MainNet Restrictions - Building Custodial Wallet and Services

Hey everyone, we are building a NFT Martketplace (similar to NBA Top Shot - of course) and went pretty far in setting the architecture on the Test Net.
The flow goes like this:

  1. User signs up with email on our website
  2. Our Flow service account creates another flow account for the newly registered user (we eat all the transaction fees) and we store the private key for the new user somewhere (custodial wallet concept)
  3. The user will be able to purchase tokens from the platform or from other users for $$$ or other crypto currencies (happens via Coinbase or Stripe or Braintree) and we will transfer the NFTs after the purchase has been successful (again, we eat all the transaction fees)
    This concept means that we (the marketplace platform) will own the rights to manage user accounts. We don’t want users to transfer their NFTs outside the platform, of course. Exactly what Dapper is doing on the NBA Top Shot - you see your flow account address but can’t manage it because they are in control of the keys.

This all works on the Test Net (we’ve build and tested it through and through) but something I’ve read on the Forum the other day got me concerned:

@flowjosh said:

Currently, if you want to have an account on mainnet, you need to use Blocto, ledger, or one of the other custodial exchanges. In the future, you’ll definitely be possible to just use the CLI or sdk to manage an account with your own private keys and such on your own, but that isn’t possible yet because account creation is restricted to approved accounts.

Does this mean that we (the marketplace) will have to store the keys for newly created users in a Blocto or Ledger wallet? If yes, are there any guidelines on how to do that?

1 Like

If you create your own wallet service, then you can get permission to create accounts for your users. My answer from earlier was referring to just a regular user wanting to create a Flow account. If you build a wallet service, you’ll be able to manage everything all yourself, but you’ll need to get in contact with the Flow team first in order to get permission to create accounts on mainnet.
Does that make sense?

Tnx @flowjosh That makes a lot of sense. We started building on the Test Net to get as close as possible to the “real” deal. The difference is: real money/cost for processing transactions + building a more secure architecture and getting the approval from the Flow Team (as per your guidelines).
Could you recommend any best practices or third party services we could use for the Wallet Service part? We don’t want to start implementing something that could potentially be rejected by the Flow team… I hope that makes sense :slight_smile:

We won’t reject anything unless it is doing something obviously malicious or irresponsible. Unfortunately, if you don’t want to build your own, your only option for a wallet service at this point is Blocto. There are other teams who are working on wallets, but none of them are ready yet, so we can’t talk about them at this point.

Ok, that is great. Thank you for the details.

Hi @dh77 , Thanks for initiating this conversation as this cleared many of my doubts.
I am also developing the same use case as yours but I’m not sure how to create our own wallet service. We don’t wanna use Blocto. We also want to create an NFT marketplace and buy or sell NFTs on it with flow coins. We need our own wallet for storing the flow coins and the NFTs a user possess.
Can you please guide me on this? Please help me out.

Thanks in advance.

Hey @Kartik - always happy to help.
I think the name “wallet” is a bit misleading in the context of blockchain - you should think of it more as a credit card holder than a real world wallet because virtual wallets don’t hold any value, their purpose is to enable access to your assets on the blockchain - just like a credit card gives you access to your bank account. Basically, both the fungible and non-fungible tokens are stored inside the storage within the accounts on blockchain and that is where the value is - the virtual wallets are simply a storage for your private keys which give you access to those coins in the blockchain.
If you want to build the Wallet Service (or Wallet hosting) by yourself, you must be aware of the security risks. We will initially try to use a secure third party for this and then later on maybe build our own.
Hope this helped…

1 Like

Hi @dh77, thank you so much for the help. This really helped me a lot to understand Flow better. :slight_smile:
So according to me, now the flow goes like this :

We generate keys and account on the testnet → store these keys to some safe location → user uses these keys to access his assets i.e. his stored flow coins and do some transactions.

am I correct ? Please correct me if I’m wrong. Also, if you can provide some link or docs to login into testnet, it would be of great help as I’m new to flow and I’m not able to login into testnet. It throws errors all over.

Thanks,
Kartik

Yes @Kartik that is correct.
When it comes to the Test Net - first you need to create an account here https://testnet-faucet-v2.onflow.org/
Instructions here: https://docs.onflow.org/dapp-deployment/testnet-deployment/ (you need to have Flow CLI installed locally to generate keys).
Hope this helps