This page is only for apps using on-device wallet execution. If you created your application after May 2025, follow the steps in the session signers overview instead. If your app is currently using on-device wallet execution, we strongly recommend migrating to TEE wallet execution by following this migration guide.
At a high-level, setting up session signers for your app involves three steps:
1

Enable session signers

Enable session signers within the Privy Dashboard to allow your app to request permission from users to transact on their behalf.
2

Require signed requests and get a signing key

(Optional, but strongly recommended) Within the Privy Dashboard, when enabling session signers, generate a signing key to ensure that actions with user’s wallets are only taken with requests signed by your app’s servers.
3

Prompt users to grant consent

Within your client (web or native mobile app), prompt the user to provision a session signer for their wallet.

Enable session signers

To enable session signers for your app, visit the Privy Dashboard and navigate to the User management > Authentication page for your app. Select the Advanced tab and toggle the Server-side access setting to enable session signers for your app.

Require signed requests and get a signing key

Once you’ve enabled session signers, you can further secure your integration by generating a signing key that is required to sign requests. To generate a signing key, under the toggle to enable session signers, enable the Require signed requests setting. A modal will appear with a Signing key to copy. Copy this value and save it securely in a secrets manager or similar. With this setting enabled, all requests to transact on the users wallet must be signed with your Signing key. This ensures that Privy only ever executes requests sent by your server. Privy never sees this private key and cannot help you recover it.
The authorization key is the private key of a P-256 keypair. Privy never sees the private key, and verifies signatures on your requests against the corresponding public key to ensure your server authorizes the action to take with a user’s delegated wallet.

Configuring permissions

To configure permissions to control what kinds of actions your session signer can take on provisioned wallets, you can set up new policies for your session signing key in your Privy dashboard under Wallet infrastructure > Policies.

Provisioning session signers

To use session signers, your user must first grant consent for your app to take certain actions on their behalf. To have users grant consent, follow the guides below depending on the client-side SDK(s) you integrate.