Getting Started
- Welcome to thirdweb!
  - Intro to our resources
  - How to get support from the thirdweb team
  - Learn about how the Support AI Assistant works
Connect
- Auth
  - Auth FAQs
- Account Abstraction
  - Account Abstraction FAQs
- In-App Wallet
  - In-App Wallet FAQs
- Connect
  - Connect FAQs
Contracts
- Explore
  - Explore FAQs
- Publish
  - Publish FAQs
- Build
  - Build FAQs
- Deploy
  - Deploy FAQs
- Interact
  - Claim from drop contract using contract explorer
  - Interact FAQs
  - Importing non-thirdweb contracts into the Dashboard
  - Airdrop Contract Troubleshooting
  - Trouble Claiming from the Embed
  - Customizing the Embed
  - Batch Upload Troubleshooting
  - Transferring ownership of a contract
  - How to close Auction Listings in a Marketplace
  - Take a Snapshot of Existing Holders
  - openPack Function out of gas
  - NFT Drop claim function parameters
  - NFT metadata structure
  - WalletConnect Prefab Required for Connect Wallet (Native) Prefab
  - How to use the multicall() function
  - Start Token ID at 1 instead of 0
  - Why can’t I claim an NFT from the embed on mobile?
  - Where can I see the audited contract reports?
  - How can I get my NFTs to show up on OpenSea or other marketplaces?
  - What are Platform Fees?
  - Why am I unable to use the same token for staking and rewards?
  - Understanding gas, Gwei, and cost saving strategies
  - How to make your NFTs non-transferrable aka Soulbound
  - SetApprovalForAll: what it means to grant access to all your NFTs
  - Staking Contract Troubleshooting - Not Owned or Approved
Engine
- Engine
  - How to deploy thirdweb Engine to your local machine
  - How to deploy your self-hosted thirdweb Engine on the Railway
  - How to deploy contracts using OP Credits with thirdweb Engine
  - How to resolve ensure that your Engine is publicly accessible issue?
  - What is the difference between cloud-hosted and self-hosted thirdweb Engine?
How to
- React
  - How to migrate read-only hooks from thirdweb v4 to v5
  - How to get the signer for connected wallet
- Javascript
  - How to take a snapshot of an ERC721 collection
  - How to check if a provided address is a contract address or wallet address
  - How to verify a contract using thirdweb SDK
  - How to check if a contract is an ERC721/ERC1155/ERC20 contract
  - How to transfer an NFT
  - How to fetch contract metadata
  - How to retrieve tokenIds from the lazyMint method
  - How to shuffle items when lazy minting
  - How to get all tokenIDs in an NFT contract
- Others
  - How to update the metadata for multiple NFTs
  - How to find the contract address from your transaction hash after deploying a contract
  - How to upload a single NFT via thirdweb explorer?
  - How to secure your API Keys
  - How to transfer native tokens
  - How to add a custom RPC URL into your front-end, backend, or dashboard
  - How to add your EVM chain to thirdweb’s Chainlist?
Troubleshooting Errors
- Application Errors
  - “This action requires a connected wallet to sign the transaction. Please pass a valid signer to the SDK.”
  - 429 Client Error: Too Many Requests
  - Message: ethjs-query] while formatting outputs from RPC
  - Transaction underpriced
  - Replacement transaction underpriced
  - Unity Error: "Multiple precompiled assemblies with the same name Newtonsoft.Json.dll included on the current platform”
  - Unity SDK Error: this functionality is not yet supported on the current platform
  - How to share your console log errors
  - 401 Unauthorized
- Contract Errors
  - Execution Reverted: !Tokens
  - Execution reverted: !QTY
  - Execution reverted: ST
  - ERR_FAILED_413
  - Insufficient funds for gas * price + value / Insufficient funds for intrinsic transaction cost
  - Execution reverted: !BAL20
  - Execution reverted: !BALNFT
  - Execution reverted: proof claimed
  - Execution reverted: !ADMIN
  - Execution reverted: !CONDITION
  - Execution Reverted: Not within the sale window
  - Error: ERC20 - Transfer Amount Exceeds Allowance
  - Execution Reverted: !Amt Error
  - Error: Unauthorized - You don't have permission to use this service
  - Minter permission on smart contract
- CLI Errors
  - npm ERR! syscall spawn git
  - Issue linking device on the authorization page via thirdweb cli
Other FAQs
- Security & Privacy FAQs
  - Security & Privacy FAQ
- Billing FAQs
  - Billing FAQs
- Storage FAQs
  - Storage FAQs
- RPC Edge
  - RPC Edge FAQs
- Opensea/Secondary Marketplaces
  - NFTs Aren’t Revealing
  - My Collection is Not Showing Up
  - When will my collection show up on OpenSea?
- Block Explorers (i.e. Etherscan)
  - Token verification on Etherscan
  - Blockscout API contract verification
Payments
More

Security & Privacy FAQ

FAQs around thirdweb security and privacy

Have a security/privacy question or disclosure? Contact security@thirdweb.com.

What best practices does thirdweb follow?

TLS encryption in transit for internal and external communication with our backend and databases.

Required TLS encryption for third-party vendors.

Data backups and storage encrypted with AES-256.

GDPR and CCPA compliance within 90 days.

Granular data access for all thirdweb employees granted by business need.

Full audit logging on sensitive data access.

Security audit from HackerOne.

Bug bounty program for ethical hackers.

SOC-2 compliance certification (coming Q2 2023).

What user personally identifiable information (PII) is stored?

thirdweb stores user emails and only accesses them to send automated emails (e.g. after a completed purchase) or in rare cases to proactively reach out to resolve support issues. We don't store any other user PII.

How is credit card data stored?

thirdweb's payment provider(s) are certified to PCI Service Provider Level 1, the highest standard set by the payment card industry to ensure that credit card data is processed, stored or transmitted in a secure environment (source).

This data is never sent through thirdweb's servers.

How is password data stored?

thirdweb doesn't use passwords! Logging into a thirdweb Wallet and our Seller dashboard is done through password-less authentication tied to your email address. For this reason, please keep strong password hygiene and consider adding multi-factor authentication on your email account.

How is buyer identity verification data stored?

Buyer identification verification data (i.e. KYC) is transferred via TLS encrypted connections directly to our payment vendor(s) and uses AES-256 encryption at rest (source). This data is only accessible to employees whose job role may require reviewing KYC.

This data is never sent through thirdweb's servers.

How is seller identity verification data stored?

Seller identity verification data (i.e. KYB) that you upload in the dashboard is uploaded via TLS encrypted connections with a time-limited pre-signed URL to thirdweb's S3 AWS bucket. The S3 bucket is not exposed to the public internet, is encrypted with an AWS KMS-managed key, has all employee interactions logged, and is only accessible to key employees whose job role requires reviewing KYB.

This data is never sent through thirdweb's servers.

How does thirdweb handle GDPR data access or deletion requests?

Contact us at security@thirdweb.com to request your data to be provided or deleted. We will comply with the request within 90 calendar days.

Does thirdweb go through security audits?

Yes. Our architecture and codebase are currently undergoing a full code review audit performed by HackerOne, a leading cybersecurity company.

Does thirdweb offer rewards for responsible disclosures of security vulnerability?

Yes. At the team's discretion, thirdweb may offer monetary bounties for security vulnerabilities that are responsibly disclosed to security@thirdweb.com that are considered novel with high customer impact.

You can find thirdweb’s bug bounty program here.

Did this answer your question?

😞

😐

🤩

Issue linking device on the authorization page via thirdweb cli Billing FAQs