Key Generation API
Bunkyr is the easiest way to keep your users' encrypted data safe and accessible
$0.02/month per key
First 1000 keys free
Non-custodial recovery
Development sandbox
🚧 ETA Q1 2023
Highest security
Hardware-backed keys
Priority support
Non-custodial recovery
Development sandbox
Contact us
Volume discounts
Custom encryption
Custom authentication
On-premises deployment
Priority support
Non-custodial recovery
Development sandbox
Non-custodial recovery
Never put your users' data or assets at risk while giving them full control and easy recovery methods
Onboard more customers
Simplify your sign-up process by removing tedious seed phrases and backup codes
Save on support
Adding a simple, reliable recovery method means you spend less on support for lost accounts
Give users a familiar interface
Choose from our growing list of social login providers as recovery options for your users
Frequently Asked Questions
Are basic plan keys secure?
Software-only keys are still composed of three parts: one from the user, one from the client, and one from Bunkyr. Our standard keys are extremely secure, but if your application requires additional guarantees to guard against even just Bunkyr's portion of the key being breached, consider using our premium tier.
Is this for Web3/cryptocurrency only?
No, the Bunkyr Key Generation API is suitable for any application with user accounts. We make it possible for users to recover their encrypted user data without relying on traditional methods such as seed phrases, security questions, printed codes, or your servers having access to their sensitive data or assets.
Where does this fit into my application?
Bunkyr replaces the application's traditional recovery method, such as a seed phrase for a crypto wallet or backup code for encrypted cloud storage. Instead of being provided with a special backup method they need to remember or store, users simply connect an OAuth provider like sign-in with Google or Facebook.
Can I use Bunkyr as a primary login?
Yes! We designed our API to accommodate all use cases for generating keys, for both recovery and primary login. For instance, when a user signs up, they can sign in with Google via our API to generate a Bunkyr key. Your application then generates fresh private keys and encrypts them with the Bunkyr key, and you store that encrypted key in your infrastructure. When a user logs in again on a new or existing device, they just sign in with Google via our API and are able to decrypt their private keys and access their data and assets.
What if the hardware fails?
We maintain a set of redundant, geographically-distributed hardware modules for each key, so there is no interruption to service even if a hardware module fails. We can also enroll new hardware any time a user recovers their key, to prevent all of a user's assigned instances from being unavailable as hardware ages.
When will the hardware-secured keys be available?
Our team is currently hard at work getting the hardware ready for production use, which is expected to be available at the start of 2023.
Does the integration change for hardware keys?
No, our API surface is the same for both hardware-backed and software-only keys. This means you can start with our development sandbox, and your integration will remain the same even if you choose to use hardware-backed keys in the future. We can even incrementally migrate your users to hardware-backed keys if you start with software keys and want to beef up your security later.