Skip to main content
This guide walks you through the technical onboarding for C8 Enterprise Wallet — what to share with the C8 team, what you’ll receive in return, and how to bring the service up with Docker Compose.

Before you begin

To get started, share the following with the C8 team:
  • Your DockerHub username
The C8 team will then provide:
  • Access to the C8 DockerHub repository
  • Integration credentials:
    • client_id
    • access_key_id
    • secret_access_key
  • A coupon code for MainNet registration
You will also need the following on the deployment host:
Self-custody notice. C8 Enterprise Wallet is self-custodial. You must generate and securely store the wallet mnemonic phrase during deployment.If the mnemonic phrase is lost, C8 cannot recover accounts or funds.

Deployment flow

The full deployment is a five-step sequence. Each step is described in detail below.
1

Generate a BIP39 mnemonic

Create the 24-word phrase that backs the self-custodial wallet.
2

Create the environment file

Define WALLET_MNEMONIC, CLIENT_ID, backend URLs, and auth/batch settings in .env.
3

Prepare Docker Compose

Fill in the C8-provided image in docker-compose-client.yml.
4

Deploy

Start the container with the CloudWatch logging parameters.
5

Verify the deployment

Open Swagger UI and confirm the API is reachable.

1. Generate a BIP39 mnemonic

Generate a random 24-word BIP39 mnemonic phrase. Using bip39: 
npm install -g bip39
bip39 generate --words=24
Or using bitcoin-cli: 
brew install bitcoin
bitcoin-cli mnemonic new 24
Store the mnemonic securely. Do not commit it to source control.

2. Create the environment file

Create a .env file next to docker-compose-client.yml:
.env
WALLET_MNEMONIC=<mnemonic>
CLIENT_ID=<client_id>
BACKEND_URL=https://wallet-backend.main.digik.cantor8.tech/api
IDENTITY_SERVICE_URL=https://id.cantor8.tech
SCANNER_API_BASE_URL=https://scanner-ledger-history-server.main.digik.cantor8.tech
AUTH_TYPE=noop
AUTO_BATCH_SWITCH=false
AUTO_BATCH_DB_TYPE=in-memory
AUTH_TYPE=noop disables authentication for the wallet API. With this setting, all API endpoints are exposed without authentication.For production deployments, C8 can provide Keycloak or Auth0 configuration. When identity-provider authentication is enabled, all C8 Enterprise Wallet API endpoints expect a valid JWT token from the configured IdP.

3. Prepare Docker Compose

Use the provided docker-compose-client.yml template and set the image value to the DockerHub image shared by C8:
docker-compose-client.yml
services:
  enterprise-wallet:
    image: "<dockerhub-repository>/<wallet-image>:<tag>"
    container_name: c8-enterprise-wallet
    restart: unless-stopped
    env_file:
      - .env
    ports:
      - "8080:8080"
    logging:
      driver: awslogs
      options:
        awslogs-region: ${AWS_REGION}
        awslogs-group: ${CLOUDWATCH_LOG_GROUP}
        awslogs-stream: ${CLOUDWATCH_LOG_STREAM}
        awslogs-endpoint: ${CLOUDWATCH_ENDPOINT}

4. Deploy

Run Docker Compose with the CloudWatch logging parameters provided during integration: 
AWS_REGION=eu-west-1 \
CLOUDWATCH_LOG_GROUP=enterprise-wallet \
CLOUDWATCH_LOG_STREAM=<client_id> \
CLOUDWATCH_ENDPOINT=https://logs.eu-west-1.amazonaws.com \
AWS_ACCESS_KEY_ID=<access_key_id> \
AWS_SECRET_ACCESS_KEY=<secret_access_key> \
docker compose -f docker-compose-client.yml up --force-recreate
To run the wallet in the background, add -d: 
AWS_REGION=eu-west-1 \
CLOUDWATCH_LOG_GROUP=enterprise-wallet \
CLOUDWATCH_LOG_STREAM=<client_id> \
CLOUDWATCH_ENDPOINT=https://logs.eu-west-1.amazonaws.com \
AWS_ACCESS_KEY_ID=<access_key_id> \
AWS_SECRET_ACCESS_KEY=<secret_access_key> \
docker compose -f docker-compose-client.yml up -d --force-recreate

5. Verify the deployment

After deployment, open Swagger UI: 
http://<host>:8080/docs
The public API documentation is also available at: 
https://cantor8.github.io/wallet-api/

API account creation

When creating new accounts through the API, include the coupon parameter: 
{
  "coupon": "<coupon>"
}
The exact value will be provided during integration.

Configuration reference

ParameterDescription
WALLET_MNEMONIC24-word BIP39 mnemonic used by the self-custodial wallet
CLIENT_IDClient identifier provided by C8
BACKEND_URLC8 wallet backend API URL
IDENTITY_SERVICE_URLC8 identity service URL
SCANNER_API_BASE_URLC8 scanner / ledger history server URL
AUTH_TYPEAPI authentication mode. noop disables authentication
AUTO_BATCH_SWITCHEnables or disables auto-batching
AUTO_BATCH_DB_TYPEAuto-batching storage type, for example in-memory
AWS_REGIONAWS region used for CloudWatch logs
CLOUDWATCH_LOG_GROUPCloudWatch log group name
CLOUDWATCH_LOG_STREAMCloudWatch log stream name, usually the client ID
CLOUDWATCH_ENDPOINTCloudWatch Logs endpoint
AWS_ACCESS_KEY_IDAWS access key ID provided during integration
AWS_SECRET_ACCESS_KEYAWS secret access key provided during integration

Security notes

  • Keep .env, mnemonic phrases, and AWS credentials out of source control.
  • Use AUTH_TYPE=noop only in controlled environments.
  • Prefer IdP-backed API authentication for production deployments.
  • Rotate integration credentials according to your organization security policy.

Try it on DevNet

Want to try the wallet before going to production? You can point it at the C8 DevNet environment.
  1. In your .env, set the following URLs:
    .env
    BACKEND_URL=https://wallet-backend.dev.digik.cantor8.tech/api
IDENTITY_SERVICE_URL=https://id.dev.digik.cantor8.tech
  2. On DevNet, you don’t need a signup coupon to register new accounts — just omit the coupon parameter when creating accounts through the API.