Skip to main content
Get started with OpenKey in under 5 minutes. You will create an account, generate an Ethereum key inside the TEE, and sign a message.

Prerequisites

  • A modern browser (Chrome, Firefox, Safari, Edge)
  • A device that supports WebAuthn (biometric sensor, security key, or platform authenticator)
OpenKey uses passkeys for authentication. Most modern devices support passkeys through Touch ID, Face ID, Windows Hello, or hardware security keys.

Create Your Account

1

Go to OpenKey

Navigate to openkey.so and click Get Started.
2

Verify your identity

Choose one of two registration methods:
Enter your email address. You will receive a 6-digit verification code. Enter the code to verify your email.
3

Register a passkey

After email or Google verification, you will be prompted to register a passkey. This is required — all future logins use your passkey.Follow your browser’s prompt to create the passkey (Touch ID, Face ID, Windows Hello, or a hardware security key).
4

Your first key is ready

When your account is created, OpenKey automatically generates an Ethereum key inside the TEE. You are redirected to the dashboard where you can see your key’s address.

Your Dashboard

Once signed in, the dashboard shows:
  • Your keys: Ethereum addresses managed by OpenKey, with labels
  • Key details: Click a key to see its address, creation date, and signing options
  • Settings: Account management and passkey settings

Generate an Additional Key

You can create multiple Ethereum keys under your account.
Click Generate New Key on the dashboard. The new key is generated inside the TEE and appears immediately.

Sign a Message

Sign a message using one of your keys.
Signs with the EIP-191 personal message prefix. This is the standard format used by wallets.
curl -X POST https://api.openkey.so/api/keys/KEY_ID/sign \
  -H "Content-Type: application/json" \
  -H "Cookie: better-auth.session_token=YOUR_SESSION_TOKEN" \
  -d '{
    "message": "Hello from OpenKey!"
  }'
Response:
{
  "signature": "0x1234...abcd",
  "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD68",
  "format": "personal_sign"
}

Sign Typed Data (EIP-712)

Sign structured data following the EIP-712 standard. 
curl -X POST https://api.openkey.so/api/keys/KEY_ID/sign-typed-data \
  -H "Content-Type: application/json" \
  -H "Cookie: better-auth.session_token=YOUR_SESSION_TOKEN" \
  -d '{
    "domain": {
      "name": "My App",
      "version": "1",
      "chainId": 1
    },
    "types": {
      "Message": [
        { "name": "content", "type": "string" },
        { "name": "timestamp", "type": "uint256" }
      ]
    },
    "primaryType": "Message",
    "message": {
      "content": "Hello, EIP-712!",
      "timestamp": 1705312200
    }
  }'
Response: 
{
  "signature": "0xabcd...1234",
  "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD68"
}

API Reference

Here is a summary of the key management endpoints. All endpoints require an authenticated session.
MethodEndpointDescription
GET/api/keysList your keys (add ?archived=true to include archived)
POST/api/keys/generateGenerate a new Ethereum key
GET/api/keys/:keyIdGet key details
PATCH/api/keys/:keyIdUpdate key label
POST/api/keys/:keyId/signSign a message
POST/api/keys/:keyId/sign-typed-dataSign EIP-712 typed data
GET/api/keys/:keyId/quoteGet TEE attestation quote for a key
POST/api/keys/:keyId/archiveArchive a key (soft delete)
POST/api/keys/:keyId/unarchiveUnarchive a key

TEE Attestation

You can verify that a key is managed inside a TEE by requesting an attestation quote. 
curl https://api.openkey.so/api/keys/KEY_ID/quote \
  -H "Cookie: better-auth.session_token=YOUR_SESSION_TOKEN"

{
  "quote": "base64-encoded-attestation-quote...",
  "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD68",
  "inTee": true
}
The inTee field confirms the API is running inside a TEE. The quote can be independently verified against the TEE platform’s attestation service.

Next Steps

Widget Integration

Embed connect and sign flows in your web application.

OAuth Provider

Let users sign in to your app with their OpenKey account.

TinyCloud Integration

Use OpenKey as the wallet for TinyCloud SDK.