> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getpara.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Wallet Pregeneration

> Create and manage server-side pregenerated wallets using Para's Server SDK

export const Link = ({href, label, newTab = false}) => {
  const [isHovered, setIsHovered] = useState(false);
  return <a href={href} target={newTab ? '_blank' : '_self'} rel={newTab ? 'noopener noreferrer' : undefined} className="not-prose inline-block relative text-black font-semibold cursor-pointer border-b-0 no-underline" onMouseEnter={() => setIsHovered(true)} onMouseLeave={() => setIsHovered(false)}>
      {label}
      <span className={`absolute left-0 bottom-0 w-full rounded-sm bg-gradient-to-r from-orange-600 to-purple-600 transition-all duration-300 ${isHovered ? 'h-0.5' : 'h-px'}`} />
    </a>;
};

<Warning>
  **For new server-side wallet creation, use the [REST API](/v3/rest/overview) instead.** It covers the same use cases
  (pre-created user wallets, agent wallets, server-side signing) without requiring you to store, encrypt, and restore
  user shares or run an MPC ceremony per signature. This guide covers SDK-based pregeneration for existing integrations
  and for flows that need direct user-share control. To move an existing integration, see
  [Migrate SDK pregen wallets to REST API](/v3/rest/migrate-from-sdk-pregen).
</Warning>

Pregenerated wallets let your server create wallets before a user authenticates with Para. The flow works by creating a wallet associated with an identifier of your choice (email, phone, username, or custom ID). Para then provides you with the user share of the 2/2 MPC key, which you must securely store on your server until it's either claimed by a user or used for signing operations.

Because your server holds the user share, SDK pregeneration is the right choice only when you need that control directly — for example, signing with SDK ecosystem integrations (Ethers, Viem, Solana, CosmJS) before the wallet is claimed, or exporting key material through client flows.

## Creating a Pregenerated Wallet

<CodeGroup>
  ```typescript Node.js theme={null}
  import { Para as ParaServer } from "@getpara/server-sdk";

  const paraServer = new ParaServer("YOUR_API_KEY");
  const pregenId = { email: "user@example.com" };

  const hasWallet = await paraServer.hasPregenWallet({
    pregenId,
  });

  if (!hasWallet) {
    await paraServer.createPregenWallet({
      type: "EVM",
      pregenId,
    });
  }
  ```

  ```typescript Bun theme={null}
  import { Para as ParaServer } from "@getpara/server-sdk";

  const paraServer = new ParaServer("YOUR_API_KEY", {
    disableWebSockets: true
  });
  const pregenId = { email: "user@example.com" };

  const hasWallet = await paraServer.hasPregenWallet({
    pregenId,
  });

  if (!hasWallet) {
    await paraServer.createPregenWallet({
      type: "EVM",
      pregenId,
    });
  }
  ```

  ```typescript Deno theme={null}
  import { Para as ParaServer, WalletType } from "@getpara/server-sdk";

  const paraServer = new ParaServer("YOUR_API_KEY", {
    disableWebSockets: true
  });
  const pregenId = { email: "user@example.com" };

  const hasWallet = await paraServer.hasPregenWallet({
    pregenId,
  });

  if (!hasWallet) {
    await paraServer.createPregenWallet({
      type: WalletType.EVM,
      pregenId,
    });
  }
  ```
</CodeGroup>

### Method Parameters

<ResponseField name="createPregenWallet Args" type="object">
  <Expandable title="properties">
    <ResponseField name="type" type="TWalletType" required>
      The type of wallet to create (`'EVM'`, `'SOLANA'`, `'COSMOS'`, or `'STELLAR'`).
    </ResponseField>

    <ResponseField name="pregenId" type="PregenAuth" required>
      The identifier for the new wallet. The `pregenId` must be an object of the form:

      ```typescript theme={null}
      | { email: string; }
      | { phone: `+${number}`; }
      | { farcasterUsername: string; }
      | { telegramUserId: string; }
      | { discordUsername: string; }
      | { xUsername: string; }
      | { customId: string; }
      ```
    </ResponseField>
  </Expandable>
</ResponseField>

<Note>
  The identifier can be an email or phone number, a third-party user ID (for Farcaster, Telegram, Discord, or X), or a custom ID relevant to your application. Choose an identifier that works best for your application architecture.
</Note>

## Securing the User Share

After creating a pregenerated wallet, you must securely store the user share. This component is critical for the wallet's operation and security.

```typescript theme={null}
const userShare = await paraServer.getUserShare();
const encryptedUserShare = await encryptUserShare(userShare);
await database.pregenWallets.save({
  walletId,
  encryptedUserShare,
});
```

<Warning>
  You must securely store this user share in your backend, associated with the user's identifier. If this share is lost, the wallet becomes permanently inaccessible.
</Warning>

### Secure Storage Best Practices

We strongly recommend implementing robust encryption for user shares both in transit and at rest. Consider using a high-entropy encryption key with AES-GCM encryption. Do not store encryption keys in the same database as the encrypted data.

