Session Signatures
Session signatures allow traders to interact with Odyssey without signing messages in their wallet for every interaction.
Signing messages for every trade, transfer, and withdrawal makes the experience of using most DEXs much worse than using centralized equivalents. To solve this problem, Odyssey has introduced session signatures, which allow a user to grant their browser or device access to their account for a fixed period.
Session signatures are implemented when interacting with Odyssey via Hook's site (see Official Links for a list of official frontends). Developers can also utilize session signatures if it is helpful for their use case.
When to use session signatures
You're operating a trading bot, but do not have secure secret storage or the ability to quickly sign messages with your keys.
You expect traders to interact with your app
Multiple bots to need access to a shared account, with the ability to soft-revoke that access.
What actions on Hook can be signed by a session signature
Transferring collateral between margin accounts
Placing market & limit orders
Changing subaccount margin mode
Requesting deposits and withdrawals from Hook's Perps Liquidity Pools.
What actions require signatures from the account owner's wallet
Withdrawals from the protocol
Ragequitting a Perp Liquidity Pool
Using Session Signatures
To use a session signature, a payload must be signed and then delivered.
The payload has several key inputs:
signer
is the public key of the delegated wallet to sign messges.authorizor
is the public key of the account owner.expiration
is the UNIX timestamp when this session signature expireschainId
is the chain used by the wallet signing the signature (in the EIP-712 Header)
The first 3 of these parameters must be hashed and signed into an EIP-712 payload, which is passed to the API. The EIP712 typehash is SigningKey(address signer,address authorizer,uint256 validUntil)
After this payload is signed by the authorizor
private key, it can be submitted to the GraphQL api.
The following API endpoints are used to create and revoke Session Signatures (f.k.a signing keys):
First, call registerSigningKey
with the signingKey input created above and the string-encoded signature.
This mutation returns an ID if the signing key is accepted. This ID can be used in future requests where the signing key is used as a signer.
Other signed mutations include a parameter for a Signature.
when using a Signing key, fill the signature struct as follows:
Signing without session signatures
If your use-case doesn't need a signing key, you may populate the SignatureInput
as follows:
Last updated