API documentation now publicly available

Get started integrating Bunkyr into your application with 6 simple calls to our REST API

Author profile picture

Mike Lewis

  • 3 minutes

TLDR

Click the “Docs” link in the navbar above or use the following link: Bunkyr pre-release API documentation. Get an API key and free engineering support via email or by scheduling a demo directly on our calendar.

API Overview

The Bunkyr Key Generation API is a lightweight REST API (integrating can be as few as 6 API calls) that generates deterministic encryption keys from three distributed pieces of information:

  1. A share provided by a consumer-facing service or application (cryptocurrency wallet, encrypted cloud storage provider, etc.)
  2. A share provided by the end user (via social sign-in/OAuth provider)
  3. Bunkyr’s secure cryptographic hardware

As long as all three of these pieces are provided, the same key can be generated (and re-generated when needed) to provide a secure, reliable recovery method for any secure application.

Integration

Integrating with our API looks very similar to integrating with a payment processor (Stripe, PayPal, etc.):

  1. Start a transaction with our API from your application
  2. Redirect the end user to our endpoint for them to securely provide their information directly to us
  3. We redirect the end user back to a URL you specify with a token representing the transaction
  4. You finalize the transaction from your application using the returned token

However, instead of taking a payment, we’re securely generating recovery encryption keys.

After receiving the generated recovery key, you should do one of two things with it:

  • When generating a user’s key for the first time, use it to set up encrypted recovery information for the user (encrypt their wallet private keys or account-level master key), then store the ciphertext
  • When recovering a key (a user loses their device or loses their password/primary key), use it to decrypt the stored recovery information and set up new primary keys for their account

Never store or log the recovery key; instead, use it to encrypt or decrypt a user’s recovery information and then immediately and securely delete it. Also coming soon is the ability for the recovery key to only ever be accessible to your end users’ devices, preventing the key from ever even touching your infrastructure.

Getting started

To start, we’re providing the documentation for our REST endpoints, but SDKs for the most popular languages and frameworks are coming soon. Please also feel free to reach out if you have a custom language, framework, or feature you’d like us to prioritize.

Additionally, we provide an OpenAPI specification document for help in starting your integration, and for a limited time are offering free custom engineering support - in exchange for feedback on the early version of our product, we’ll do the programming and integration work for you!

Our API is currently in limited early-access; to get an API key please email our engineering team or schedule a demo directly on our calendar to get started today.