<Check>
  Para offers pre-launch security reviews for teams in the Growth tier or above. Reach out to the Para team for assistance with your implementation!
</Check>

### Storage Security Recommendations

* **Encrypt** user shares in-transit and at-rest
* Implement **access controls** for your share database
* Maintain regular **database backups** to prevent data loss
* Create **disaster recovery** processes for compromise scenarios
* Have a **key rotation** plan in case of security incidents
* Complete **security fire drills** before launching

## Using a Pregenerated Wallet

To use a pregenerated wallet for blockchain operations, you need to:

1. Retrieve the encrypted user share from your database
2. Decrypt the user share
3. Load it into your Para client instance

```typescript theme={null}
const encryptedUserShare = await database.getUserShare(walletId);
const userShare = decryptUserShare(encryptedUserShare);

await paraServer.setUserShare(userShare);
```

<Warning>
  When implementing `setUserShare` in API routes or serverless functions, it's critical to create a new Para client instance for each request. This prevents different users' shares from conflicting with each other. Creating a new Para client has minimal overhead and won't impact request performance.
</Warning>

### Signing Operations

Once the user share is loaded, you can test the wallet functionality by signing a message. However, for production use, we recommend using the blockchain library integrations described in the next section.

```typescript theme={null}
const messageBase64 = Buffer.from("Hello, World!").toString('base64');
const signature = await paraServer.signMessage({
  walletId,
  messageBase64,
});
```

### Using with Blockchain Libraries

Pregenerated wallets work seamlessly with all blockchain integration libraries. Here are some examples:

<CardGroup cols={3}>
  <Card title="EVM Integration" imgUrl="/images/v3/network-evm.png" href="/v3/server/guides/evm" description="Use pregenerated wallets with Ethers.js and other EVM libraries" />

  <Card title="Solana Integration" imgUrl="/images/v3/network-solana.png" href="/v3/server/guides/solana" description="Sign Solana transactions with pregenerated wallets" />

  <Card title="Cosmos Integration" imgUrl="/images/v3/network-cosmos.png" href="/v3/server/guides/cosmos" description="Interact with Cosmos chains using pregenerated wallets" />

  <Card title="Stellar Integration" imgUrl="/images/v3/network-stellar.png" href="/v3/server/guides/stellar" description="Sign Stellar transactions with pregenerated wallets" />
</CardGroup>

## Wallet Claiming Flow

<Warning>
  Claiming pregenerated wallets must be done client-side with the Para Client SDK. The Server SDK does not support the key rotation operations required for wallet claiming.
</Warning>

For applications that need to transfer ownership of pregenerated wallets to users, implement a client-side claiming flow.
Your backend still prepares the stored user share for the authenticating identifier before the client receives it.

1. Look up the stored pregenerated wallet from the authenticating identifier
2. Decrypt and load the stored user share into a fresh server-side Para client
3. Update the pregenerated wallet identifier if it was created with a custom ID
4. Return the updated user share to the client
5. Let the client SDK load the share and claim the wallet

```typescript theme={null}
import { Para as ParaServer } from "@getpara/server-sdk";

export async function preparePregenClaim(email: string) {
  const wallet = await getPregenWalletByEmail(email);
  const para = new ParaServer(process.env.PARA_API_KEY!);
  const userShare = await decryptUserShare(wallet.encryptedUserShare);

  await para.setUserShare(userShare);
  await para.updatePregenWalletIdentifier({
    walletId: wallet.walletId,
    newPregenId: { email },
  });

  return {
    userShare: await para.getUserShare(),
  };
}
```

<Info>
  Calling `setUserShare` before `updatePregenWalletIdentifier` lets the server SDK update the wallet metadata in the
  loaded share. Return that updated share to the client so the loaded wallet identifier matches the user's auth
  identifier during claim.
</Info>

For a comprehensive guide on implementing the claiming flow, refer to our web documentation:

<Card title="Client-Side Wallet Claiming" imgUrl="/images/v3/feature-pregeneration.png" href="/v3/react/guides/pregen" description="Complete guide to implementing the client-side claiming flow for pregenerated wallets" horizontal />

## Core Pregeneration Methods

<Expandable title="Server SDK Pregeneration Methods">
  <ResponseField name="createPregenWallet" type="function">
    Create a new pregenerated wallet for an identifier
  </ResponseField>

  <ResponseField name="hasPregenWallet" type="function">
    Check if a pregenerated wallet exists for an identifier
  </ResponseField>

  <ResponseField name="getPregenWallets" type="function">
    Retrieve pregenerated wallets for a given identifier
  </ResponseField>

  <ResponseField name="getUserShare" type="function">
    Get the user share that must be securely stored
  </ResponseField>

  <ResponseField name="setUserShare" type="function">
    Load a previously stored user share
  </ResponseField>

  <ResponseField name="updatePregenWalletIdentifier" type="function">
    Update the identifier of a pregenerated wallet
  </ResponseField>
</Expandable>

## Best Practices

* **Choose appropriate identifiers** that align with your application architecture
* **Implement robust encryption** for user share storage
* **Create backup systems** to prevent data loss
* **Use a separate database** for user share storage with enhanced security
* **Monitor for suspicious activity** in your pregenerated wallet systems
* **Implement rate-limiting** to prevent abuse of wallet creation
* **Document your recovery procedures** for security incidents
* **Consider multi-region replication** for high-availability systems

## Example Implementation

Here's a reference example demonstrating the creation and secure storage of pregenerated wallets:

<Card title="Server-Side Pregeneration Example" imgUrl="/images/v3/feature-pregeneration.png" href="https://github.com/getpara/examples-hub/blob/3.0.0/server/with-node/src/routes/createWallet.ts" description="Complete example of creating and securely storing pregenerated wallets on a server" horizontal />

## Community Showcase

Check out some novel use cases of pregenerated wallets created by our community:

<Card horizontal title="Awesome Para" imgUrl="/images/v3/awesome-para.png" href="https://github.com/getpara/awesome-para" description="Explore community-contributed examples, libraries, and integrations" />
