curl --request POST \
--url https://api.lightspark.com/grid/2025-10-13/internal-accounts/{id}/export \
--header 'Authorization: Basic <encoded-value>'{
"id": "InternalAccount:019542f5-b3e7-1d02-0000-000000000002",
"encryptedWalletCredentials": "5KqM8nT3wJz2F9b6H1vRgLpXcA7eD4YuN0sBaE8kPyW5iVfG2xQoZ3MnK9LhU6jT1dS4rCyPbH7oVwX2AgE5uYsNq8fLzR3D7JeM1bVkWcHa9Tp"
}Export internal account wallet credentials
Export the wallet credentials of an Embedded Wallet internal account. Wallet credentials are returned encrypted to the client public key that was supplied when the authorizing session was verified.
Export is a two-step signed-retry flow (same pattern as add-additional credential, revoke credential, and revoke session):
-
Call
POST /internal-accounts/{id}/exportwith no headers. The response is202with apayloadToSign,requestId, andexpiresAt. -
Sign the
payloadToSignwith the session private key of a verified authentication credential on the same internal account and retry with the signature as theGrid-Wallet-Signatureheader and therequestIdechoed back as theRequest-Idheader. The signed retry returns200withencryptedWalletCredentials, which the client can decrypt with its local private key.
curl --request POST \
--url https://api.lightspark.com/grid/2025-10-13/internal-accounts/{id}/export \
--header 'Authorization: Basic <encoded-value>'{
"id": "InternalAccount:019542f5-b3e7-1d02-0000-000000000002",
"encryptedWalletCredentials": "5KqM8nT3wJz2F9b6H1vRgLpXcA7eD4YuN0sBaE8kPyW5iVfG2xQoZ3MnK9LhU6jT1dS4rCyPbH7oVwX2AgE5uYsNq8fLzR3D7JeM1bVkWcHa9Tp"
}Authorizations
API token authentication using format <api token id>:<api client secret>
Headers
Signature over the payloadToSign returned in a prior 202 response, produced with the session private key of a verified authentication credential on the target internal account and base64-encoded. Required on the signed retry; ignored on the initial call.
The requestId returned in a prior 202 response, echoed back on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with Grid-Wallet-Signature.
Path Parameters
The id of the internal account to export.
Response
Signed retry accepted. Returns the encrypted wallet credentials.
The id of the internal account that was exported.
"InternalAccount:019542f5-b3e7-1d02-0000-000000000002"
Encrypted wallet mnemonic, sealed to the clientPublicKey supplied on the verify request. Decrypt with the matching private key, then manage the mnemonic securely — it is the master key of the self-custodial Embedded Wallet. Encoded as base58check (same format as AuthSession.encryptedSessionSigningKey).
"5KqM8nT3wJz2F9b6H1vRgLpXcA7eD4YuN0sBaE8kPyW5iVfG2xQoZ3MnK9LhU6jT1dS4rCyPbH7oVwX2AgE5uYsNq8fLzR3D7JeM1bVkWcHa9Tp"
Was this page helpful?