> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getpara.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sign Transaction

> Sign a transaction with a wallet's private key share via MPC.

**EVM:** Provide unsigned transaction fields as a JSON object and the endpoint
will RLP-encode them, sign via MPC, and return a fully serialized signed
transaction (hex-encoded with `0x` prefix) ready for broadcast.

**Solana:** Provide a base64-encoded serialized Solana transaction (as built
by `@solana/web3.js`). Both legacy `Transaction` and versioned
`VersionedTransaction` (v0, with Address Lookup Tables) are accepted; the
endpoint auto-detects the format, signs via MPC, and returns the signed
transaction as a base64 string ready for broadcast.

Set top-level `broadcast: true` to broadcast the signed transaction for EVM
or Solana wallets. Broadcasted calls create a persisted transaction record,
return `txHash` and `transactionId`, and set `x-transaction-id`. Omitted
`broadcast` remains sign-only and writes no transaction-history row. Stellar
wallets do not support `broadcast: true`.

**Stellar:** Provide a base64-encoded Stellar transaction envelope (XDR) in
the `transaction` field and the network passphrase in `networkPassphrase`.
The endpoint computes the transaction hash, signs it via MPC, and returns
the signed transaction as a base64-encoded XDR string.




## OpenAPI

````yaml /openapi.yaml post /v1/wallets/{walletId}/sign-transaction
openapi: 3.0.3
info:
  title: Para REST API
  version: '1.0'
  description: Server-to-server wallet creation and signing over HTTP
servers:
  - url: https://api.beta.getpara.com
    description: Beta
  - url: https://api.getpara.com
    description: Production
security:
  - ApiKeyAuth: []
paths:
  /v1/wallets/{walletId}/sign-transaction:
    post:
      tags:
        - Signing
      summary: Sign Transaction
      description: >
        Sign a transaction with a wallet's private key share via MPC.


        **EVM:** Provide unsigned transaction fields as a JSON object and the
        endpoint

        will RLP-encode them, sign via MPC, and return a fully serialized signed

        transaction (hex-encoded with `0x` prefix) ready for broadcast.


        **Solana:** Provide a base64-encoded serialized Solana transaction (as
        built

        by `@solana/web3.js`). Both legacy `Transaction` and versioned

        `VersionedTransaction` (v0, with Address Lookup Tables) are accepted;
        the

        endpoint auto-detects the format, signs via MPC, and returns the signed

        transaction as a base64 string ready for broadcast.


        Set top-level `broadcast: true` to broadcast the signed transaction for
        EVM

        or Solana wallets. Broadcasted calls create a persisted transaction
        record,

        return `txHash` and `transactionId`, and set `x-transaction-id`. Omitted

        `broadcast` remains sign-only and writes no transaction-history row.
        Stellar

        wallets do not support `broadcast: true`.


        **Stellar:** Provide a base64-encoded Stellar transaction envelope (XDR)
        in

        the `transaction` field and the network passphrase in
        `networkPassphrase`.

        The endpoint computes the transaction hash, signs it via MPC, and
        returns

        the signed transaction as a base64-encoded XDR string.
      operationId: signTransaction
      parameters:
        - $ref: '#/components/parameters/WalletId'
        - $ref: '#/components/parameters/RequestId'
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignTransactionRequest'
      responses:
        '200':
          description: Signed transaction
          headers:
            x-transaction-id:
              schema:
                type: string
                format: uuid
              description: >-
                Present only when `broadcast: true` created a persisted
                transaction record.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignTransactionResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          description: |
            Forbidden. Either the API key is invalid (`FORBIDDEN`) or a policy
            denied the operation (`POLICY_DENIED`).
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/Error'
                  - $ref: '#/components/schemas/PolicyDeniedError'
              examples:
                forbidden:
                  summary: Invalid API key
                  value:
                    code: FORBIDDEN
                    message: invalid secret api key
                policyDenied:
                  summary: Denied by policy
                  value:
                    code: POLICY_DENIED
                    message: Transaction denied by policy
                    deniedBy:
                      scopeName: transfers
                      permissionType: TRANSFER
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          $ref: '#/components/responses/IdempotencyConflict'
        '422':
