Core Concepts/Session Keys

Session Keys

Session keys let you delegate limited spending authority to a sub-agent or external service without exposing your primary agent wallet.

What are session keys?

A session key is a scoped credential that can issue cards on behalf of your agent, within a defined spending cap, time window, and optional merchant restriction. Once the session expires or the cap is reached, the key is automatically invalidated.

ℹ

Session keys are enforced on-chain — there is no way to exceed the cap even if the session key is compromised.

Create a session key

session.ts

const session = await client.createSessionKey({
  expiresIn: 3600,       // 1 hour
  maxAmount: 100_00,     // $100 total spend cap
  merchant: 'openai.com',
})

// Pass session.key to your sub-agent
console.log(session.key)  // "sk_live_..."

Revoke a session key

Revoke at any time to immediately cut off spending authority.

revoke-session.ts

await client.revokeSessionKey(session.id)