Skip to main content

Wallet Profiles

A Wallet Profile is a named group of wallets with shared configuration: which blockchains are enabled, the operation timeout, and optional gas sponsorship settings. All wallets registered via SDK under an API key belong to that key’s Wallet Profile.
Key Principle: RebelFi never holds your private keys. You build transactions through the SDK, sign them with your own key infrastructure, and submit the result. The Wallet Profile controls which chains and settings apply to your SDK-managed wallets.

Creating a Wallet Profile

1

Navigate to Wallet Profiles

Go to Settings → Wallet Profiles in the dashboard.
2

Create a Profile

Click Create Profile and fill in:
FieldDescription
NameDescriptive label (e.g., “Customer Wallets”, “Treasury Ops”)
Enabled ChainsBlockchains wallets in this profile can use (Ethereum, Polygon, Solana, etc.)
Operation TimeoutSeconds before a PLANNED operation expires (default: 120s, range: 30–3600s)
Gas Sponsor WalletOptional: address of a wallet that pays gas fees on behalf of end users
Gas Sponsor Pays For TransactionWhether the sponsor covers the full transaction fee (default: true)
3

Save

Click Save. Your profile is ready to use.

Linking an API Key to a Profile

API keys must be linked to a Wallet Profile. The key can only register wallets and execute operations within its profile.
1

Navigate to API Keys

Go to Settings → API Keys.
2

Generate a Key

Click Generate API Key, give it a name, and select the Wallet Profile.
3

Save the Key

Copy the key immediately — it is shown only once.
export REBELFI_API_KEY="rfk_prod_xxxxxxxxxxxxx"
If you delete a Wallet Profile, all API keys linked to it become non-functional immediately. Wallets previously in the profile become unmanaged. Recreate the profile or link keys to a new profile.

SDK Integration Flow

Once you have an API key scoped to a Wallet Profile, the full SDK flow is: 
1. Register wallet      →  wallet is associated with the profile
2. Plan operation       →  RebelFi returns unsigned transaction(s)
3. Sign externally      →  your key management system signs
4. Submit               →  provide txHash or signed bytes
5. Confirm              →  RebelFi monitors on-chain and updates state

EVM: Multi-Transaction Operations

EVM supply and unwind operations require two separate transactions: a token approval and the protocol interaction. The SDK returns both unsigned transactions. Submit them sequentially: 
const operation = await client.operations.supply({ ... });

// operation.transactions has two entries for EVM:
// [0] = token approval (APPROVE_TOKEN)
// [1] = supply to protocol (SUPPLY_TO_PROVIDER)

// Sign and submit approval first
const approveTxHash = await signAndBroadcast(operation.transactions[0].unsignedTransaction);
await client.transactions.submitHash({
  operationId: operation.operationId,
  txHash: approveTxHash,
  transactionId: operation.transactions[0].transactionId
});

// Wait for approval to confirm, then sign and submit supply
const supplyTxHash = await signAndBroadcast(operation.transactions[1].unsignedTransaction);
await client.transactions.submitHash({
  operationId: operation.operationId,
  txHash: supplyTxHash,
  transactionId: operation.transactions[1].transactionId
});

Stale Transaction Refresh

Unsigned transactions expire (Solana blockhashes in ~15s, EVM gas prices in ~60s). If you need fresh unsigned transactions before signing, call: 
// Get refreshed unsigned transactions
const { transactions } = await client.operations.getUnsignedTransactions(operation.operationId);

Signing Transactions

RebelFi doesn’t prescribe how you sign — use whatever key management system fits your infrastructure:
Key ManagementNotes
Custody providers (Fireblocks, BitGo, Anchorage, etc.)Pass the unsigned transaction bytes to the provider’s signing API
Software wallets (ethers.js, web3.js, Solana web3)Sign locally with your private key
Hardware wallets / HSMsPass raw transaction bytes for offline signing
Browser walletsFor dashboard-connected wallets (not API keys)
The unsigned transaction is returned as a base64-encoded string. Decode it, sign it, then submit either:
  • The transaction hash (if you broadcast yourself)
  • The signed transaction bytes (if you want RebelFi to broadcast)

Profile Settings Reference

Enabled Chains

Restricts which blockchains wallets in this profile can use. Wallet registration and operation planning will be rejected for chains not in this list. 
enabledChains: ["ethereum", "polygon"]

Operation Timeout

Controls how long a PLANNED operation waits for a submitted transaction before being marked FAILED. Increase this if your signing process takes longer (e.g., multi-sig approval flows). 
operationTimeoutSeconds: 120  // default, range 30–3600

Gas Sponsorship

For wallets that don’t hold native gas tokens (SOL, ETH, POL), RebelFi can sponsor gas fees. How it works:
  • EVM chains: RebelFi sends a small amount of native token to your wallet before the transaction
  • Solana: RebelFi either sends SOL beforehand or sets itself as the fee payer in an atomic transaction (both approaches are used because some protocols require the signer to also be the fee payer)
gasSponsorWalletAddress: "0xYourSponsorWallet"
gasSponsorPaysForTransaction: true
Filter for gas-sponsored strategies when listing venues: 
const venues = await client.venues.list({
  blockchain: 'solana',
  supportsGasSponsorship: true
});
This is particularly useful for embedded wallet providers (e.g., Crossmint) where end users don’t hold native tokens.

Security

  • Store API keys in environment variables or secrets management (AWS Secrets Manager, Vault, etc.)
  • Rotate keys every 90 days
  • Use separate profiles and keys for dev, staging, and production
  • Never log API keys in plain text
Each Wallet Profile is isolated. An API key scoped to Profile A cannot access wallets in Profile B. Use separate profiles to enforce access boundaries between environments or customer segments.
To rotate an API key without downtime:
  1. Generate a new key linked to the same Wallet Profile
  2. Deploy the new key to production
  3. Verify it works
  4. Delete the old key from the dashboard

Next Steps

Quick Start

Full setup walkthrough

SDK Reference

TypeScript SDK documentation

API Reference

REST API documentation

How It Works

Operation lifecycle and architecture