Skip to main content
Smart Sessions let a wallet owner grant a remote party (a backend, an app’s own server, or a partner service) limited, time-bounded, revocable access to send transactions from their wallet. The remote party submits transactions without the wallet owner being online; the wallet’s on-chain Sessions Module enforces every permission.

The problem Smart Sessions solve

Standard wallet UX requires the user to approve every transaction. For recurring payments, scheduled transfers, batch settlements, and multi-step checkouts, that is unacceptable friction. Smart Sessions replace per-transaction approvals with a scoped, time-limited permission grant enforced on-chain.

The three-actor model

ActorRole
Client appThe wallet owner’s app. Authenticated with a wallet-bound credential. Authorizes the remote party by calling AuthorizeRemoteAccess.
Remote backendThe remote party. Generates a remote access credential keypair. Uses it to sign API requests via the Oms-Wallet-Signature header.
WaaSManages session keys, wallet config updates, and on-chain signing.

Setup flow

1

Register a credential

The remote backend calls RegisterCredential once to create a remote access credential. WaaS returns a credentialId. This step is done once; the same credential can later be authorized for multiple wallets.
2

Share the credential ID

The remote backend shares its credentialId with the client app out-of-band.
3

Authorize remote access

The client app calls AuthorizeRemoteAccess with the credentialId, the walletId, the permissions (allowed contracts, methods, value limits), and an expiry. WaaS generates a session key inside the enclave, updates the wallet config to include that key in the Sessions Module, and records the binding.
4

Share the wallet ID

The client app shares the walletId with the remote backend out-of-band. The remote backend uses this walletId when calling PrepareEthereumTransaction or PrepareEthereumContractCall.

Operating a session

Once authorized, the remote backend calls PrepareEthereumTransaction or PrepareEthereumContractCall with the walletId, then Execute to submit. WaaS signs with the session key inside the enclave; the Sessions Module on-chain validates every call against the permissions before executing.

Revocation

Two revocation paths are available:
  • The wallet owner can revoke a specific binding at any time via RevokeAccess (single-wallet form). This removes the session entry from the Sessions Module and deletes the binding.
  • The remote backend can call RevokeCredential against its own credential to retire every wallet binding it holds. This is useful for key rotation or in case of compromise.

What sessions can and cannot do

  • Sessions are bounded by the permissions the wallet owner approved at AuthorizeRemoteAccess time. The Sessions Module rejects transactions outside that scope at the contract level.
  • Sessions cannot exceed the credential’s ExpiresAt.
  • The session key never leaves the enclave.
  • The remote party cannot modify session parameters after authorization. It can only retire its credential via RevokeCredential.

Further reading

Technical deep dive

How the Sessions Module is structured in the wallet’s V3 config tree, how session keys are generated, and how on-chain enforcement works.

Wallet configuration

The on-chain configuration tree that holds the Sessions Module.