> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rebelfi.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Wallet Profiles

> Group and configure SDK wallets with Wallet Profiles

# Wallet Profiles

A **Wallet Profile** is a named group of wallets with shared configuration: which blockchains are enabled, the operation timeout, and optional gas sponsorship settings. All wallets registered via SDK under an API key belong to that key's Wallet Profile.

<Info>
  **Key Principle**: RebelFi never holds your private keys. You build transactions through the SDK, sign them with your
  own key infrastructure, and submit the result. The Wallet Profile controls which chains and settings apply to
  your SDK-managed wallets.
</Info>

## Creating a Wallet Profile

<Steps>
  <Step title="Navigate to Wallet Profiles">
    Go to **Settings → Wallet Profiles** in the dashboard.
  </Step>

  <Step title="Create a Profile">
    Click **Create Profile** and fill in:

    | Field                                | Description                                                                   |
    | ------------------------------------ | ----------------------------------------------------------------------------- |
    | **Name**                             | Descriptive label (e.g., "Customer Wallets", "Treasury Ops")                  |
    | **Enabled Chains**                   | Blockchains wallets in this profile can use (Ethereum, Polygon, Solana, etc.) |
    | **Operation Timeout**                | Seconds before a PLANNED operation expires (default: 120s, range: 30–3600s)   |
    | **Gas Sponsor Wallet**               | Optional: address of a wallet that pays gas fees on behalf of end users       |
    | **Gas Sponsor Pays For Transaction** | Whether the sponsor covers the full transaction fee (default: true)           |
  </Step>

  <Step title="Save">
    Click **Save**. Your profile is ready to use.
  </Step>
</Steps>

## Linking an API Key to a Profile

API keys must be linked to a Wallet Profile. The key can only register wallets and execute operations within its profile.

<Steps>
  <Step title="Navigate to API Keys">
    Go to **Settings → API Keys**.
  </Step>

  <Step title="Generate a Key">
    Click **Generate API Key**, give it a name, and select the Wallet Profile.
  </Step>

  <Step title="Save the Key">
    Copy the key immediately — it is shown only once.

    ```bash theme={null}
    export REBELFI_API_KEY="rfk_prod_xxxxxxxxxxxxx"
    ```
  </Step>
</Steps>

<Warning>
  If you delete a Wallet Profile, all API keys linked to it become non-functional immediately. Wallets previously
  in the profile become unmanaged. Recreate the profile or link keys to a new profile.
</Warning>

## SDK Integration Flow

Once you have an API key scoped to a Wallet Profile, the full SDK flow is:

```
1. Register wallet      →  wallet is associated with the profile
2. Plan operation       →  RebelFi returns unsigned transaction(s)
3. Sign externally      →  your key management system signs
4. Submit               →  provide txHash or signed bytes
5. Confirm              →  RebelFi monitors on-chain and updates state
```

### EVM: Multi-Transaction Operations

EVM supply and unwind operations require two separate transactions: a token approval and the protocol interaction. The SDK returns both unsigned transactions. Submit them sequentially:

```typescript theme={null}
const operation = await client.operations.supply({ ... });

// operation.transactions has two entries for EVM:
// [0] = token approval (APPROVE_TOKEN)
// [1] = supply to protocol (SUPPLY_TO_PROVIDER)

// Sign and submit approval first
const approveTxHash = await signAndBroadcast(operation.transactions[0].unsignedTransaction);
await client.transactions.submitHash({
  operationId: operation.operationId,
  txHash: approveTxHash,
  transactionId: operation.transactions[0].transactionId
});

// Wait for approval to confirm, then sign and submit supply
const supplyTxHash = await signAndBroadcast(operation.transactions[1].unsignedTransaction);
await client.transactions.submitHash({
  operationId: operation.operationId,
  txHash: supplyTxHash,
  transactionId: operation.transactions[1].transactionId
});
```

### Stale Transaction Refresh

Unsigned transactions expire (Solana blockhashes in \~15s, EVM gas prices in \~60s). If you need fresh unsigned transactions before signing, call:

```typescript theme={null}
// Get refreshed unsigned transactions
const { transactions } = await client.operations.getUnsignedTransactions(operation.operationId);
```

## Signing Transactions

RebelFi doesn't prescribe how you sign — use whatever key management system fits your infrastructure:

| Key Management                                                                                  | Notes                                                             |
| ----------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
| **Custody providers** ([Fireblocks](/sdk/custody-providers/fireblocks), BitGo, Anchorage, etc.) | Pass the unsigned transaction bytes to the provider's signing API |
| **Software wallets** (ethers.js, web3.js, Solana web3)                                          | Sign locally with your private key                                |
| **Hardware wallets / HSMs**                                                                     | Pass raw transaction bytes for offline signing                    |
| **Browser wallets**                                                                             | For dashboard-connected wallets (not API keys)                    |

The unsigned transaction is returned as a base64-encoded string. Decode it, sign it, then submit either:

* The transaction hash (if you broadcast yourself)
* The signed transaction bytes (if you want RebelFi to broadcast)

## Profile Settings Reference

### Enabled Chains

Restricts which blockchains wallets in this profile can use. Wallet registration and operation planning will be rejected for chains not in this list.

```
enabledChains: ["ethereum", "polygon"]
```

### Operation Timeout

Controls how long a PLANNED operation waits for a submitted transaction before being marked FAILED. Increase this if your signing process takes longer (e.g., multi-sig approval flows).

```
operationTimeoutSeconds: 120  // default, range 30–3600
```

### Gas Sponsorship

For wallets that don't hold native gas tokens (SOL, ETH, POL), RebelFi can sponsor gas fees.

**How it works:**

* **EVM chains:** RebelFi sends a small amount of native token to your wallet before the transaction
* **Solana:** RebelFi either sends SOL beforehand or sets itself as the fee payer in an atomic transaction (both approaches are used because some protocols require the signer to also be the fee payer)

```
gasSponsorWalletAddress: "0xYourSponsorWallet"
gasSponsorPaysForTransaction: true
```

Filter for gas-sponsored strategies when listing venues:

```typescript theme={null}
const venues = await client.venues.list({
  blockchain: 'solana',
  supportsGasSponsorship: true
});
```

This is particularly useful for embedded wallet providers (e.g., Crossmint) where end users don't hold native tokens.

## Security

<AccordionGroup>
  <Accordion title="API Key Security" icon="key">
    * Store API keys in environment variables or secrets management (AWS Secrets Manager, Vault, etc.)
    * Rotate keys every 90 days
    * Use separate profiles and keys for dev, staging, and production
    * Never log API keys in plain text
  </Accordion>

  <Accordion title="Profile Isolation" icon="layer-group">
    Each Wallet Profile is isolated. An API key scoped to Profile A cannot access wallets in Profile B. Use
    separate profiles to enforce access boundaries between environments or customer segments.
  </Accordion>

  <Accordion title="Key Rotation" icon="rotate">
    To rotate an API key without downtime:

    1. Generate a new key linked to the same Wallet Profile
    2. Deploy the new key to production
    3. Verify it works
    4. Delete the old key from the dashboard
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Quick Start" icon="rocket" href="/guides/quickstart">
    Full setup walkthrough
  </Card>

  <Card title="SDK Reference" icon="code" href="/sdk/introduction">
    TypeScript SDK documentation
  </Card>

  <Card title="API Reference" icon="book" href="/api-reference/introduction">
    REST API documentation
  </Card>

  <Card title="How It Works" icon="diagram-project" href="/guides/how-it-works">
    Operation lifecycle and architecture
  </Card>
</CardGroup>
