Documentation Index
Fetch the complete documentation index at: https://docs.chipipay.com/llms.txt
Use this file to discover all available pages before exploring further.
Session keys enable temporary, delegated transaction execution for CHIPI wallets. This page documents all available session methods.
sessions.createSessionKey()
Generate a session keypair locally. The SDK returns the data but does NOT store it.
const session = sdk.sessions.createSessionKey({
encryptKey: "user-secure-pin",
durationSeconds: 3600, // Optional, default: 21600 (6 hours)
});
Parameters
| Parameter | Type | Required | Description |
|---|
encryptKey | string | Yes | PIN to encrypt the session private key |
durationSeconds | number | No | Session duration in seconds. Default: 21600 (6 hours) |
Return Value
Returns a SessionKeyData object:
{
publicKey: string; // Stark public key (hex format)
encryptedPrivateKey: string; // AES encrypted private key
validUntil: number; // Unix timestamp (seconds)
}
Example
// Create a 1-hour gaming session
const session = sdk.sessions.createSessionKey({
encryptKey: userPin,
durationSeconds: 60 * 60, // 1 hour
});
// Store in client-side secure storage (NOT your database!)
localStorage.setItem('chipiSession', JSON.stringify(session));
console.log(`Session expires at: ${new Date(session.validUntil * 1000)}`);
Store session data only in client-side secure storage (localStorage, Secure Enclave, Keychain). Never in your backend database.
sessions.addSessionKeyToContract()
Register a session key on the CHIPI wallet smart contract. Requires owner signature.
const txHash = await sdk.sessions.addSessionKeyToContract({
encryptKey: "user-secure-pin",
wallet: {
publicKey: "0x...",
encryptedPrivateKey: "...",
walletType: "CHIPI",
},
sessionConfig: {
sessionPublicKey: session.publicKey,
validUntil: session.validUntil,
maxCalls: 100,
allowedEntrypoints: [],
},
}, bearerToken);
Parameters
| Parameter | Type | Required | Description |
|---|
encryptKey | string | Yes | PIN to decrypt owner’s private key |
wallet | WalletData | Yes | User’s wallet data with walletType: "CHIPI" |
sessionConfig.sessionPublicKey | string | Yes | Public key from createSessionKey() |
sessionConfig.validUntil | number | Yes | Unix timestamp when session expires |
sessionConfig.maxCalls | number | Yes | Maximum transactions allowed |
sessionConfig.allowedEntrypoints | string[] | Yes | Whitelisted selectors. Empty = all allowed |
bearerToken | string | Yes | Valid JWT from your auth provider |
Return Value
Returns a Promise<string> with the transaction hash.
Example
// Register session with restricted permissions
const txHash = await sdk.sessions.addSessionKeyToContract({
encryptKey: userPin,
wallet: {
publicKey: wallet.publicKey,
encryptedPrivateKey: wallet.encryptedPrivateKey,
walletType: "CHIPI",
},
sessionConfig: {
sessionPublicKey: session.publicKey,
validUntil: session.validUntil,
maxCalls: 50,
allowedEntrypoints: [
"0x83afd3f4caedc6eebf44246fe54e38c95e3179a5ec9ea81740eca5b482d12e", // transfer
],
},
}, bearerToken);
console.log(`Session registered: https://starkscan.co/tx/${txHash}`);
This uses gasless transactions via the Chipi paymaster. Users don’t need STRK for gas.
executeTransactionWithSession()
Execute a transaction using a session key instead of the owner’s private key.
const txHash = await sdk.executeTransactionWithSession({
params: {
encryptKey: "user-secure-pin",
wallet: {
publicKey: "0x...",
encryptedPrivateKey: "...",
walletType: "CHIPI",
},
session: {
publicKey: "0x...",
encryptedPrivateKey: "...",
validUntil: 1702500000,
},
calls: [
{
contractAddress: "0x...",
entrypoint: "transfer",
calldata: ["0x...", "100", "0x0"],
},
],
},
bearerToken,
});
Parameters
| Parameter | Type | Required | Description |
|---|
params.encryptKey | string | Yes | PIN to decrypt session private key |
params.wallet | WalletData | Yes | User’s wallet data |
params.session | SessionKeyData | Yes | Session from createSessionKey() |
params.calls | Call[] | Yes | Array of contract calls to execute |
bearerToken | string | No | JWT token (uses SDK default if not provided) |
Return Value
Returns a Promise<string> with the transaction hash.
