Vaulty SDK & API
Lightweight, framework-agnostic. Works with React, Vue, Svelte, and vanilla HTML. All sensitive actions happen inside Vaulty — partners only receive verified results.
Install
npm install @vaulty/wallet # or load via CDN: # <script src="https://vaulty.world/vaulty-sdk.js"></script>
Usage
import { Vaulty } from "@vaulty/wallet";
const vaulty = new Vaulty({ partnerId: "acme", network: "solana" });
// 1. Connect (user approves in Vaulty)
const { address } = await vaulty.connect();
// 2. Request a payment (user signs)
const { txId, status } = await vaulty.pay({
to: "RECIPIENT_ADDRESS",
amount: 25,
token: "USDC",
memo: "Order #1234",
});
// 3. Sign a message (proof of ownership)
const sig = await vaulty.signMessage("Login to acme.com at " + Date.now());
// 4. Read public balance for connected address (opt-in, never private)
const bal = await vaulty.getBalance({ token: "USDC" });Built-in loading + error states. Methods reject if the user cancels — handle with try/catch.
1-Line Embed
<!-- Drop anywhere on your page --> <script src="https://vaulty.world/vaulty-embed.js" defer></script> <button data-vaulty-pay data-to="ADDRESS" data-amount="10" data-token="USDC" data-ref="acme"> Pay 10 USDC with Vaulty </button>
Webhooks
Receive signed events when payments complete or fail. Verify X-Vaulty-Signature using your partner secret before processing.
POST https://your-site.com/webhooks/vaulty
Content-Type: application/json
X-Vaulty-Signature: sha256=<hmac>
{
"event": "payment.completed",
"ref": "acme-order-1234",
"txId": "5xK...9aP",
"amount": "25",
"token": "USDC",
"from": "Fz...8b",
"to": "9aB...1c",
"timestamp": 1735000000
}Security Guarantees
- Private keys and seed phrases never leave the user's device.
- Every
pay()requires explicit signing or biometric confirmation. - Partner API keys are read-only for tx status. They cannot query balances or addresses.
- All requests are rate-limited and auditable in the user's Smart Zones log.

