Zero-custody trading bots: an SDK pattern where the bot never touches funds

BlazePhoenix Engineering · updated 2026-07-17 · 5 min · written from the deployed bytecode

Abstract in 15 languages · resumo · resumen · 摘要 · 要旨 · ملخص

EnglishThe bot never holds keys: it quotes via the public API and hands the user a deep link to sign in their own wallet. No private keys on the server, no custody, no drained .env — the SDK ships a complete Telegram bot built this way.

PortuguêsO bot nunca guarda chaves: cota pela API pública e entrega ao utilizador um deep link para assinar na própria carteira. Sem chaves privadas no servidor, sem custódia, sem .env drenado — o SDK inclui um bot de Telegram completo assim construído.

EspañolEl bot nunca guarda claves: cotiza por la API pública y entrega al usuario un deep link para firmar en su propia billetera. Sin claves privadas en el servidor, sin custodia, sin .env drenado — el SDK incluye un bot de Telegram completo construido así.

FrançaisLe bot ne détient jamais de clés : il cote via l'API publique et remet à l'utilisateur un lien profond pour signer dans son propre portefeuille. Pas de clés privées côté serveur, pas de garde, pas de .env vidé — le SDK fournit un bot Telegram complet bâti ainsi.

DeutschDer Bot hält niemals Schlüssel: Er quotiert über die öffentliche API und übergibt dem Nutzer einen Deep Link zum Signieren in der eigenen Wallet. Keine Private Keys auf dem Server, keine Verwahrung, kein leergeräumtes .env — das SDK liefert einen kompletten so gebauten Telegram-Bot.

РусскийБот никогда не хранит ключи: он котирует через публичный API и вручает пользователю deep link для подписи в собственном кошельке. Ни приватных ключей на сервере, ни кастодиальности, ни опустошённого .env — SDK включает полноценного Telegram-бота, построенного именно так.

TürkçeBot asla anahtar tutmaz: halka açık API ile fiyat alır ve kullanıcıya kendi cüzdanında imzalaması için bir derin bağlantı verir. Sunucuda özel anahtar yok, saklama yok, boşaltılmış .env yok — SDK bu şekilde inşa edilmiş eksiksiz bir Telegram botuyla gelir.

العربيةالبوت لا يحمل مفاتيح أبداً: يسعّر عبر الواجهة العامة ويسلّم المستخدم رابطاً عميقاً للتوقيع في محفظته الخاصة. لا مفاتيح خاصة على الخادم، لا وصاية، لا ملف .env مستنزف — وتشحن SDK بوت تيليغرام كاملاً مبنياً بهذه الطريقة.

हिन्दीबॉट कभी कुंजियाँ नहीं रखता: वह सार्वजनिक API से कोट लेता है और उपयोगकर्ता को उनकी अपनी वॉलेट में साइन करने के लिए डीप लिंक देता है। सर्वर पर कोई निजी कुंजी नहीं, कोई कस्टडी नहीं, कोई खाली .env नहीं — SDK इसी तरह बना पूरा Telegram बॉट देता है।

日本語ボットは決して鍵を持ちません。公開APIで見積もりを取り、ユーザー自身のウォレットで署名するためのディープリンクを渡します。サーバーに秘密鍵なし、カストディなし、.env流出なし。SDKにはこの方式で作られた完全なTelegramボットが同梱されています。

中文机器人从不持有密钥:它通过公共 API 报价,并把深度链接交给用户在自己的钱包中签名。服务器上没有私钥、没有托管、没有被掏空的 .env——SDK 附带一个完全按此方式构建的 Telegram 机器人。

한국어봇은 절대 키를 보유하지 않습니다. 공개 API로 견적을 내고, 사용자가 자기 지갑에서 서명하도록 딥링크를 건네줍니다. 서버에 개인키 없음, 커스터디 없음, 털린 .env 없음 — SDK에는 이 방식으로 만든 완전한 텔레그램 봇이 들어 있습니다.

Bahasa IndonesiaBot tidak pernah memegang kunci: ia mengambil kuotasi lewat API publik dan menyerahkan deep link kepada pengguna untuk menandatangani di dompet sendiri. Tanpa kunci privat di server, tanpa kustodi, tanpa .env terkuras — SDK menyertakan bot Telegram lengkap yang dibangun dengan cara ini.

বাংলাবট কখনো কী রাখে না: এটি পাবলিক API দিয়ে কোট নেয় এবং ব্যবহারকারীকে নিজের ওয়ালেটে সই করার জন্য একটি ডিপ লিংক দেয়। সার্ভারে কোনো প্রাইভেট কী নেই, কাস্টডি নেই, শূন্য-হওয়া .env নেই — SDK-তে এভাবেই তৈরি একটি সম্পূর্ণ টেলিগ্রাম বট আছে।

FilipinoHindi kailanman humahawak ng susi ang bot: kumukuha ito ng quote sa pampublikong API at nag-aabot sa user ng deep link para pumirma sa sarili nilang wallet. Walang private key sa server, walang kustodiya, walang nasaid na .env — may kasamang kumpletong Telegram bot ang SDK na ganito ang pagkakabuo.

Most trading-bot tutorials start with the same landmine: "paste your private key here". A leaked .env becomes a drained wallet, and a bot holding user keys is a custodian with none of a custodian's protections. The BlazePhoenix SDK is built around the opposite pattern: the bot NEVER holds keys. It quotes with the public API, shows the user the numbers, and hands over a deep link — https://blazephoenix.xyz/?tab=swap&chain=base&in=ETH&out=BZPX&amt=0.5 — that opens the app with the trade prefilled. The user signs in their own wallet. Custody never changes hands.

The TypeScript SDK (MIT, ESM+CJS, viem optional) wraps the whole surface: quote and quoteBatch with retries and micro-caching built in, buildSwapTx and buildApproveTx for integrators who do want to sign server-side with their OWN funds, toBaseUnits/fromBaseUnits for decimal safety, pollQuote for live updates, and watchFills to stream executed swaps from public events.

Install in one command, verify in two

npm i github:blazephoenixxyz-crypto/SDK installs straight from the public repository. The examples directory ships a complete zero-custody Telegram bot (phoenix-bot) — commands in, quotes out, deep links to sign — plus a fill watcher and batch screener. Every quote the SDK relays was computed on-chain by the Quoter contract, so the bot inherits the protocol's honesty properties instead of trusting an off-chain price feed: what the user sees is what the chain computed.

import { BlazePhoenix, deepLink, toBaseUnits } from '@blazephoenix/sdk';

const bp = new BlazePhoenix();                      // no key, no config
const q = await bp.quote({ chain: 'base',
  in: 'ETH', out: 'BZPX',
  amountIn: toBaseUnits('0.5', 18) });
console.log('you would receive', q.amountOut);
// hand the user a link to sign in THEIR wallet:
console.log(deepLink({ chain: 'base', in: 'ETH', out: 'BZPX', amt: '0.5' }));

Do not trust this page — reproduce it

Every claim above is checkable against the chain. Start here:

npm i github:blazephoenixxyz-crypto/SDK && node -e "import('@blazephoenix/sdk').then(async ({BlazePhoenix}) => console.log(await new BlazePhoenix().health()))"

Contracts are verified on every chain we deploy to — addresses in the protocol manifest. Deeper formal treatment: the whitepaper (PDF).

Share this article · join the discussion

Related engineering