> ## Documentation Index
> Fetch the complete documentation index at: https://v3.docs.derive.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Register a scoped session key

> Authorizes a new session key for a wallet from a signed action, granting it a set of on-chain (protocol) scopes and off-chain scopes with an expiry, an optional label, an optional IP allowlist, and an optional list of subaccounts it may act on (defaults to all of the wallet's subaccounts). Send the signed action fields (nonce, signer, signature, signature expiry, and module) alongside the requested scopes; the endpoint returns the registered key's public address and its granted scopes, expiry, allowlist, label, and subaccounts.



## OpenAPI

````yaml /openapi.json post /private/create_session_key
openapi: 3.1.0
info:
  title: Derive v3 API
  version: 0.2.0
  description: JSON-RPC 2.0 methods, served over WebSocket and HTTP POST.
servers:
  - url: https://api.derive.xyz/v3
    description: Production (HTTP POST base)
  - url: https://testnet.api.derive.xyz/v3
    description: Testnet (HTTP POST base)
security: []
tags:
  - name: Subaccounts
    description: >-
      List, inspect, and label subaccounts, portfolios, positions, and
      collateral.
  - name: Session Keys
    description: Register, edit, and list delegated signing keys.
  - name: Account
    description: Wallet-level account information and settings.
  - name: Orderbook
    description: Place, replace, cancel, and query orders, trigger orders, and algos.
  - name: RFQ
    description: 'Request-for-quote: send RFQs, quote, and execute block trades.'
  - name: Vault Shareholders
    description: >-
      Deposit into and withdraw from vaults, and track shares, requests, and
      performance.
  - name: Vault Curators
    description: >-
      Create and operate curated vaults: settle deposit and withdrawal requests,
      and manage vault metadata.
  - name: History
    description: >-
      Per-account historical records: orders, trades, transfers, and
      settlements.
  - name: Market Maker Protection
    description: Configure, read, and reset market-maker protection.
  - name: Transfers & Withdrawals
    description: Move collateral between subaccounts, to other wallets, and on-chain.
  - name: System
    description: Rate limits and transaction lookups.
  - name: Market Data
    description: Instruments, currencies, tickers, and market-wide feeds.
  - name: Referrals
    description: Referral codes and program performance.
  - name: Other
    description: Uncategorized.
paths:
  /private/create_session_key:
    post:
      tags:
        - Session Keys
      summary: Register a scoped session key
      description: >-
        Authorizes a new session key for a wallet from a signed action, granting
        it a set of on-chain (protocol) scopes and off-chain scopes with an
        expiry, an optional label, an optional IP allowlist, and an optional
        list of subaccounts it may act on (defaults to all of the wallet's
        subaccounts). Send the signed action fields (nonce, signer, signature,
        signature expiry, and module) alongside the requested scopes; the
        endpoint returns the registered key's public address and its granted
        scopes, expiry, allowlist, label, and subaccounts.
      operationId: private_create_session_key
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateSessionKeyRequest'
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PrivateCreateSessionKeyResponse'
        default:
          description: JSON-RPC error (see Error Codes)
components:
  schemas:
    CreateSessionKeyRequest:
      description: >-
        Request parameters for registering a scoped session key. Address fields
        are 0x-prefixed hex strings.
      type: object
      required:
        - expiry_sec
        - nonce
        - offchain_scopes
        - protocol_scopes
        - public_session_key
        - signature
        - signature_expiry_sec
        - signer
        - wallet
      properties:
        expiry_sec:
          type: integer
          format: uint64
          minimum: 0
        ip_whitelist:
          type:
            - array
            - 'null'
          items:
            type: string
        label:
          type:
            - string
            - 'null'
        nonce:
          type: string
        offchain_scopes:
          description: Off-chain scopes which are validated in backend only
          type: array
          items:
            type: string
        protocol_scopes:
          description: >-
            Scopes granted to the session key, validated by the protocol. Each
            is a string like `"trade:orderbook:all"`.
          type: array
          items:
            type: string
        public_session_key:
          description: Session key address being authorized.
          type: string
        signature:
          description: 0x-prefixed hex, 65-byte r||s||v.
          type: string
        signature_expiry_sec:
          type: integer
          format: uint64
          minimum: 0
        signer:
          type: string
        subaccount_ids:
          type:
            - array
            - 'null'
          items:
            type: integer
            format: uint64
            minimum: 0
        wallet:
          description: Wallet the session key is being registered for.
          type: string
    PrivateCreateSessionKeyResponse:
      type: object
      required:
        - expiry_sec
        - ip_whitelist
        - offchain_scopes
        - protocol_scopes
        - public_session_key
        - subaccount_ids
      properties:
        expiry_sec:
          type: integer
          format: uint64
          minimum: 0
        ip_whitelist:
          type: array
          items:
            type: string
        label:
          type:
            - string
            - 'null'
        offchain_scopes:
          type: array
          items:
            type: string
        protocol_scopes:
          type: array
          items:
            type: string
        public_session_key:
          type: string
        subaccount_ids:
          description: >-
            Subaccounts the key may act on. Empty/omitted request (all
            subaccounts) is expanded to the wallet's current subaccount list.
          type: array
          items:
            type: integer
            format: uint64
            minimum: 0

````

## Related topics

- [Migration skill for your coding agent](/migrating/breaking-changes.md)
- [Session Keys](/authentication/session-keys.md)
- [Edit a session key's off-chain settings](/api-reference/session-keys/edit-a-session-keys-off-chain-settings.md)
