@alchemy/wallet-apis supports session keys through wallet_createSession and the grantPermissions SDK flow. This page covers the lower-level path: composing Modular Account V2 session-key permissions directly with @alchemy/smart-accounts. Use it when you need lower-level control for custom onchain validation and permission wiring.
Session keys work best when they are tightly scoped. Modular Account V2 gives you a flexible set of built-in permission types. These permissions are validated onchain, removing any dependency on an offchain engine and increasing security of users' accounts.
Use these to limit what a key can do, for how long, where it can call, and how much it can spend.
Supports limiting keys with a start and/or expiry time ranges
Supports limiting how much of a specific ERC-20 token a key may spend
Supports limiting how much native tokens, e.g. ETH on mainnet, a key can spend
Supports limiting function selectors and/or external contracts that a key may interact with.
Supports limiting what functions a key may call on the Modular Account (e.g. installing or uninstalling modules, or upgrading the account)
You can combine multiple permissions on a single session key. These can be layered to match the minimum required access for your use case.
Permissions are composable. You can apply multiple permissions to a single session key to tightly define its behavior.
Example: You could create a session key that:
- Expires after a configured time
- Can call just one staking contract
- Spend no more than 100 USDC
Use Case: One key is scoped to auto-stake a user's funds once a day, but only within a capped budget and only on a verified contract.
By combining permissions, you can build tailored, safe delegation schemes -- perfect for dApps, relayers, and complex workflows.