Account Permissions & Session Keys

A smart account can have two types of actors: Session Keys and Admins.

Admins

Admins have unrestricted access to the account; call any functions on the contract, use the contract without going through the ERC-4337 infrastructure (bundlers, EntryPoint, etc.), withdraw the account's native token balance, and so on.

Assigning Admin Permissions

Existing admins on the account can add new admins, remove existing admins or renounce their own admin status.


import { addAdmin } from "thirdweb/extensions/erc4337";
import { useSendTransaction, useActiveAccount } from "thirdweb/react";
import { getContract } from "thirdweb";
 
const { mutate: sendTransaction } = useSendTransaction();
const smartAccount = useActiveAccount();
 
const onClick = () => {
  if (!smartAccount) return;
  const transaction = addAdmin({
    contract: getContract({
      address: smartAccount.address,
      chain,
      client,
    }),
    account: smartAccount,
    adminAddress: "0x...", // the address of the new admin
  });
  sendTransaction(transaction);
};

Check out the API reference function for more information.

addAdmin

Function to add a new admin to the account

getAllAdmins

Function to get all admins of the account

removeAdmin

Function to remove an admin from the account

Session Keys

Session Keys are additional authorized signers that must go through ERC-4337 infrastructure (bundlers, EntryPoint, etc.) to use an account to execute transactions. Session keys can use an account under certain restrictions.

Assigning Session Key Permissions

Each individual session key has its own permissions to use the account. Only admins can set the permissions for session keys.

Session keys can be assigned the following permissions:

[Required] Allow interaction with specific contracts with the account ("*" for any contracts)
[Optional] Have a maximum amount of native tokens that can be transferred per transaction (defaults to 0 eth, transactions with value will be rejected)
[Optional] Have access to the account only during a specific time window (defaults to 10 years from now)


import { addSessionKey } from "thirdweb/extensions/erc4337";
import { useSendTransaction, useActiveAccount } from "thirdweb/react";
import { getContract } from "thirdweb";
 
const { mutate: sendTransaction } = useSendTransaction();
const smartAccount = useActiveAccount();
 
const onClick = () => {
  if (!smartAccount) return;
  const transaction = addSessionKey({
    contract: getContract({
      address: smartAccount.address,
      chain,
      client,
    }),
    account: smartAccount,
    sessionKeyAddress: "0x...", // the address of the new session key
    permissions: {
      approvedTargets: "*", // the addresses of allowed contracts, or '*' for any contract
      nativeTokenLimitPerTransaction: 0.1, // the maximum amount of native token (in ETH) that the session key can spend per transaction
      permissionStartTimestamp: new Date(), // the date when the session key becomes active
      permissionEndTimestamp: new Date(
        Date.now() + 24 * 60 * 60 * 1000,
      ), // the date when the session key expires
    },
  });
  sendTransaction(transaction);
};

Check out the API reference for more information.

addSessionKey

Function to add a new session key to the account

getAllActiveSigners

Function to get all session keys of the account

getPermissionsForSigner

Function to get the permissions assigned to a session key

removeSessionKey

Function to remove a session key from the account