Every BitGo Wallet Type has the following 3 keys:
- User key
- Backup key
- BitGo key
Bitgo co-signs every transaction with the BitGo key, in addition to your co-signers. When you create self-managed wallets, BitGo never has access to your private user or backup keys. You create keys client side and only pass to BitGo an encrypted user key and the public backup key.
Once you create wallets with BitGo, you can configure advanced security policies, enabling your digital assets to move seamlessly and reliably.
For information, view Wallet Kit.
Simple or Advanced
For self-managed hot wallets, you can transact by making a call that builds, signs, and sends transactions to BitGo, all in 1 step. However, if your use case needs more control and granularity, BitGo provides APIs for advanced transactions, enabling you to manually construct each step. Simple-transaction flows are the same for self-managed multisignature and TSS hot wallets. However, advanced-transaction flows differs by wallet type.
- Initiate - Bitgo uses the information you pass in this call to build an unsigned transaction.
- Approve (Optional) - You can configure a wallet policy to require admin approval for all outgoing transactions, providing an extra layer of security. Transactions remain in a pending-approval status until final approval. Approving a transaction doesn't apply a signature.
- Sign - Conduct video verification with a BitGo operator. Once verified, BitGo does the following:
- Uploads the unsigned transaction to the BitGo Offline Vault Console (OVC).
- Uses the user key to sign the unsigned transaction in the OVC, becoming a half-signed transaction.
- Uses the BitGo key to sign the half-signed transaction in a hardware security module (HSM), creating a fully-signed transaction.
- Broadcast - Using a BitGo node, Bitgo broadcasts the transaction to the network for confirmation.
The following steps guide you through creating wallets and transacting: