> ## Documentation Index
> Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt
> Use this file to discover all available pages before exploring further.

# Smart Sessions

> Grant a remote backend or in-app flow limited, time-bounded, revocable access to send transactions from a user's wallet, enforced on-chain.

Smart Sessions let a wallet owner grant a remote party (a backend, an app's own server, or a partner service) limited, time-bounded, revocable access to send transactions from their wallet. The remote party submits transactions without the wallet owner being online; the wallet's on-chain Sessions Module enforces every permission.

## The problem Smart Sessions solve

Standard wallet UX requires the user to approve every transaction. For recurring payments, scheduled transfers, batch settlements, and multi-step checkouts, that is unacceptable friction. Smart Sessions replace per-transaction approvals with a scoped, time-limited permission grant enforced on-chain.

## The three-actor model

| Actor              | Role                                                                                                                                  |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
| **Client app**     | The wallet owner's app. Authenticated with a wallet-bound credential. Authorizes the remote party by calling `AuthorizeRemoteAccess`. |
| **Remote backend** | The remote party. Generates a remote access credential keypair. Uses it to sign API requests via the `Oms-Wallet-Signature` header.   |
| **WaaS**           | Manages session keys, wallet config updates, and on-chain signing.                                                                    |

## Setup flow

<Steps>
  <Step title="Register a credential">
    The remote backend calls `RegisterCredential` once to create a remote access credential. WaaS returns a `credentialId`. This step is done once; the same credential can later be authorized for multiple wallets.
  </Step>

  <Step title="Share the credential ID">
    The remote backend shares its `credentialId` with the client app out-of-band.
  </Step>

  <Step title="Authorize remote access">
    The client app calls `AuthorizeRemoteAccess` with the `credentialId`, the `walletId`, the permissions (allowed contracts, methods, value limits), and an expiry. WaaS generates a session key inside the enclave, updates the wallet config to include that key in the Sessions Module, and records the binding.
  </Step>

  <Step title="Share the wallet ID">
    The client app shares the `walletId` with the remote backend out-of-band. The remote backend uses this `walletId` when calling `PrepareEthereumTransaction` or `PrepareEthereumContractCall`.
  </Step>
</Steps>

## Operating a session

Once authorized, the remote backend calls `PrepareEthereumTransaction` or `PrepareEthereumContractCall` with the `walletId`, then `Execute` to submit. WaaS signs with the session key inside the enclave; the Sessions Module on-chain validates every call against the permissions before executing.

## Revocation

Two revocation paths are available:

* The wallet owner can revoke a specific binding at any time via `RevokeAccess` (single-wallet form). This removes the session entry from the Sessions Module and deletes the binding.
* The remote backend can call `RevokeCredential` against its own credential to retire every wallet binding it holds. This is useful for key rotation or in case of compromise.

## What sessions can and cannot do

* Sessions are bounded by the permissions the wallet owner approved at `AuthorizeRemoteAccess` time. The Sessions Module rejects transactions outside that scope at the contract level.
* Sessions cannot exceed the credential's `ExpiresAt`.
* The session key never leaves the enclave.
* The remote party cannot modify session parameters after authorization. It can only retire its credential via `RevokeCredential`.

## Further reading

<CardGroup cols={2}>
  <Card title="Technical deep dive" href="/wallets/smart-sessions-deep-dive">
    How the Sessions Module is structured in the wallet's V3 config tree, how session keys are generated, and how on-chain enforcement works.
  </Card>

  <Card title="Wallet configuration" href="/wallets/wallet-configuration">
    The on-chain configuration tree that holds the Sessions Module.
  </Card>
</CardGroup>
