Embedded wallets (WaaS)

Wallet-as-a-Service by Sequence: server-managed wallets without seed phrases.

What are embedded wallets?

Embedded wallets are blockchain wallets created and managed through a service provider, rather than by the user directly. JoPay uses Sequence as its Wallet-as-a-Service (WaaS) provider to create wallets for merchants who don't already have one.

When a merchant signs up through a JoPay partner, an embedded wallet is automatically created for them. The merchant doesn't need to install any wallet software, write down a seed phrase, or understand blockchain key management. They simply log in and their wallet is ready.

Embedded vs external wallets

Automated features (v1)

Some features — auto-forward, recurring billing, scheduled sends — need a transaction to happen without the user being online to click "Approve." JoPay handles this via two native delegation paths, one per wallet family, and in both paths Labs holds no signing key:

1. Sequence WaaS — user-initiated outbound (silent send) uses Sequence's native SessionPermissions / ExplicitSession primitive. The Sequence signer, held on the user's session, signs within pre-authorized caps (per-tx, cumulative-per-session, token). For cross-wallet delegation (auto-forward, recurring, scheduled send), the same Sequence signer signs canonical ERC-7715 typed-data directly — no JoPay translation layer.
2. External smart-account wallets (Bucket A) and EIP-7702 EOAs (Bucket B) — all features use canonical ERC-7715 grants signed natively and redeemed via ERC-7710 against JoPay's public caveat-enforcer suite. Keepers are permissionless; JoPay submits as a courtesy but any third party can crank.

Both paths end in the same place: the user's wallet signed a bounded grant, and an on-chain enforcer rejects any redeem outside its scope. Labs is a courier, not a signer. See Grants & delegationfor the full mechanics and Non-custody for why this matters.

Hardware wallets (Ledger, Trezor) are not supported in v1. The JoPay-operated pocket pattern that would bridge a hardware-only signer into programmable delegation reintroduces a JoPay-side custodial surface, which breaks the invariant. Hardware support is deferred until a bounded scope decision re-opens it.

How Sequence works

Sequence uses multi-party computation (MPC) to manage wallet keys. Instead of a single private key stored in one place, the key is split into multiple shares distributed across different systems. No single party (including Sequence itself) has access to the complete key.

When a transaction needs to be signed, the key shares are combined in a secure computation without ever reconstructing the full key. This provides strong security without requiring the merchant to manage cryptographic material.

Authentication flow

Merchants authenticate using their email address. Sequence links the embedded wallet to the merchant's authenticated identity. The flow is:

1. Merchant receives an invite link from their partner.
2. Merchant clicks the link and authenticates with their email.
3. Sequence creates an embedded wallet linked to that identity.
4. The wallet address is registered with JoPay and the merchant can start receiving payments.

If the merchant logs out and logs back in, they reconnect to the same embedded wallet. There is nothing to back up or restore.

Can merchants use their own wallet?

Yes. Merchants who prefer to use their own external wallet (MetaMask, Coinbase Wallet, etc.) can connect it during setup. They will receive payments directly to that wallet. However, features that require server-initiated transactions (auto-forward, recurring billing) will not be available.

Merchants using external wallets are fully responsible for securing their own private keys and seed phrases.