Access Keys
In all blockchains, users control their accounts by holding a private key
(a secret only they know) and using it to sign transactions.
NEAR accounts present the unique feature of being able to hold multiple Access Keys, each with its own set of permissions. We distinguish two types of Keys:
Full-Access Keys
: Have full control over the account, and should never be sharedFunction-Call Keys
: Can only sign calls for specific contracts, and are meant to be shared
Full-Access Keysโ
As the name suggests, Full-Access
keys have full control of an account, meaning they can be used to sign transactions doing any action in your account's behalf:
- Transfer NEAR โ
- Delete your account or create sub-accounts of it
- Add or remove Access Keys
- Deploy a smart contract in the account
- Call methods on any contract
You should never share your Full-Access
, otherwise you are giving total control over the account.
Implicit accounts already have a Full-Access Key
by default, while for named accounts
their first Full-Access Key
is added on creation
Function-Call Keysโ
Function-Call
keys can only sign transactions calling a specific contract, and do not allow to attach NEAR tokens to the call.
They are defined by three attributes:
receiver_id
: The only contract which the key allows to call, no other contract can be called with this keymethod_names
(Optional): The contract's methods the key allows to call. If omitted, all contract's methods can be calledallowance
(Optional): The amount of NEAR allowed to be spent on gas. If omitted, the key can consume unlimited gas
Function Call Keys
are meant to be shared with applications, so third-parties can make contract calls in your name. This is useful in multiple scenarios as we will see below.
Function-Call
keys are secure to share, as they only permit calls to a specific contract and prohibit NEAR token transfers
Benefits of Function-Call Keysโ
Function Call Keys
allows you to provide restricted access to third parties. This key type, unique to NEAR, enables several use-cases worth discussing.
Enhancing User Experienceโ
The most common use case for Function-Call
keys is to allow an application to sign transactions on the user's behalf.
Imagine you are developing a game that records the user's score on a smart contract. On other chains, you would have to disrupt the user's experience to request transaction signatures each time the game needs to update the score.
With NEAR, you can request the user to generate a Function-Call
key for the game's contract and share it with the game. This way, the game can sign transactions in the user's name, eliminating gameplay interruptions.
Sharing this key is safe for the user, because even in the case of somebody stealing it, they would only be able to call the score-keeping method, and nothing else.
Simple Onboardingโ
Another common use-case of Function-Call
keys is to simplify the onboarding process for new users.
It works as follows:
-
Create a contract that has a method called
create_account
- This method should only be callable by the contract itself and
- When executed, the method should create a new account and transfer some tokens to it
-
Add multiple
Function Call Keys
in the contract's account, that only allow to callcreate_account
-
Give these keys to your friends! They will be able to call the method, and easily create an account with some tokens
Your main account and your funds will never be at risk, as the keys can only be used to call the create_account
method.
This is the basic principle behind NEAR Drops, a way to distribute assets to a large number of users
Key Rotation and Recoveryโ
The presence of multiple keys allows for easy rotation and recovery. If you suspect a key might be compromised, you can promptly remove it or replace it with a new one, similar to changing your password on a website.
You can also establish a key-recovery contract in your account and generate a "recovery key" for a trusted party. This key would only be used to initiate the recovery process.
In case of necessity, the trusted party can trigger the recovery process, assisting in the creation of a new full-access key for you.
Locked Accountsโ
If you remove all keys from an account, then the account will become locked, meaning that no external actor can perform transactions in the account's name.
In practice, this means that only the account's smart contract can transfer assets, create sub-accounts, or update its code.
Locking an account is very useful when one wants to deploy a contract, and let the community be assured that only the contract is in control of the account.
An account could still add keys to itself through a smart contract, effectively allowing the contract to unlock the account. Notice that this can only be done if the contract is deployed before the account is locked