Introducing MagicBlock Private Payments API

Every transaction on Solana is public by default. The sender, the recipient, the amount, the timestamp are all permanently visible onchain. For most use cases, transparency is a feature, but for payments it’s a big problem.

Fintechs and payment processors cannot meaningfully move value onchain if all the financial details of those transactions are broadcast to everyone watching. Financial privacy is a prerequisite for commerce.

Today, we're announcing MagicBlock Private Payment API, an abstraction layer that enables businesses on Solana to add confidential and compliant USDC transfers to their application in minutes.

How it works under the hood

The API is an abstraction layer built on top of four MagicBlock primitives: delegation of native SPL, Private Ephemeral Rollups (PER), delegation action scheduling, and a built-in crank. Together, they orchestrate a two-leg payment flow that begins on Solana and ends on Solana, going through a private execution environment that prevents exposing the connection between sender, amount, and recipient onchain.

First leg: delegation and delegation Action. The user's USDC is delegated from their Solana address into a Private Ephemeral Rollup (PER). The delegation transaction already contains all the information needed for the second leg: the recipient address, the payment split into an arbitrary number of transactions, and any time delays, all committed at delegation time and enforced by the PER. The recipient address is encrypted onchain using the PER validator key pair. 

PERs leverages Trusted Execution Enviroments (TEEs) to enforce confidentiality. Once the native SPL tokens are delegated, the PER clones the accounts on demand and processes the instructions in the private execution environment, without the parameters being readable publicly. 

A built-in crank reads the embedded schedule, whether it’s a split of the payments or delay windows, and queues each commit accordingly. The built-in crank avoids an external keeper or additional infrastructure and ensures the commits follow the requested schedule in a timely manner.

Second leg: settlement. The crank commits each payment leg from the PER back to Solana, landing USDC at the recipient address with the desired time delays and amount splits. From the perspective of onchain observers, there is no traceable link between the originating wallet and the destination.

How it works for developers 

The entire flow above is abstracted behind a single API call. Pass in a sender address, a recipient address, an amount, and optional scheduling parameters. The API handles everything else.
‍

Access Tokens: Clients authenticate by signing a challenge from the TEE RPC. Successful authentication yields a token that grants access to the permissioned state. The token is passed as a query parameter when creating connections.

1curl --request POST \
2  --url https://payments.magicblock.app/v1/spl/transfer \
3  --header 'Content-Type: application/json' \
4  --data '
5{
6  "from": "3rXKwQ1kpjBd5tdcco32qsvqUh1BnZjcYnS5kYrP7AYE",
7  "to": "Bt9oNR5cCtnfuMmXgWELd6q5i974PdEMQDUE55nBC57L",
8  "mint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
9  "amount": 1000000,
10  "visibility": "private",
11  "fromBalance": "base",
12  "toBalance": "base",
13  "initIfMissing": true,
14  "initAtasIfMissing": true,
15  "initVaultIfMissing": true,
16  "memo": "Order #1042",
17  "minDelayMs": "0",
18  "maxDelayMs": "0",
19  "split": 1
20}
21'

‍

Split payments and time-delayed disbursements are first-class parameters. A single instruction can schedule a payment across multiple recipients, or release funds in tranches, all executed automatically by the crank. Additionally, developers can also integrate directly with the SDKs or CPI from their smart contracts

The user experience is one toggle

On the product side, enabling private transfers requires no change to existing user flows. Wallets and payment providers can choose to expose a "Send Privately" toggle. When the toggle it's on, the payment routes through the PER. When it's off, it falls back to a standard onchain transfer. The privacy layer is fully opt-in and invisible to the end user.

Compliance is built in

MagicBlock Private Payment API includes wallet screening and transaction-level checks as part of every payment request. Flagged addresses are rejected before delegation occurs. Developers inherit a compliant privacy layer without building or maintaining screening infrastructure themselves. An additional geofencing prevents entities from OFAC-sanctioned jurisdictions from interacting with the system. 

We believe financial privacy and regulatory compliance are not in conflict. PERs ensure transaction details are shielded from the public, but the compliance layer ensures the system cannot be used to move funds linked to sanctioned addresses, restricted jurisdictions or illicit activity. Both are non-negotiable and included by default in the system. 

AI ready

The Private Payment API is available as an MCP server, meaning AI agents can call it natively through any MCP-compatible framework today. An agent can initiate, schedule, and split private USDC transfers the same way a developer would. Looking ahead, the API will add support for the x402 and MPP (Machine Payment Protocol) standards, enabling agents to pay for resources and services privately, with the same compliance and confidentiality guarantees built into every human-initiated transfer.

Get started

The Private Payment API and it's demo is available today in beta on Solana Mainnet and Devnet. Documentation for REST API, as well as TypeScript and Rust SDKs, is available in the developer portal. Join the MagicBlock Discord or Builder chat for integration support and to share feedback.

Private Payments Demo: one.magicblock.app
MagicBlock Private Payments API docs: docs.magicblock.gg/pages/private-ephemeral-rollups-pers/api-reference/per/introduction
MagicBlock Builders Telegram group: t.me/+BIGP7f2TA_phODVi