Skip to content

KeyAuthorization.getSignPayload

Computes the sign payload for an KeyAuthorization.KeyAuthorization.

The root key must sign this payload to authorize the access key. The resulting signature is attached to the key authorization via KeyAuthorization.from with the signature option.

Access Keys Specification

Imports

Named
import { KeyAuthorization } from 'ox/tempo'

Examples

import { Address, Secp256k1, Value } from 'ox'
import { KeyAuthorization } from 'ox/tempo'
 
const privateKey = '0x...'
const address = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey }))
 
const authorization = KeyAuthorization.from({
  address,
  chainId: 4217n,
  expiry: 1234567890,
  type: 'secp256k1',
  limits: [{
    token: '0x20c0000000000000000000000000000000000001',
    limit: Value.from('10', 6),
  }],
})
 
const payload = KeyAuthorization.getSignPayload(authorization)

Definition

function getSignPayload(
  authorization: KeyAuthorization.KeyAuthorization,
): Hex.Hex

Source: src/tempo/KeyAuthorization.ts

Parameters

authorization

  • Type: KeyAuthorization.KeyAuthorization

The KeyAuthorization.KeyAuthorization.

authorization.account

  • Type: addressType

Account address this authorization is bound to.

authorization.address

  • Type: addressType

Address derived from the public key of the key type.

authorization.chainId

  • Type: bigintType

Chain ID for replay protection.

authorization.expiry

  • Type: numberType
  • Optional

Unix timestamp when key expires (undefined = never expires).

authorization.isAdmin

  • Type: boolean

Whether this authorization provisions an admin access key.

authorization.limits

  • Type: readonly TokenLimit[]
  • Optional

TIP20 spending limits for this key.

authorization.scopes

  • Type: readonly Scope[]
  • Optional

Call scopes restricting which contracts/selectors this key can call.

  • undefined = unrestricted key (any call allowed)
  • [] = scoped mode with no calls allowed
  • [...] = only listed contract+selector combinations allowed

authorization.signature

  • Type: SignatureEnvelope
  • Optional

authorization.type

  • Type: "secp256k1" | "p256" | "webAuthn"

Key type. (secp256k1, P256, WebAuthn).

authorization.witness

  • Type: 0x${string}
  • Optional

Optional 32-byte witness bound into the signing hash.

Applications use this to bind a single signature to an arbitrary offchain context (e.g. a server-issued challenge), or as a revocation handle that can be burned onchain to invalidate the authorization before submission.

TIP-1053 Specification

Return Type

The sign payload.

Hex.Hex