Skip to main content

Session Keys

Session keys are ephemeral signing keys with built-in spending limits and expiration times. They allow you to authorize automated transactions without exposing your primary credentials — perfect for recurring billing, subscription renewals, and programmatic payments.
Session keys are only available for merchants using MPC wallets. If you are using an external wallet, you will need to migrate to MPC first.

Create a Session Key

merchant_id
string
required
Your merchant ID.
limit_usdc
number
required
Maximum spending limit for this session key in USDC. Must be between 1and1 and 1,000,000.
duration_days
integer
required
Number of days until the session key expires. Must be between 1 and 90.
passkey_signature
object
WebAuthn passkey authentication data. Required in production for security. In development/test mode, session keys can be created without passkey verification.Fields:
  • credential_id (string): WebAuthn credential ID
  • authenticator_data (string): Base64-encoded authenticator data
  • signature (string): Base64-encoded signature
  • client_data_json (string): Base64-encoded client data JSON

Example

Response


List Session Keys

Returns all session keys for the specified merchant.
merchant_id
string
required
Your merchant ID.

Get a Session Key

merchant_id
string
required
Merchant ID.
session_id
string
required
Session key ID.

Revoke a Session Key

Immediately deactivates a session key. Any in-progress transactions using this key will fail.
merchant_id
string
required
Merchant ID.
session_id
string
required
Session key ID to revoke.

Security Features

Session keys include several built-in security mechanisms:
Production environments require passkey (WebAuthn) authentication to create session keys. This prevents unauthorized session key creation even if your API key is compromised.

Lifecycle