​

Configuring server sessions

At a high-level, setting up server sessions for your app involves three steps:

​

Enable server sessions

To enable server sessions for your app, visit the Privy Dashboard and navigate to the User management > Authentication page for your app.

Select the Advanced tab and toggle the Delegated actions setting to enable server sessions for your app.

​

Generate an authorization key

Once you’ve enabled delegated actions, you can further secure your integration by generating an authorization key that is required to sign requests.

To generate an authorization key, under the toggle to enable delegated actions, enable the Require signed requests setting. A modal will appear with a Signing key to copy. Copy this value and save it securely in a secrets manager or similar.

With this setting enabled, all requests to take delegated actions with user’s wallet must be signed with your Signing key. This ensures that Privy only ever executes requests sent by your server.

Privy never sees this private key and cannot help you recover it.

​

Configuring permissions

To configure permissions to control what kinds of actions your app can take with server session provisioned wallets, you can set up new policies for your server session key in your Privy dashboard under Wallet infrastructure > Policies.

​

Provisioning server sessions

To use server sessions, your user must first grant consent for your app to take certain actions on their behalf. To have users grant consent, follow the guides below depending on the client-side SDK(s) you integrate.