "activities": [
    ]
}

Consensus

Policies can enforce consensus requirements for Activities. For example, adding a new user requires two admins to approve the request.

Activities that have been proposed, but don't yet meet the Consesnsus requirements will have the status: REQUIRES_CONSENSUS. Activities in this state can be approved or rejected using the unique fingerprint generated when an Activity is created.

Approve Activity

Approve an Activity

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_APPROVE_ACTIVITY"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (ApproveActivityIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_APPROVE_ACTIVITY",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}

Reject Activity

Reject an Activity

Authorizations:
ApiKeyAuthAuthenticatorAuth
Request Body schema: application/json
type
required
string
Value: "ACTIVITY_TYPE_REJECT_ACTIVITY"
timestampMs
required
string

Timestamp (in milliseconds) of the request, used to verify liveness of user requests.

organizationId
required
string

Unique identifier for a given Organization.

required
object (RejectActivityIntent)

Responses

Request samples

Content type
application/json
{
  • "type": "ACTIVITY_TYPE_REJECT_ACTIVITY",
  • "timestampMs": "string",
  • "organizationId": "string",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "activity": {
    }
}