Understand how Cubewire Wallet-as-a-Service processes transactions, manages security, and integrates with your systems.
Cubewire Wallet-as-a-Service is designed with security and reliability at its core. Every transaction flows through multiple layers of protection—from authentication and policy enforcement to compliance screening and HSM-based signing—before reaching the blockchain.
This page covers:
A vault is a secure container for blockchain keys and addresses. Each vault is isolated with its own cryptographic material stored in hardware security modules (HSM).
| Vault Type | Description | Use Case |
|---|---|---|
| Mainnet | Production vaults for real assets | Live operations, treasury |
| Testnet | Development vaults on test networks | Integration testing, development |
Vaults belong to your organization. Team members access vaults based on their assigned roles and permissions.
Here's what happens when you send a transaction through Cubewire:
The entire flow—from request to blockchain confirmation—typically completes in seconds. For transactions requiring approval, you control the workflow through our approvals API.
Cubewire employs multiple layers of security to protect your assets:
| Layer | Protection |
|---|---|
| Authentication | OAuth 2.0 client credentials with short-lived access tokens |
| Authorization | Role-based permissions control what each credential can access |
| Policy Enforcement | Transactions must pass your configured rules before signing |
| Compliance | Automated screening against sanctions lists and risk databases |
| Key Security | Private keys never leave FIPS 140-2 Level 3 certified HSMs |
Your private keys are:
All API requests use OAuth 2.0 client credentials flow:
| Component | Description |
|---|---|
| Client ID | Public identifier for your API credential |
| Client Secret | Secret key (store securely, never expose in client-side code) |
| Access Token | Short-lived JWT for API requests (expires in 1 hour) |
Never embed client secrets in frontend applications or mobile apps. Use server-side authentication only.
Cubewire integrates with leading compliance providers to automate regulatory requirements. Configure these checks at the organization level—they run automatically on every transaction.
| Check | What It Does | When It Runs |
|---|---|---|
| KYB/KYC | Verifies organization and user identity | Organization onboarding, user registration |
| AML/KYT | Screens transactions for money laundering risk | Every outbound transaction |
| Sanctions | Checks addresses against OFAC, UN, EU sanctions lists | Every transaction (sender & recipient) |
| Travel Rule | Exchanges originator/beneficiary data per FATF guidelines | Transfers above threshold (varies by jurisdiction) |
Compliance settings are configured per organization. Contact your account manager to enable or customize compliance checks for your use case.
Choose the pattern that fits your use case:
Best for backend services that need programmatic access to wallets.
Your server authenticates with Cubewire using API credentials and performs operations on behalf of your users. Transaction events flow back via webhooks.
Use cases: Automated payouts, treasury operations, trading bots
Best for high-value transactions requiring human approval.
Define approval thresholds in your policies. When a transaction triggers approval, designated approvers receive notifications and vote through your interface.
Use cases: Treasury management, large transfers, compliance-sensitive operations
Best for systems that react to blockchain activity in real-time.
Subscribe to webhook events and process them asynchronously. We handle retries and provide HMAC signatures for verification.
Use cases: Real-time dashboards, notifications, accounting systems, audit logging
Cubewire sends real-time webhook notifications for transaction lifecycle events—from submission through confirmation or failure. All payloads include HMAC signatures for verification.
See Webhooks for event types, payload formats, and security best practices.
Cubewire supports EVM-compatible blockchains:
| Network | Chain ID | Type |
|---|---|---|
| Ethereum | 1 | Mainnet |
| Polygon | 137 | Mainnet |
| Arbitrum One | 42161 | Mainnet |
| Base | 8453 | Mainnet |
| Ethereum Sepolia | 11155111 | Testnet |
| Polygon Amoy | 80002 | Testnet |
| Cubewire Testnet | 62831 | Testnet |
Start with Cubewire Testnet for development—it's fast, free, and purpose-built for testing. Use the Cubewire Faucet to get test tokens.
Every action in Cubewire is recorded for compliance and operational visibility:
| Log Type | What's Captured |
|---|---|
| Transaction logs | All transaction attempts, approvals, and outcomes |
| Access logs | API authentication events and credential usage |
| Policy logs | Policy evaluations and rule matches |
| User activity | Dashboard actions and configuration changes |
Logs are retained according to your organization's compliance requirements and are accessible via API for integration with your SIEM or reporting systems.
