Understanding invisible wallets in OFFER-HUB — automatic Stellar wallet creation and management.
OFFER-HUB uses "invisible wallets" to give users blockchain capabilities without the complexity of managing private keys. Every user gets a Stellar wallet automatically, but they interact with it like a simple account balance.
Tip
Invisible wallets only apply when using PAYMENT_PROVIDER=crypto. AirTM mode uses traditional fiat accounts instead.
What Are Invisible Wallets?
Traditional crypto requires users to:
Install wallet software
Secure a seed phrase
Understand gas fees
Sign transactions manually
OFFER-HUB eliminates all of this. Users see a simple USD balance while the system manages Stellar wallets behind the scenes.
How It Works
Mermaid
Rendering diagram…
Benefits
Benefit
Description
No wallet setup
Users register with email, wallet created automatically
No seed phrases
Private keys secured server-side
No gas management
Platform handles Stellar transaction fees
Familiar UX
Users see USD, not crypto amounts
Full custody
Users can still withdraw to external wallets
Wallet Creation
When a user is created, a Stellar keypair is generated automatically:
{
"data": {
"provider": "crypto",
"method": "stellar_address",
"address": "GCV24WNJYXPG3QFNP6ZQMLVEMHQX5S6J2OWKGVF5U3XC6HF4QQHG7WMD",
"asset": {
"code": "USDC",
"issuer": "GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5"
},
"network": "testnet",
"instructions": "Send USDC to this Stellar address. Deposits are detected automatically within seconds."
}
}
Display to Users
Show users their deposit address with clear instructions:
typescript
📥 Deposit USDC
Send USDC to your personal Stellar address:
GCV24WNJYXPG3QFNP6ZQMLVEMHQX5S6J2OWKGVF5U3XC6HF4QQHG7WMD
Network: Stellar Testnet
Asset: USDC (Circle)
Deposits are credited automatically within seconds.
The WALLET_ENCRYPTION_KEY protects ALL user private keys. If lost, wallet access is permanently lost. Back up this key securely and never commit it to version control.
Best practices:
Generate securely — Use cryptographically secure random bytes
Store in vault — Use HashiCorp Vault, AWS KMS, or platform secrets
Rotate periodically — Plan for key rotation (re-encrypt all wallets)
Separate environments — Use different keys for dev/staging/production
Backup offline — Store encrypted backup in secure physical location
Generating the Encryption Key
bash
# Using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
# Using OpenSSL
openssl rand -hex 32
Transaction Signing
When the user performs an action that requires on-chain activity (funding escrow, withdrawing), the system:
Load encrypted key — Retrieve from database
Decrypt in memory — Use WALLET_ENCRYPTION_KEY
Build transaction — Create Stellar transaction
Sign transaction — Sign with decrypted private key
Submit to network — Send to Stellar Horizon
Clear memory — Wipe decrypted key from memory
Note
Decrypted private keys exist only in memory during transaction signing and are immediately cleared. They are never logged or written to disk.
Using the SDK
typescript
import { OfferHubSDK } from '@offerhub/sdk';
const sdk = new OfferHubSDK({
apiUrl: 'http://localhost:4000',
apiKey: 'ohk_live_your_api_key'
});
// Create a user (wallet created automatically)
const user = await sdk.users.create({
externalUserId: 'my-user-123',
email: 'user@example.com',
type: 'BUYER'
});
// Get deposit address
const deposit = await sdk.wallet.getDepositAddress(user.id);
console.log('Send USDC to:', deposit.address);
// Check balance
const balance = await sdk.users.getBalance(user.id);
console.log('Available:', balance.available);
console.log('Reserved:', balance.reserved);