秋田预测市场 · Discord 审计

嵌入式钱包无法导出私钥引发用户询问替代方案

2026-06-17 · Limitless · 4 条相关讨论

Mrint 2026-06-16 22:55:48

How can I export the private key of a limitless embedded signer?

How can I export the private key of a limitless embedded signer?

Mrint 2026-06-16 22:57:30

So how can we do that?

So how can we do that?

Jeremy | Limitless 2026-06-16 23:11:30

The embedded wallet is a non-custodial wallet created and operated within the app by a third-party provider when you sign in via social login, and there's no key-export flow built for it. **If it's for programmatic trading/a bot for a platform you are building**, go to the [partner application form](https://docs.google.com/forms/d/e/1FAIpQLSd1P4UB1yDcdcxJzRrM7EiwuJKTFpKtqgFGA_ftYbNOLg7lsQ/viewform). Before filling it out, log in with your wallet at limitless.exchange to bootstrap a partner account — that gives you the profileId and wallet address the form asks for. The team reviews it and switches on token management plus your allowed scopes, and then you derive the scoped token. And with that you don't actually need the raw key. All programmatic access to the Limitless API authenticates via scoped API tokens with HMAC-SHA256 request signing, and you can mint one straight from your existing social-login session: connect your wallet at limitless.exchange, open the API token modal → API Tokens tab → Derive, and copy the tokenId and secret. Pass those to the SDK as hmacCredentials / hmac_credentials / WithHMACCredentials and it signs every request automatically. Order placement normally still needs an EIP-712 signature from your key, but with the delegated_signing scope the server signs orders on your behalf via a server wallet, so end users never manage a private key. --- **If it's for self-custody**/holding the key yourself, then you need to use an EOA instead of the embedded wallet. So, an account controlled with a wallet like MetaMask or Rabby and you connect it from the main login menu. That gives you a key you own outright, and you can move funds to it.

The embedded wallet is a non-custodial wallet created and operated within the app by a third-party provider when you sign in via social login, and there's no key-export flow built for it. **If it's for programmatic trading/a bot for a platform you are building**, go to the [partner application form](https://docs.google.com/forms/d/e/1FAIpQLSd1P4UB1yDcdcxJzRrM7EiwuJKTFpKtqgFGA_ftYbNOLg7lsQ/viewform). Before filling it out, log in with your wallet at limitless.exchange to bootstrap a partner account — that gives you the profileId and wallet address the form asks for. The team reviews it and switches on token management plus your allowed scopes, and then you derive the scoped token. And with that you don't actually need the raw key. All programmatic access to the Limitless API authenticates via scoped API tokens with HMAC-SHA256 request signing, and you can mint one straight from your existing social-login session: connect your wallet at limitless.exchange, open the API token modal → API Tokens tab → Derive, and copy the tokenId and secret. Pass those to the SDK as hmacCredentials / hmac_credentials / WithHMACCredentials and it signs every request automatically. Order placement normally still needs an EIP-712 signature from your key, but with the delegated_signing scope the server signs orders on your behalf via a server wallet, so end users never manage a private key. --- **If it's for self-custody**/holding the key yourself, then you need to use an EOA instead of the embedded wallet. So, an account controlled with a wallet like MetaMask or Rabby and you connect it from the main login menu. That gives you a key you own outright, and you can move funds to it.