Trust Surface

Fast execution without turning the platform into a custody trap

Most trading products ask the user to trust the platform with too much. Corto.Fun is built around a simpler promise: make execution fast, but keep the wallet recovery path with the user. You trade with an API key, yet the wallet can still be restored outside Corto at any time with the saved private key.

Core promise: if Corto.Fun goes offline, the user still has a way out. The saved private key restores direct access to the wallet without needing the platform to approve a withdrawal.

Why this matters commercially: a product is easier to trust, easier to explain, and easier to adopt when users do not feel trapped inside it. Corto also includes a free Data Stream so teams can watch real messages in the Data Stream Builder, adjust filters live, and validate payloads before writing production clients.

How the model works

Short version: generate the wallet bundle, save both keys, trade through the API key, and keep the private key as the recovery path outside the platform.

Generate

Create the wallet bundle once in Wallet Tools. Corto shows the public key, private key, and API key to the user during generation.

Save 2 keys

Save both the private key and the API key. They are shown only once during generation.

Import and fund wallet

Import the private key into any Solana wallet you trust, fund it with SOL, and start trading through the Lightning Builder.

Trade and keep the exit

Use the API key for day-to-day trading, while the private key stays with the user as the fallback path to move funds outside the platform.

No trapped balance

Funds are not parked in a platform-only trading balance, and access to withdrawal does not depend on Corto being online.

No private key in routine flow

The standard trading path works through the API key instead of requiring the user to send the private key in routine requests.

No fake retention tricks

The model is built around usable infrastructure, not around creating conditions that force people to rely only on platform tools.

Free public stream

Teams can watch create, trade, migration, and pool events in one place through the Data Stream Builder and its reference pages.

Live filter updates

The stream scope can be changed through control messages on the same socket instead of reconnecting every time.

Faster integration work

Developers can verify real envelopes, nullable fields, and service replies before wiring the stream into production code.

Why this model is easier to trust

Model	How it usually works	Main risk	Why Corto is different
Internal trading wallet	The user deposits funds into a platform wallet or subaccount and trades entirely inside that system.	If the service is down or slows withdrawals, the user depends on the platform to regain access.	Corto keeps the recovery path with the user because the wallet can still be restored outside the platform, for example in Phantom or Solflare.
Service stores funds	The product directly holds or controls user assets as part of normal operation.	The trust burden becomes much higher and one serious failure can damage the product permanently.	Corto is positioned as execution infrastructure, not as a place that should hold customer money.
Private key in normal flow	The developer passes or manages the private key in routine requests, bots, or service config.	That creates avoidable operational risk and immediately raises trust concerns for serious teams.	Corto generates a wallet bundle with a public key, private key, and API key, shows it to the user once, and does not store those values for later recovery. Day-to-day trading then runs through the API key.

What this means for the user

Less platform fear

The user is not being asked to trust a black-box balance that only the platform can release.

Cleaner operations

Teams get a fast server-side trading path without building the whole execution stack from scratch.

A story users actually accept

This model is easier to explain honestly to cautious users, bot operators, and B2B integrations that do not want hidden custody risk.

Wallet tools and key safety

Wallet bundle: Corto generates a public key, private key, and API key, shows them to the user during wallet generation, and does not keep them for later recovery. The private key and API key must be stored by the user.

What must be saved

Save the private key and the API key when the wallet bundle is generated. The public key is shown too, but the private key and API key are the critical values that cannot be recovered later.

If the private key is lost

The wallet cannot be restored, and funds left in that wallet are effectively lost.

If the API key is lost

Lightning trading access is lost, but anyone who still has the private key can restore the wallet and move funds outside Corto.

Why the model works this way

Corto does not keep a recoverable copy of customer keys. That keeps ownership explicit and avoids turning the platform into a hidden custodian.

FAQ

Why is this safer than an internal trading wallet?

Because the user does not depend on a platform-only balance or a withdrawal queue to regain control of funds.

Why is this safer than sending a private key in normal trade flow?

Because it removes the risk of exposing the private key in routine trading requests. A leaked API key is still dangerous because it can submit trading instructions, but it is less dangerous than a leaked private key because it does not allow the attacker to withdraw funds from the wallet.

What happens if Corto.Fun is offline?

The user still has the private key shown during wallet generation and can restore the wallet outside Corto.

Can Corto recover lost keys?

No. The private key and API key are shown once during generation and must be stored by the user.

Does this remove all trust risk?

No. Lightning transactions are still executed server-side, so trust in uptime and execution logic still matters. What this removes is one of the worst risks: dependence on the platform because user funds are trapped inside it.

Who is this best for?

Bots, trading scripts, Telegram bots, server-to-server integrations, careful solo developers, and teams that need a fast start without handing everything over to the platform.

When should I use Local Build instead?

Use Local Build when you want the API to prepare an unsigned transaction and keep signing entirely on the wallet side.

Start from the right page

Lightning builder

Use the main trading form for fast server-side execution.

Open lightning

Data Stream

Inspect the free WebSocket stream, copy control messages, and watch live JSON in the browser.

Open data stream

Wallet tools

Generate the wallet bundle, save both keys, and keep recovery under your own control.

Open wallet

Local build

Build unsigned transactions when you want signing to stay fully on the wallet side.

Open local build

Examples

Start from runnable examples for bots, relays, analytics, and local wallet flows.

Open examples