How Embedded Wallets Work?
MetaMask Embedded Wallets (formerly Web3Auth) operate as wallet infrastructure, providing enhanced flexibility and security for decentralized applications (dApps) and blockchain wallets. Throughout this documentation, we'll explore the functionality of MetaMask Embedded Wallets, showcasing how it produces unique cryptographic key providers for each user and application.
High-Level Architecture
The Embedded Wallet SDKs live solely on the user/application's front-end client and handle the interactions between OAuth providers and the Web3Auth Network.
The diagram below describes the relationship between the SDKs and integrating applications. It also depicts the difference between the products that power the infrastructure for a developer-friendly integration.

Wallet Management Infrastructure
The Wallet Management Infrastructure enhances security by distributing a user's wallet across various key shares, thereby avoiding direct exposure of seed phrases. These key shares form a 'web of trust' and enable wallet management akin to multi-factor account handling. Users employ OAuth logins, trusted devices, and other factors to manage their cryptographic key pairs. Importantly, the complete private keys are not stored anywhere within the Wallet Infrastructure system, including our databases or any participating nodes.
To create a social login share, users interact with the Web3Auth Network, where key generation operates via a 5/9 consensus system. This setup guarantees that wallets remain non-custodial, ensuring that neither MetaMask, Social Login Providers, nor any other party holding a key share can claim full ownership.
For managing wallets, our infrastructure uses various cryptographic techniques such as Shamir's Secret Sharing, Threshold Cryptography, and Multi Party Computation. To learn more about how we manage wallets, please refer to our Wallet Management and Security of our Infrastructure.
Is MetaMask Embedded Wallets a Wallet?
MetaMask Embedded Wallets is not a wallet, but rather a wallet infrastructure that can be integrated into any application. It provides customizable authentication flows for dApps and blockchain wallets, solving user onboarding and key management challenges.
Unlike traditional wallets that can limit user experience, MetaMask Embedded Wallets enables developers to create tailored flows without requiring users to understand complex blockchain concepts. It provides a cryptographic key provider that can be used to build custom wallets or integrate with existing ones through Web3Auth's external wallet adapters.
Is It Scalable?
The infrastructure is built to handle millions of users. Our architecture provides:
- Global availability across multiple regions with consistent low-latency performance worldwide
- Automatic horizontal scaling that adjusts capacity based on demand, eliminating bottlenecks and ensuring uninterrupted service
- Enhanced security and reliability through distributed MPC architecture, maintaining a track record of zero downtime over three years of operation
- Enterprise-grade infrastructure running on Kubernetes orchestration for maximum reliability and performance
Note: The SDKs are referred to as MetaMask Embedded Wallet SDKs (formerly Web3Auth Plug and Play SDKs). Package names and APIs remain "Web3Auth" (for example, Web3Auth React SDK), and code snippets may reference web3auth
identifiers.