What Are Session Keys?
Session Keys allow you to add multiple signers to smart wallet with scoped permissions that are validated onchain. This unlocks:
- Multiple owners for wallets
- Automated tasks like claiming rewards or recurring payments
- Stronger security by limiting exposure of the main account key
They’re ideal for reducing UX friction while maintaining onchain guarantees.
Skip duplicate confirmations
With session keys, users don’t need to approve every dapp interaction using their main wallet. Instead, a dapp can use a session key to perform follow-up actions — fast and frictionless — all within a defined scope.
Example: Enabling auto-approval for repeated steps like claiming testnet tokens or submitting votes to reduce user friction of having to sign many transactions.
Session keys unlock a simplified authentication process by allowing users to interact with apps without needing to confirm each action using their primary key. Instead, users create a session key with permissions specific to the app, then the app can use that key for future actions from the apps server or client. This speeds up the user interaction and provides a smoother experience and allows apps to have secure server side wallet control.
Automate actions
Use session keys to run workflows without needing user input each time. Automate:
- Claim flows
- Token approvals
- Recurring transactions
By granting only the necessary permissions, session keys ensure automation stays secure.
Users and apps can automate actions within predefined limits using specific on-chain permissions. Session keys can be used to streamline processes like recurring payments, contract interactions, or any activity that benefits from automation.
Securely delegate access
Session keys reduce exposure of the main private key by creating temporary or restricted alternatives. Even if compromised, session keys limit damage because they’re restricted to only the permissions you defined, not your entire account.
Session keys reduce risk by limiting access:
- They’re scoped to specific actions
- Can expire after a set time
- Can be revoked independently of the main account key
By delegating authorization to a separate key, the exposure of the main private key is minimized.
Build with granular permissions
Session keys are safe because they’re built on a flexible permission system. You control exactly what a session key can do, when it can act, and how much it can spend.
Modular Account V2 includes a growing library of permission types — from spending limits and time windows to contract allowlists and function restrictions. You can also build custom permission modules for specialized use cases.
This granular control lets you create session keys that are perfectly scoped for each use case, whether that’s a one-time NFT mint, recurring DeFi interactions, or complex multi-step workflows.
Want to build your own permission system? Let us know — Modular Account V2 is designed to plug in custom modules easily.