Tutorial: Building a Session Key

In this tutorial, we will enable a "One-Click Trading" mode for a DEX.

Goal: Allow a temporary key to swap on Uniswap, but limiting volume to 1000 USDC.

Treat sessions like ephemeral permissions

Set short expiries and tight scopes so keys expire quickly if leaked.

Step 1: Write the Session Policy

session.matador:

    import "abis/UniswapRouter.json" as Uniswap;

    permission SessionKeyGuard -> 1.0.0 {
        parameters: {
            sessionKey: address,
            router: address,
            maxAmountIn: uint256
        }

        fn main() -> bool {
            if (context.caller != parameters.sessionKey) {
                return false;
            }

            if (context.target != parameters.router) {
                return false;
            }

            if (context.selector == Uniswap.exactInputSingle) {
                return Uniswap.exactInputSingle.params.amountIn == parameters.maxAmountIn;
            }

            return false;
        }
    }

Step 2: Compile

matador compile session.matador --out ./out

Step 3: Install on Account

The user approves the session by installing the policy on their Smart Account.

// Frontend Code
const sessionKey = generatePrivateKey(); // Created in browser memory
const policyBytecode = await compilePolicy(sessionKey.address);

// User signs this once
await kernelClient.installPolicy(policyBytecode);

Step 4: Execute

The user clicks "Swap".

No Popup: The browser signs the tx with sessionKey.
Matador: Verifies key, time, and volume. Approved.

Result

A Web2-like experience with Web3 self-custody.

Tutorial - Real-World Integration