          $ref: '#/components/responses/Unprocessable'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/ServerError'
components:
  parameters:
    WalletId:
      name: walletId
      in: path
      required: true
      description: Wallet ID
      schema:
        type: string
        example: 0a1b2c3d-4e5f-6789-abcd-ef0123456789
    RequestId:
      name: X-Request-Id
      in: header
      required: false
      description: UUID for request tracing. Para returns one if omitted.
      schema:
        type: string
        format: uuid
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: >
        Unique key for safe retries on POST endpoints. If a request with the
        same key

        is received within 24 hours, the original response is returned without
        re-executing.

        Recommended format: UUID v4. Max length 256 characters.

        Returns 422 if the same key is reused with a different request body.

        Returns 409 if a request with the same key is still being processed.
      schema:
        type: string
        maxLength: 256
  schemas:
    SignTransactionRequest:
      type: object
      required:
        - transaction
      properties:
        transaction:
          description: >
            EVM: JSON object with unsigned transaction fields.

            Solana: base64-encoded serialized transaction string.

            Stellar: base64-encoded XDR transaction envelope string.

            The API differentiates by the wallet's type (determined by
            `walletId`).

            Objects are treated as EVM transactions; strings are treated as
            Solana

            or Stellar transactions depending on the wallet type. For Stellar

            wallets, `networkPassphrase` is required.
          oneOf:
            - $ref: '#/components/schemas/EvmTransaction'
            - type: string
              description: >-
                Base64-encoded serialized Solana transaction. Accepts both
                legacy (`Transaction.serialize()`) and versioned
                (`VersionedTransaction.serialize()`, v0) formats, auto-detected
                on the server.
              example: AQAAAA...
            - type: string
              description: >-
                Base64-encoded Stellar transaction envelope (XDR). Must also
                provide `networkPassphrase`.
              example: AAAAAgAAAA...
        networkPassphrase:
          type: string
          description: >-
            Stellar network passphrase. Required when the wallet referenced by
            `walletId` is a STELLAR wallet. Ignored for other wallet types.
          example: Public Global Stellar Network ; September 2015
        network:
          type: string
          enum:
            - SOLANA
            - SOLANA_DEVNET
          description: >-
            Solana network to broadcast to when `broadcast: true`. Uses the same
            environment rules as `POST /transfer`.
        broadcast:
          type: boolean
          default: false
          description: >-
            When true, broadcast the signed EVM or Solana transaction, create a
            persisted transaction record, and return `txHash` plus
            `transactionId`. Omitted or false remains sign-only. Stellar wallets
            reject `broadcast: true`.
    SignTransactionResponse:
      type: object
      required:
        - signedTransaction
      properties:
        signedTransaction:
          type: string
          description: >-
            Signed transaction ready for broadcast. EVM: RLP-encoded hex string
            with `0x` prefix. Solana: base64-encoded string. Stellar:
            base64-encoded XDR string.
          example: 0x02f8...
        txHash:
          type: string
          description: 'Transaction hash. Present only when `broadcast: true` succeeds.'
          example: 0x1234abcd...
        transactionId:
          type: string
          format: uuid
          description: >-
            Persisted transaction record id. Present only when `broadcast: true`
            creates a transaction-history row.
          example: 550e8400-e29b-41d4-a716-446655440000
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Machine-readable error code for programmatic handling
          example: INVALID_REQUEST
        message:
          type: string
          description: Human-readable error message
        transactionId:
          type: string
          format: uuid
          description: >-
            Persisted transaction record id. Present only when a broadcast
            request failed after a history row was created.
        failureStage:
          type: string
          enum:
            - mpc_sign
            - signature_apply
            - signer_verify
            - broadcast
            - monitor_timeout
          description: >-
            Which stage of the broadcast lifecycle failed. Present on persisted
            broadcast failures.
        failureCode:
          type: string
          description: >-