Example
// Execute transfer using session (no owner key needed!)
const txHash = await sdk.executeTransactionWithSession({
params: {
encryptKey: userPin,
wallet: { ...wallet, walletType: "CHIPI" },
session,
calls: [
{
contractAddress: USDC_CONTRACT,
entrypoint: "transfer",
calldata: [recipientAddress, amount, "0x0"],
},
],
},
bearerToken,
});
console.log(`Transfer executed: https://starkscan.co/tx/${txHash}`);
Signature Format: Session transactions use a 4-element signature [sessionPubKey, r, s, validUntil] instead of the owner’s 2-element [r, s]. The SDK handles this automatically.
sessions.revokeSessionKey()
Remove a session key’s authorization from the CHIPI wallet contract.
const txHash = await sdk.sessions.revokeSessionKey({
encryptKey: "user-secure-pin",
wallet: {
publicKey: "0x...",
encryptedPrivateKey: "...",
walletType: "CHIPI",
},
sessionPublicKey: session.publicKey,
}, bearerToken);
Parameters
| Parameter | Type | Required | Description |
|---|
encryptKey | string | Yes | PIN to decrypt owner’s private key |
wallet | WalletData | Yes | User’s wallet data with walletType: "CHIPI" |
sessionPublicKey | string | Yes | Public key of session to revoke |
bearerToken | string | Yes | Valid JWT from your auth provider |
Return Value
Returns a Promise<string> with the transaction hash.
Example
// Revoke session on logout
const handleLogout = async () => {
const sessionStr = localStorage.getItem('chipiSession');
if (sessionStr) {
const session = JSON.parse(sessionStr);
await sdk.sessions.revokeSessionKey({
encryptKey: userPin,
wallet: { ...wallet, walletType: "CHIPI" },
sessionPublicKey: session.publicKey,
}, bearerToken);
localStorage.removeItem('chipiSession');
}
await authProvider.signOut();
};
Always revoke sessions on logout to prevent unauthorized access.
sessions.getSessionData()
Query the on-chain status of a session key.
const sessionData = await sdk.sessions.getSessionData({
walletAddress: "0x...",
sessionPublicKey: "0x...",
});
Parameters
| Parameter | Type | Required | Description |
|---|
walletAddress | string | Yes | The CHIPI wallet address |
sessionPublicKey | string | Yes | Public key of the session to query |
Return Value
Returns a Promise<SessionDataResponse>:
{
isActive: boolean; // true if session is valid and not revoked
validUntil: number; // Unix timestamp of expiration
remainingCalls: number; // Transactions remaining before limit
allowedEntrypoints: string[]; // Whitelisted function selectors
}
Example
// Check session before executing
const sessionData = await sdk.sessions.getSessionData({
walletAddress: wallet.publicKey,
sessionPublicKey: session.publicKey,
});
if (!sessionData.isActive) {
console.log("Session expired or revoked - need to create new session");
return;
}
if (sessionData.remainingCalls < 5) {
console.log(`Warning: Only ${sessionData.remainingCalls} calls remaining`);
}
// Safe to proceed with transaction
await sdk.executeTransactionWithSession({ ... });
Use getSessionData() to check remaining calls before batch operations.
Error Handling
All session methods throw ChipiSessionError for session-specific failures:
import { ChipiSessionError } from "@chipi-stack/backend";
try {
await sdk.sessions.addSessionKeyToContract({ ... }, bearerToken);
} catch (error) {
if (error instanceof ChipiSessionError) {
switch (error.code) {
case "INVALID_WALLET_TYPE_FOR_SESSION":
console.error("Session keys only work with CHIPI wallets");
break;
case "SESSION_EXPIRED":
console.error("Session has expired");
break;
case "SESSION_DECRYPTION_FAILED":
console.error("Invalid PIN - could not decrypt session key");
break;
default:
console.error("Session error:", error.message);
}
}
throw error;
}
Error Codes
| Code | Description |
|---|
INVALID_WALLET_TYPE_FOR_SESSION | Wallet is not a CHIPI wallet |
SESSION_EXPIRED | Session validUntil has passed |
SESSION_NOT_REGISTERED | Session not found on contract |
SESSION_REVOKED | Session was explicitly revoked |
SESSION_MAX_CALLS_EXCEEDED | No remaining calls |
SESSION_ENTRYPOINT_NOT_ALLOWED | Called function not in whitelist |
SESSION_DECRYPTION_FAILED | Invalid PIN for decryption |
SESSION_CREATION_FAILED | Failed to generate keypair |
Related
