Magic

Magic

The fastest way to build onchain

Magic provides enterprise-grade embedded wallet infrastructure for Web3 applications. Trusted by over 200,000 developers, Magic offers a powerful API for wallet creation, transaction signing, and onchain automation with sub-second latency. Over 53 million non-custodial wallets have been provisioned through the platform since 2018.

Magic image
Description

Overview

Magic delivers a production-ready Wallet-as-a-Service (WaaS) API that lets developers provision embedded wallets, sign transactions, and automate onchain actions — all from a single integration.

Key Features

  • Embedded Wallets on Demand — Create non-custodial wallets for users and agents programmatically via a simple HTTP API.
  • Whitelabel UI — Match the in-app wallet experience to your brand identity, down to the pixel.
  • Flexible Authentication — Onboard users in seconds via email, social login, passkeys, or SSO. Use Magic's native auth or plug in your own provider (Auth0, Firebase, NextAuth, etc.).
  • Non-Custodial — Users retain full control of their digital assets at all times.
  • Customizable Key Sharding — Choose your security model: Magic-managed, self-hosted, or anything in between.
  • Sub-Second Latency — 50–100ms for wallet creation and transaction signing.
  • Massively Scalable — Execute millions of signatures in minutes, built to handle peak demand.

Security & Compliance

Magic is SOC 2 Type 2, SOC 3 Type 2, and ISO 27001:2022 certified. Keys are distributed and encrypted across isolated services, with reconstruction and signing occurring strictly inside Trusted Execution Environments (TEEs).

Use Cases

Ideal for apps that need to onboard users into Web3 at scale — including DeFi, gaming, NFT platforms, and enterprise applications requiring compliant, non-custodial wallet management.

Highlights

Pros

  • Non-custodial wallets with keys encrypted and distributed across isolated Trusted Execution Environments (TEEs)
  • Proven at massive scale — over 53 million non-custodial wallets created across 18,000+ apps since 2018
  • Whitelabel UI with pixel-level customization to match the host application's brand identity
  • Enterprise-grade compliance with SOC 2 Type 2, ISO 27001:2022, HIPAA, CCPA, and GDPR certifications
  • Sub-second latency for wallet creation and transaction signing, with 50–100ms claimed response times
  • Flexible authentication supporting email OTP, SMS, social logins, passkeys, SSO, and custom auth providers (Auth0, Firebase, NextAuth)

Cons

  • Auth-only scope requires separate vendors for smart accounts (ERC-4337), gas sponsorship, and session keys, increasing integration complexity
  • Proprietary closed-source infrastructure prevents independent code auditing and self-hosting of key management
  • Past magic link phishing vulnerability was publicly demonstrated in 2023, though Magic promptly patched it with no reported user impact
  • Delegated custody model means Magic holds the keys by default, not true user self-custody
  • No built-in server-side wallet automation for AI agents, automated payments, or backend-triggered transactions