Best Practices

Recommended patterns for cilantro-sdk and cilantro-react

Best Practices

  1. Configure once at startup; use setAuth when the user logs in or the token changes. See Configuration.

  2. React apps — Use CilantroProvider and useAuth / useWallet; the provider sets the JWT when the user logs in. See React Setup.

  3. Polyfills — Import cilantro-sdk/polyfills at the very top of your browser entry file.

  4. Non-custodial in browser — Use a storage adapter (e.g. IndexedDB) and pass deviceKeyManager wherever helpers need it; never skip it for email/phone signers. See Helpers.

  5. Prefer helpers for email/phone/passkey: createEmailSignerHelper, getEmailSignerKeypair, sendSOLWithSigner, etc., instead of raw wallet API + manual key handling.

  6. Errors — Use extractErrorMessage (and extractResponseData if you prefer unwrapping); handle DeviceKeyNotFoundError and DeviceKeyMismatchError with a clear message (e.g. "Re-create the signer on this device"). See Response and errors and Error handling.

  7. Secrets — Never hardcode API keys; use environment variables.

Next steps

Response and Errors

extractResponseData and extractErrorMessage

Configuration

setAuth, storage, polyfills

React Setup

CilantroProvider and hooks

Error Handling

SDK error classes and recovery

Best Practices | Cilantro Smart Wallet Docs | Cilantro Smart Wallet