Releasing to Production

Embedded Wallets offers a client-side secure environment designed to isolate key material in production. This page explains how you can enable this additional security before launch.

Allowlist Domains

Login to the Coinbase Developer Platform Embedded Wallets page to allowlist the domain that will be accessing WaaS. Note that you will need separate projects per origin.

Our approach strictly enforces an origin policy, mandating the addition of all domains and their subdomains that require wallet sharing.

Enable prod tag

Enabling the prod tag option establishes a secure sandbox iframe within a user's browser and direct requests to the secure-waas.coinbase.com domain.

It is critital that you use the prod tag as we do not guarantee the security of wallets created without it. Once we enable your domains, WaaS becomes available for production-grade wallets.

danger

Wallets created without the prod tag are for testing purposes only and are deleted from our systems after a certain period of time.

React
Pure JS

<WalletProvider enableHostedBackups collectAndReportMetrics prod={true}>
    {/* Your app components */}
</WalletProvider>

import { InitializeWaas } from "@coinbase/waas-sdk-web"

const waas = await InitializeWaas({
    collectAndReportMetrics: true,
    enableHostedBackups: true, // Enable if using Coinbase-hosted backups.
    prod: true, // Enabled to launch production
    // other initialization options
});

Was this helpful?

Allowlist Domains​

Enable prod tag​

Allowlist Domains

Enable prod tag