Quickstart
Sign your first message with @mpckit/sdk in five minutes.
This walks from a fresh API key to a signed message. ika runs on Sui
mainnet using the 2PC-MPC protocol; the SDK accepts either mainnet or
testnet so you can sandbox the integration before flipping the switch.
The TypeScript SDK is a thin client over api.mpckit.xyz; everything below
mirrors what the HTTP API does, with the DKG and centralized-signature
crypto running locally inside MPCKit.
Get an API key
Open the dashboard, create a project, and issue a key. The key looks
like mpckit_test_… on testnet and mpckit_live_… on mainnet. Treat it like
a password. It authorizes calls against your project's credit balance.
Install the SDK
bun add @mpckit/sdkpnpm add @mpckit/sdknpm install @mpckit/sdkyarn add @mpckit/sdkConstruct the client
import { MPCKit } from "@mpckit/sdk";
export const api = new MPCKit({
baseUrl: "https://api.mpckit.xyz",
apiKey: process.env.MPCKIT_API_KEY!,
network: "testnet",
});
console.log(await api.health()); // { ok: true, service: "ika-api", … }MPCKit is a single class with all methods on it. network is
"testnet" or "mainnet"; the matching default Sui fullnode is used
for on-chain reads unless you pass suiRpcUrl.
Fund the project
Pricing is in microUSD (1 microUSD = $0.000001) and credits are funded by depositing accepted Sui-side coins.
const { address } = await api.depositAddress();
// send accepted coin to `address` from any Sui wallet, then …
await api.declareDeposit(txDigest);
console.log(await api.balance()); // { creditsMicro, creditsUsd }api.billingPricing() lists accepted coin types, op prices, and the
live USD price feed.
Onboard a dWallet
The high-level onboard runs distributed key generation end-to-end:
it submits the on-chain DKG, polls for awaiting_user_share, and
finalizes by accepting the encrypted user share.
import { Curve } from "@mpckit/sdk";
import { randomBytes } from "node:crypto";
const seed = randomBytes(32); // 32 bytes; persist if you need to sign again
const result = await api.onboard({
seed,
curve: Curve.SECP256K1,
});
// PERSIST these alongside the dwallet. They are not stored server-side:
const dwalletId = result.dwallet.id;
const userSecretKeyShareHex = result.userSecretKeyShareHex;Keep your seed. The share is recoverable.
The seed is the only secret you must protect. Lose it and the
dWallet is unrecoverable. userSecretKeyShareHex is the warm-path
input to sign, but it isn't a single point of failure: the
encrypted share lives on chain, and the seed alone derives the
decryption key (via UserShareEncryptionKeys.decryptUserShare from
upstream @ika.xyz/sdk). Persist the share for the warm path; if
you ever lose it, you can rederive it from chain + seed.
Sign
import { Curve, Hash, SignatureAlgorithm } from "@mpckit/sdk";
const message = new TextEncoder().encode("hello, ika");
const sig = await api.sign({
seed,
dwalletId,
curve: Curve.SECP256K1,
signatureAlgorithm: SignatureAlgorithm.ECDSASecp256k1,
hashScheme: Hash.SHA256,
message,
userSecretKeyShareHex,
});
console.log(sig.signature); // Uint8Array
console.log(sig.signRequestId, sig.txDigest);The call drives a two-party MPC ceremony with the network share; the
returned Uint8Array is the raw signature.