Soroban smart contract wallets · Stellar mainnet

Embedded wallets
for Stellar apps

Give your users a self-custodial Soroban wallet secured by their passkey — Face ID, Touch ID, or Windows Hello. No seed phrases. Guardian-backed recovery. Five minutes to ship.

Start building free See how it works
< 5 minto first wallet
0seed phrases
C-addressSoroban contract
wallet.ts 
// 1. Init with your publishable key
const parax = new Parax({
  publishableKey: 'pk_live_…',
  network: 'mainnet',
});

// 2. Authenticate — email OTP
await parax.auth.requestOtp(email);
await parax.auth.verifyOtp(email, code);

// 3. Create a Soroban smart wallet
//    triggers Face ID / Touch ID registration
const wallet = await parax.wallets.create({
  displayName: user.name,
  walletType: 'CONTRACT',
});
// wallet.stellarAddress → "C…" (contract)

// 4. Sign a transaction
const { txHash } = await parax.wallets.sign({
  walletId: wallet.id,
  transaction: txXdr,   // your XDR
});
// biometric → on-chain ✓
EU-hosted — Amsterdam, Netherlands
GDPR compliant · no US sub-processors
Keys never leave the secure enclave
Soroban smart contract · non-custodial
Smart contract wallets

A Soroban wallet for every user.
Deployed on-chain in seconds.

Each wallet is an individual Soroban smart contract — not a shared multisig, not a custodial account. Signing policy, recovery, and access control live on-chain.

Soroban smart contract · C-address

How the wallet is structured

Parax deploys a unique WASM contract for each user. The contract is initialised with the user's passkey public key and two guardian addresses. Every on-chain action — transfer, policy update, recovery — is validated by the contract itself.

Unique C-address per user Passkey primary key Tenant guardian Parax guardian On-chain timelock recovery Soroban-native
1
WASM deployment — Parax uploads your contract bytecode and instantiates a fresh instance from the shared WASM hash. Each user gets their own contract address.
2
Passkey initialisation — The user's biometric registers a P-256 key via WebAuthn. The public key bytes are passed to init() and stored in the contract.
3
Guardian registration — Your tenant key and the Parax guardian key are set at init time. Either guardian can cosign, but neither can act alone — a user passkey signature is always required.
4
Timelock recovery — Lost your device? Propose a new passkey on-chain. After the timelock window, it takes effect without any trusted party — the contract enforces the delay.
How it works

From signup to signed
transaction in one flow

01

Add the SDK

One package. Works in React, Next.js, Vue, or plain TypeScript. Initialise with your app's publishable key.

02

Authenticate with email OTP

Send a six-digit code to the user's inbox. On verify, Parax returns a signed JWT scoped to your app — no accounts, no passwords.

03

Create the wallet

One API call triggers a WebAuthn passkey registration. Parax deploys the Soroban contract and returns the on-chain address.

04

Sign transactions

Pass any XDR to wallets.sign(). The user's device prompts for biometrics, the guardian cosigns, and the transaction hits Stellar.

05

Recover a lost device

User proposes a new passkey. After the on-chain timelock elapses, the contract allows execution — no backdoor, no trust required.

install 
# install
pnpm add @parax/sdk

// init in your app
import { Parax } from '@parax/sdk';

const parax = new Parax({
  publishableKey: 'pk_live_…',
  network: 'mainnet',
});
// Send OTP to the user's email
await parax.auth.requestOtp(email);

// User submits the 6-digit code
const session = await parax.auth.verifyOtp(
  email,
  code,
);
// → JWT scoped to your app
// → 7-day expiry, auto-stored
// Browser prompts for Face ID / Touch ID
// Parax deploys the Soroban contract
const wallet = await parax.wallets.create({
  displayName: 'Alice',
  walletType: 'CONTRACT', // Soroban
});

// wallet.stellarAddress
// → "CABC…XYZ" — Soroban contract
// → initialised with passkey + 2 guardians
// Prepare — get tx hash for signing
// Sign   — biometric prompt fires
// Submit — guardian cosigns + broadcasts
const result = await parax.wallets.sign({
  walletId: wallet.id,
  transaction: xdr,
});

// result.txHash → confirmed ✓
// result.signatures → { passkey, guardian }
// Initiate recovery — proposes new passkey
await parax.wallets.initiateRecovery({
  walletId: wallet.id,
  newPasskeyPublicKey: newKeyHex,
});
// → contract records proposal on-chain
// → timelock starts (e.g. 7 days)

// After timelock — execute the swap
await parax.wallets.executeRecovery({
  walletId: wallet.id,
});
// → old passkey revoked, new one active
🔐
on-chain
👆
User passkey
Secure enclave
🏢
Your tenant key
Your backend
Parax guardian
HSM-backed
Security model

No single party
can move funds.

Every transaction needs the user's passkey plus one guardian cosignature — enforced by the Soroban contract, not by Parax servers. No single party can move funds alone. Even if Parax disappears, the wallet keeps working.

User passkey — device-native

Stored in the device's secure enclave (TPM / Secure Enclave chip). Never exported, never transmitted to Parax or your server.

Your tenant key — full policy control

Your backend holds this key and co-signs every transaction. You can enforce spending limits, whitelist addresses, or require approval flows before cosigning.

Parax guardian — recovery only

Parax's guardian key is used only during recovery. It cannot be used to initiate transactions. Even if Parax shuts down, wallets remain fully operable via passkey + tenant.

Features

Everything your app needs.
Nothing it doesn't.

Soroban smart wallets

Deploy programmable contract wallets on Stellar. On-chain policy enforcement, timelock recovery, and composability with DeFi protocols.

Passkey-native signing

Users sign transactions with Face ID, Touch ID, or Windows Hello. WebAuthn / FIDO2 under the hood — keys never leave the secure enclave.

Email OTP onboarding

A six-digit code to the user's inbox is all it takes. No app install, no Chrome extension, no crypto knowledge required.

Tenant key model

Your backend holds a co-signing key. Enforce spend limits, KYC gates, or custom approval flows before every guardian cosignature.

Multi-device passkeys

Users can register multiple passkeys — phone, laptop, hardware key. Each device gets its own signer slot in the contract.

TypeScript SDK

Full-typed SDK for browser and Node.js. Covers auth, wallet creation, signing, export, and recovery — plus a server-side admin client.

EU-hosted · GDPR

All infrastructure runs in Amsterdam (Scaleway nl-ams). Data never leaves the EU. No US sub-processors involved in key storage or transaction signing.

Pricing

Start free.
Pay as you grow.

No setup fees. No minimums. Pay only for wallets created and sign operations.

Sandbox
Free
forever · no card required
  • 10 wallets
  • 500 sign ops / month
  • Testnet & mainnet
  • Full SDK & REST API
  • Community support
Get started free
Starter Popular
29
per month + usage overage
  • 500 wallets included
  • 10,000 sign ops / month
  • +€ 0.05 / wallet over limit
  • +€ 0.002 / sign op over limit
  • 99.9 % uptime SLA
  • Email support
Get started
Growth
149
per month + usage overage
  • 5,000 wallets included
  • 100,000 sign ops / month
  • +€ 0.03 / wallet over limit
  • +€ 0.001 / sign op over limit
  • 99.9 % uptime SLA
  • Priority support
Get started

Need more than 5,000 wallets or custom SLAs? Talk to us about Enterprise.

Ready to ship?

Self-custodial wallets
in five minutes.

Parax handles the Soroban contracts, passkey registration, guardian infrastructure, and recovery flows — so you can focus on your product.

Start building free Talk to us