Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tkhq/sdk/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Turnkey API must carry a cryptographic stamp — a signature over the serialized JSON request body. A stamper is an object responsible for producing that stamp. You pass a stamper into TurnkeyClient from @turnkey/http, and the client calls it automatically whenever a request is made.
Stampers are passed as the second argument to TurnkeyClient from @turnkey/http. The client calls stamper.stamp(payload) on every outbound request and attaches the result as an HTTP header.

The TStamper interface

All stampers implement the same interface: 
interface TStamper {
  stamp: (input: string) => Promise<TStamp>;
}

type TStamp = {
  stampHeaderName: string;
  stampHeaderValue: string;
};
When TurnkeyClient is about to send a request, it serializes the request body to a JSON string, passes it to stamper.stamp(payload), and then attaches the returned header name and value to the outgoing HTTP request.

Choosing a stamper

StamperPackageUse when
ApiKeyStamper@turnkey/api-key-stamperServer-side or CLI — signing with a P-256 API key pair stored in your environment
WebauthnStamper@turnkey/webauthn-stamperBrowser — authenticating users with passkeys (WebAuthn credentials)
IframeStamper@turnkey/iframe-stamperBrowser — email OTP or phone OTP auth; credentials are isolated inside a sandboxed iframe
WalletStamper@turnkey/wallet-stamperBrowser or Node — authenticating with an existing Ethereum or Solana wallet
IndexedDbStamper@turnkey/indexed-db-stamperBrowser — persistent sessions using an unextractable P-256 key stored in IndexedDB

How a stamp is verified

Turnkey’s backend verifies every incoming stamp against the authenticators registered for the requesting user or organization. The stamper selects the appropriate signature scheme:
  • ApiKeyStamper uses SIGNATURE_SCHEME_TK_API_P256 and attaches the stamp in the X-Stamp header.
  • WebauthnStamper uses the WebAuthn assertion format and attaches the stamp in the X-Stamp-Webauthn header.
  • IframeStamper uses X-Stamp (the credential lives inside the iframe’s embedded key).
  • WalletStamper uses SIGNATURE_SCHEME_TK_API_SECP256K1_EIP191 for Ethereum or SIGNATURE_SCHEME_TK_API_ED25519 for Solana, both in X-Stamp.

Available stampers

@turnkey/api-key-stamper

Sign requests with a P-256 API key pair. Best for server-side and CLI usage.

@turnkey/webauthn-stamper

Sign requests with a browser passkey. Best for user-facing web applications.

@turnkey/iframe-stamper

Sign requests inside a sandboxed iframe. Used for email and phone OTP flows.

@turnkey/wallet-stamper

Sign requests with an existing Ethereum or Solana wallet such as MetaMask.