app.swivy.dev / northbridge / ledger-payments / prod PRODUCTION

Signing approval · sig_01K2Q4

Sign transfer · 1.20 ETH

Policy payments_v3 passed · 1 approver required

From 0x9a4c…e21f To 0xf2c3…9a11 Chain Ethereum Gas 0.00042 ETH

Your app · auth.ts

import {"{ "}createSwivy{" }"} from "@swivy/sdk"

const swivy = createSwivy({"{"}

projectId: "prj_7QkA2vN",

authMethods: ["email", "passkey"],

defaultChain: "ETH",

{"});"}

// identity first, wallet second, chain third

const wallet = await swivy.wallets.getOrCreate({"{"}

chain: "ETH"

{"});"}

); const ProblemSolution = () => (

Why Swivy

Shipping a wallet-backed product shouldn't take three teams.

Most teams end up stitching together four vendors and hoping nothing catches fire. Swivy is the single layer underneath your product.

Without Swivy

{[ "Auth0 or Cognito for login. Doesn't know what a wallet is.", "A KMS for keys. Doesn't know what a signature policy is.", "A homegrown signer service. The one that woke you up last quarter.", "Chain-specific SDKs duplicated across clients. Drift.", "Audit cobbled from four systems. Compliance dreads the quarterly review.", ].map((t, i) => (

{t}

))}

With Swivy

{[ "Hosted auth with passkey, email, SSO, and external wallets.", "Policy-gated signing across every chain you support.", "A managed signer with MPC, HSM, or hardware — your call.", "One SDK. Chain-specific payloads when you need them, abstracted when you don't.", "One audit log. Streamable to your SIEM. Immutable by default.", ].map((t, i) => (

{t}

))}

); const Pillars = () => (

Three principles

Identity first. Policy everywhere. Auditable by default.

Identity first, wallet second, chain third.

A Swivy user is a person, not a hex string. Wallets are created lazily, per chain, under the identity your app already knows. No seed phrase UX.

Every signature passes through policy.

Write rules in plain YAML: daily caps, allowlists, approver requirements. Swivy enforces them at the signer — not in your app code, not after the fact.

Audit is the product, not an add-on.

Every action — from a key reveal to a policy change to a signed transfer — lands in one immutable stream. Stream to your SIEM or export for SOC 2 in a click.

); const PillarIdentity = () => ( ); const PillarPolicy = () => (

rules:

- daily_cap: 250 ETH

- require_approver_when: value {">"} 1 ETH

- chains: [ETH, BASE, ARB]

- on_violation: block

); const PillarAudit = () => (

{[ { t: "11:42:08", a: "Rotated API key", s: "high" }, { t: "11:18:54", a: "Webhook retry", s: "med" }, { t: "10:47:20", a: "Updated policy", s: "high" }, { t: "09:12:02", a: "Signed transaction", s: "low" }, { t: "08:55:33", a: "Passkey enrolled", s: "med" }, ].map((e, i) => (

{e.t} {e.a}

))}

); const Showcase1 = () => (

Developer experience

From fresh project to first signed transaction in under 10 minutes.

Five steps, one SDK.

The Swivy integration handoff walks you through project creation, environment setup, credential issuance, OIDC registration, and SDK install — with copy-paste snippets at every step.

Passkey step-up guards every production key reveal.
Environments are real security boundaries — not just tags.
Export the whole integration as a runbook for your team.
Starter repos for Next.js, Expo, and Rails.

See the handoff flow →

INTEGRATION PROGRESS · 4 / 5

{[ { n: 1, t: "Create project", d: "Ledger Payments · prj_7QkA2vN", done: true }, { n: 2, t: "Configure environments", d: "dev · staging · prod", done: true }, { n: 3, t: "Issue API credentials", d: "Server key + webhook secret", done: true }, { n: 4, t: "Register OIDC client", d: "Sign in with Swop — Web", done: true }, { n: 5, t: "Ship SDK snippet", d: "Your first signed user", done: false }, ].map(s => (

{s.done ? : s.n}

{s.t}

{s.d}

))}

); const Showcase2 = () => (

Security posture

Dangerous actions, deliberately so.

Rotate production API key?

The old secret stops working in 10 minutes. Any deploy still using it will start failing with 401 invalid_key.

Type rotate sk_live_a94f to confirm

Type to confirm. Passkey to commit. Undo within 10.

Destructive actions always include the consequence, a way to back out, and a reversibility window. Rotations, revokes, policy changes — each picks the right pattern for the risk.

Type-to-confirm for low-risk irreversibles.
Passkey step-up for any production secret operation.
Armed-commit with a 5s undo toast for batch operations.
All confirmations are captured in the audit stream with the method used.

); const BrandSection = () => (

Identity

A brand that reads as infrastructure, not an ICO.

The Swivy mark is a swivel — two opposing arcs meeting at a pivot. It's a signature loop, a key bow, and a rotation symbol all at once. Calm. Deliberate. Engineered.

Primary wordmark

Inverse

Glyph · accent

Mark · rounded

Glyph sizes

Typography

Inter Tight · Display Instrument Serif · emphasis JetBrains Mono · technical

{["oklch(20% 0.015 60)", "oklch(98.5% 0.006 85)", "oklch(55% 0.13 55)", "oklch(55% 0.13 155)", "oklch(62% 0.13 80)", "oklch(54% 0.16 25)", "oklch(52% 0.12 240)"].map((c, i) => (

{["ink", "paper", "accent", "ok", "warn", "danger", "info"][i]}

))}

); const Pricing = () => (

Pricing

Start free. Scale to production when you're ready.

Developer

Free/ forever

Everything you need to ship a real integration.

{["1,000 MAU included", "Passkey + email + SSO", "Dev + staging environments", "Community support"].map(f => (

{f}

))} Start free

Growth

$0.08/ MAU

Production-ready with policy, audit, and SOC 2.

{["Unlimited MAU (usage-based)", "Production environment", "Policy engine + signing SLA", "SOC 2 Type II report", "Email + chat support"].map(f => (

{f}

))}

Enterprise

Custom/ talk to us

Dedicated infrastructure, custom HSMs, and audit support.

{["Single-tenant deployment", "HSM / MPC / bring-your-own-key", "SIEM streaming + custom retention", "Named security reviewer", "24/7 on-call support"].map(f => (

{f}

))} Book a demo

); const Footer = () => ( ); const MK = () => ( <>

Identity and wallets, without the 3am page.