@alchemy/wallet-apis supports session keys through wallet_createSession and the grantPermissions SDK flow. This section covers the lower-level path: managing Modular Account V2 session keys directly with @alchemy/smart-accounts and viem's bundler client. Use it when you need lower-level control for custom onchain validation and permission wiring.
Session Keys allow you to add multiple signers to a smart account with scoped permissions that are validated onchain. This unlocks:
- Multiple owners for accounts
- Automated tasks like claiming rewards or recurring payments
- Stronger security by limiting exposure of the main account key
They're ideal for reducing UX friction while maintaining onchain guarantees.
With session keys, users don't need to approve every dApp interaction using their main account key. Instead, a dApp can use a session key to perform follow-up actions -- fast and frictionless -- all within a defined scope.
Example: Enabling auto-approval for repeated steps like claiming testnet tokens or submitting votes to reduce user friction of having to sign many transactions.
Session keys unlock a simplified authentication process by allowing users to interact with apps without needing to confirm each action using their primary key. Instead, users create a session key with permissions specific to the app, then the app can use that key for future actions from the app's server or client. This speeds up the user interaction, provides a smoother experience, and allows apps to have secure server side account control.
Use session keys to run workflows without needing user input each time. Automate:
- Claim flows
- Token approvals
- Recurring transactions
By granting only the necessary permissions, session keys ensure automation stays secure.
Users and apps can automate actions within predefined limits using specific onchain permissions. Session keys can be used to streamline processes like recurring payments, contract interactions, or any activity that benefits from automation.
Session keys reduce exposure of the main private key by creating temporary or restricted alternatives. Even if compromised, session keys limit damage because they're restricted to only the permissions you defined, not your entire account.
Session keys reduce risk by limiting access:
- They're scoped to specific actions
- Can expire after a set time
- Can be revoked independently of the main account key
By delegating authorization to a separate key, the exposure of the main private key is minimized.
Session keys are safe because they're built on a flexible permission system. You control exactly what a session key can do, when it can act, and how much it can spend.
Modular Account V2 includes a growing library of permission types — from spending limits and time windows to contract allowlists and function restrictions. You can also build custom permission modules for specialized use cases.
This granular control lets you create session keys that are perfectly scoped for each use case, whether that's a one-time NFT mint, recurring DeFi interactions, or complex multi-step workflows.
Want to build your own permission system? Let us know — Modular Account V2 is designed to plug in custom modules easily.