            Machine-readable failure reason from the underlying broadcast helper
            (e.g. `INSUFFICIENT_NATIVE_BALANCE`, `EXECUTION_FAILED`). Present on
            broadcast-stage failures.
        signedTransaction:
          type: string
          description: >-
            Signed transaction bytes. Present on broadcast failures that happen
            after signing completed.
      additionalProperties: true
      description: >
        All error responses include `code` and `message` fields. Some errors
        include extra fields (e.g. `walletId` on 409 Conflict).

        Broadcast failures that occur after a persisted transaction row is
        created include `transactionId`,

        `failureStage`, and (on broadcast-stage failures) `failureCode`, and
        also set the `x-transaction-id`

        response header. If signing completed before the failure,
        `signedTransaction` is included so callers

        can inspect or retry the already-signed bytes.


        Common error codes: `INVALID_REQUEST`, `UNAUTHORIZED`, `FORBIDDEN`,
        `NOT_FOUND`, `CONFLICT`, `WALLET_ALREADY_EXISTS`,
        `WALLET_ALREADY_CLAIMED`, `RATE_LIMITED`, `INTERNAL_ERROR`.
    PolicyDeniedError:
      type: object
      properties:
        code:
          type: string
          example: POLICY_DENIED
        message:
          type: string
          example: Transaction denied by policy
        deniedBy:
          type: object
          properties:
            scopeName:
              type: string
            permissionType:
              type: string
            condition:
              type: object
              properties:
                resource:
                  type: string
                comparator:
                  type: string
                reference: {}
    EvmTransaction:
      type: object
      required:
        - to
        - chainId
        - type
      properties:
        to:
          type: string
          description: Destination address (contract deployment not supported)
          example: 0x742d35Cc6634C0532925a3b844Bc9e7595f...
        value:
          type: string
          description: Value in wei (decimal or 0x-prefixed hex)
          example: '0x2386f26fc10000'
        chainId:
          oneOf:
            - type: string
            - type: integer
          description: Chain ID (decimal or 0x-prefixed hex, e.g. "1" for Ethereum mainnet)
          example: '1'
        data:
          type: string
          description: Hex-encoded calldata (0x-prefixed)
        nonce:
          type: integer
          minimum: 0
          description: Transaction nonce
        gasLimit:
          type: string
          description: Gas limit (decimal or 0x-prefixed hex)
          example: '0x5208'
        maxFeePerGas:
          type: string
          description: EIP-1559 max fee per gas (decimal or 0x-prefixed hex)
        maxPriorityFeePerGas:
          type: string
          description: EIP-1559 max priority fee per gas (decimal or 0x-prefixed hex)
        gasPrice:
          type: string
          description: Legacy gas price (decimal or 0x-prefixed hex)
        type:
          type: integer
          enum:
            - 0
            - 2
          description: 'Transaction type: 0 (legacy) or 2 (EIP-1559)'
  responses:
    BadRequest:
      description: Invalid request body
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: INVALID_REQUEST
            message: type must be one of EVM, SOLANA, COSMOS, STELLAR
    Unauthorized:
      description: API key not provided
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: UNAUTHORIZED
            message: secret api key not provided
    NotFound:
      description: Wallet not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: NOT_FOUND
            message: wallet not found
    IdempotencyConflict:
      description: A request with this idempotency key is currently being processed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: CONFLICT
            message: A request with this idempotency key is currently being processed
    Unprocessable:
      description: Idempotency key reused with a different request body
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: UNPROCESSABLE
            message: >-
              Idempotency key has already been used with different request
              parameters
    TooManyRequests:
      description: Rate limit exceeded
      headers:
        Retry-After:
          schema:
            type: integer
          description: Seconds until the rate limit window resets
          example: 60
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: RATE_LIMITED
            message: Rate limit exceeded, try again shortly.
    ServerError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: INTERNAL_ERROR
            message: Internal Server Error
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: Your partner secret key (server-side only)
      x-default: sk_your_secret_key_here

````