Dynamic also supports Google Drive backup as an alternative cloud storage option. See the Google Drive backup documentation for setup instructions.
CloudKit setup and configuration
To enable iCloud recovery, your application must be connected to a CloudKit container associated with its bundle identifier. If you do not already have a container, you can create and attach one through the Apple Developer Portal. Existing containers may be reused. Refer to Apple’s CloudKit documentation for detailed guidance. Once the container is available, configure the CloudKit schema used to store recovery data. Dynamic relies on a dedicated private CloudKit schema for user client key shares. The schema uses a record type namedBackup with a single field named backupData (type: string).
This schema must be imported using the Import Schema option in the CloudKit dashboard. After importing, deploy the schema to the Production environment. All iCloud recovery operations should use the production deployment going forward.
Next, create API tokens in the production CloudKit environment to allow the Dynamic SDK to interact with your CloudKit container. For web integrations, use a descriptive token name, set the Sign In Callback to Post Message, and keep all other settings at their default values.
After CloudKit is fully configured, open the Dynamic Dashboard and navigate to Embedded Wallets > Advanced Settings > Backup & Recovery > Apple iCloud. In the Recovery section, enable iCloud as a user-managed recovery option and provide your CloudKit container ID along with the appropriate API token(s).
Enable in Dynamic dashboard
Navigate to your Dynamic Dashboard and enable iCloud as a backup option in your embedded wallet settings.How iCloud backup works
iCloud backup uses a secure, sandboxed, cross-origin iframe for authentication. This iframe:- Renders the iCloud authentication UI
- Cannot be accessed or manipulated by your application
- Handles all sensitive authentication operations securely
Implementation
To implement iCloud backup, you need to provide an iframe container element. TheuseWalletBackup hook provides methods specifically for iCloud:
Basic iCloud backup flow
iCloud-specific methods
| Method | Description |
|---|---|
showICloudAuth(container, chain) | Displays the iCloud authentication UI in the provided container |
checkICloudAuth(chain) | Checks if the user is authenticated with iCloud |
hideICloudAuth(chain) | Hides the iCloud authentication UI |
Backing up all wallets to iCloud
Key differences from Google Drive
| Feature | Google Drive | iCloud |
|---|---|---|
| OAuth required | Yes | No |
| Iframe required | No | Yes |
| Account linking | Required before backup | Not required |
| Authentication | Google OAuth flow | Iframe-based auth |
Access and authentication considerations
Only end users can access their client key shares. Although the CloudKit database is owned by your application, data access is restricted to the authenticated iCloud user. Apple authentication is not required for iCloud recovery.Important notes
- The iframe container must be mounted and visible when performing iCloud operations
- iCloud authentication runs in a secure, sandboxed environment that you cannot access
- The
displayContainerparameter is required for all iCloud backup operations - Users do not need to link an iCloud account beforehand—authentication happens during the backup flow
Programmatic backup management
For complete API documentation, see theuseWalletBackup hook reference, which covers all backup methods including:
backupWallet- Back up a single walletbackupAllWallets- Back up multiple walletsstartBackup- Start backup with progress trackinggetSupportedProviders- Get available backup providers
Webhook event
When a user successfully backs up their key shares to iCloud, Dynamic fires thewallet.keyShares.backedUpToExternal webhook event. You can use this to track backup status or trigger follow-up actions in your application. See webhook events for more details.