Understand how Cubewire Wallet-as-a-Service processes transactions, manages security, and integrates with your systems.
Cubewire Wallet-as-a-Service is designed with security and reliability at its core. Every transaction flows through multiple layers of protection—from authentication and policy enforcement to compliance screening and HSM-based signing—before reaching the blockchain.
This page covers:
A vault is a secure container for blockchain keys and addresses. Each vault is isolated with its own cryptographic material stored in hardware security modules (HSM).
| Vault Type | Description | Use Case |
|---|---|---|
| Mainnet | Production vaults for real assets | Live operations, treasury |
| Testnet | Development vaults on test networks | Integration testing, development |
Vaults belong to your organization. Team members access vaults based on their assigned roles and permissions.
Here's what happens when you send a transaction through Cubewire:
The entire flow—from request to blockchain confirmation—typically completes in seconds. For transactions requiring approval, you control the workflow through our approvals API.
Cubewire employs multiple layers of security to protect your assets:
| Layer | Protection |
|---|---|
| Authentication | OAuth 2.0 client credentials with short-lived access tokens |
| Authorization | Role-based permissions control what each credential can access |
| Policy Enforcement | Transactions must pass your configured rules before signing |
| Compliance | Automated screening against sanctions lists and risk databases |
| Key Security | Private keys never leave FIPS 140-2 Level 3 certified HSMs |
Your private keys are:
All API requests use OAuth 2.0 client credentials flow:
| Component | Description |
|---|---|
| Client ID | Public identifier for your API credential |
| Client Secret | Secret key (store securely, never expose in client-side code) |
| Access Token | Short-lived JWT for API requests (expires in 1 hour) |
Never embed client secrets in frontend applications or mobile apps. Use server-side authentication only.
Cubewire integrates with leading compliance providers to automate regulatory requirements. Configure these checks at the organization level—they run automatically on every transaction.
| Check | What It Does | When It Runs |
|---|---|---|
| KYB/KYC | Verifies organization and user identity | Organization onboarding, user registration |
| AML/KYT | Screens transactions for money laundering risk | Every outbound transaction |
| Sanctions | Checks addresses against OFAC, UN, EU sanctions lists | Every transaction (sender & recipient) |
| Travel Rule | Exchanges originator/beneficiary data per FATF guidelines | Transfers above threshold (varies by jurisdiction) |
Compliance settings are configured per organization. Contact your account manager to enable or customize compliance checks for your use case.
Choose the pattern that fits your use case:
Best for backend services that need programmatic access to wallets.
Your server authenticates with Cubewire using API credentials and performs operations on behalf of your users. Transaction events flow back via webhooks.
Use cases: Automated payouts, treasury operations, trading bots
Best for high-value transactions requiring human approval.
Define approval thresholds in your policies. When a transaction triggers approval, designated approvers receive notifications and vote through your interface.
Use cases: Treasury management, large transfers, compliance-sensitive operations
Best for systems that react to blockchain activity in real-time.
Subscribe to webhook events and process them asynchronously. We handle retries and provide HMAC signatures for verification.
Use cases: Real-time dashboards, notifications, accounting systems, audit logging
Cubewire sends real-time webhook notifications for transaction lifecycle events—from submission through confirmation or failure. All payloads include HMAC signatures for verification.
See Webhooks for event types, payload formats, and security best practices.
Cubewire supports EVM-compatible blockchains:
| Network | Chain ID | Type |
|---|---|---|
| Ethereum | 1 | Mainnet |
| Polygon | 137 | Mainnet |
| Arbitrum One | 42161 | Mainnet |
| Base | 8453 | Mainnet |
| Ethereum Sepolia | 11155111 | Testnet |
| Polygon Amoy | 80002 | Testnet |
| Cubewire Testnet | 62831 | Testnet |
Start with Cubewire Testnet for development—it's fast, free, and purpose-built for testing. Use the Cubewire Faucet to get test tokens.
Every action in Cubewire is recorded for compliance and operational visibility:
| Log Type | What's Captured |
|---|---|
| Transaction logs | All transaction attempts, approvals, and outcomes |
| Access logs | API authentication events and credential usage |
| Policy logs | Policy evaluations and rule matches |
| User activity | Dashboard actions and configuration changes |
Logs are retained according to your organization's compliance requirements and are accessible via API for integration with your SIEM or reporting systems.