After signing up for a paid plan with Upvest, you will be able to get your Live (i.e. mainnet) environment API keys. These work exactly the same way as the Playground (testnet) keys, except they give you access to the mainnets of the protocols we support.
Generating your Recovery Kit Encryption Keypair
Before we can provide you with your API keys, there is one important step to complete. In the Playground environment, we automatically generate your Recovery Kit Encryption Keypair, and provide you with the decryption key within the Account Management Dashboard. As recovery kits have no value in the Playground environment, we do this for convenience.
In mainnet, as these will be live production artefacts, we require you to generate your own Recovery Kit Encryption Keypair. Doing so puts you in exclusive control of the private key, meaning that only you will ever have the ability to decrypt recovery kits generated for your users.
Generating this keypair is easy with our keygen tool. Ideally this should be run on a secure system, with the private key being securely stored upon generation. Running this tool generates a keypair such as the one below:
####################################################### Generating Upvest Recovery Kit private-public key pair. ####################################################### -------------------------------------------------------------------------------- YOUR RECOVERY KIT DECRYPTION KEY: 0fRAxQ9GdijpDn4fzcMvpRn+1Lq6YDk/tOT7Yp2McjQ= PLEASE STORE THIS DECRYPTION KEY SOMEWHERE SAFE! ALSO CONSIDER BUSINESS CONTINUITY, IN OTHER WORD, MAKE SURE DECRYPTION WITH THIS RECOVERY KIT DECRYPTION KEY WILL BE MADE POSSIBLE FOR YOUR CLIENTS IN THE (HOPEFULLY UNLIKELY) EVENT THAT YOUR BUSINESS BECOMES INCAPABLE OF PERFORMING THE DECRYPTION ITSELF. -------------------------------------------------------------------------------- THE RECOVERY KIT ENCRYPTION KEY: VMskJQtAzSRLsGW4OOz3RkimrARgqAL9ilHo9+EjOBg= PLEASE SEND **ONLY** THIS ENCRYPTION KEY TO UPVEST. --------------------------------------------------------------------------------
Please send only the encryption key to us via Slack or our support email. As this is the encryption key, it does not require additional protection. We will use this encryption key to encrypt Recovery Kits generated for your users.
You will need to ensure that you keep your Recovery Kit Decryption Key safe, as its loss will mean that any recovery kits generated using that keypair will no longer be of any use. We recommend keeping a copy of this key with a trusted third party (i.e. law firm), in order to be able to produce this key in the event you lose it or are your organisation is no longer able to decrypt your users' recovery kits.
Testing the recovery process (password reset)
Due to the significance of forgotten or lost passwords, and the impact it causes (inability to access wallets and funds), please be sure to test the recovery process prior to generating real production users on the Live (mainnet) environment.
Upvest provides an soon-to-be open source tool ("Dakota") that can be used to read the recovery kit QR code, and perform the decryption using the Recovery Kit Decryption Key. This is just a sample application, and the functionality therein can be reimplemented within your application if desired.
A test version of Dakota is available here for convenience, however this should only be used with Playground recovery kits, as using it for Live recovery kits may compromise your decryption key and the recovery kits themselves. For testing Live environment, we recommend deploying your own internal instance of Dakota.
Securely Receiving Your API Keys
In order for us to securely deliver your Live API Keys to you, we require a PGP/GPG key to encrypt them with. If you do not have any existing GPG keypair, or require information on how to generate one, please see this guide. Once you have a GPG keypair, please send us just the public key via Slack or our support email.
Once we've received your key, we will encrypt your API key information and sent it back to you.
Additional Information
The Live Environment has its own set of Asset IDs for mainnet blockchain assets, so be sure to look up and use the correct Asset ID for the environment you are using.