The Account Keychain is a protocol-level precompile at 0xAAAAAAAA00000000000000000000000000000000 that lets an account's root key provision access keys with spending limits, expiry times, and signature type constraints. It extends standard EOAs with scoped delegation, without converting them into smart contract wallets.
How it works
Every Tempo account starts as a standard EOA controlled by a single root key. Through the Account Keychain, the root key can authorize additional keys with three constraints:
- Signature type: restricts the key to secp256k1, P256, or WebAuthn
- Expiry: a Unix timestamp after which the key stops working, checked during transaction validation
- Per-token spending limits: caps on how much the key can directly transfer for each TIP-20 token
Access keys sign transactions with a special format: 0x03 + 20-byte user address + inner signature. The protocol resolves the account, checks the key's constraints, and accepts or rejects the transaction before EVM execution.
What access keys can do
Access keys can send TIP-20 transfers (up to their spending limit), call smart contracts, and sign any transaction that doesn't modify the keychain itself. They cannot authorize new keys, revoke keys, or change their own limits. Only the root key can do that.
Spending limits apply to direct calls: transfer(), transferWithMemo(), approve(), and startReward() where msg.sender == tx.origin. Contract-internal token movements and transferFrom() are not counted against the limit.
Revocation
Revoking a key is immediate and permanent. Once revoked, a key ID can never be reused for that account. This prevents replay attacks where a previously-valid signature is resubmitted after a key is re-authorized.
Common use cases
Session keys. A passkey authenticates once, then provisions a browser-local session key that can spend up to $1,000 for 24 hours without further biometric prompts.
Delegated payment agents. A backend service gets an access key with a daily budget and can process payments autonomously within that scope.
Scoped API access. Different keys for different services, each limited to specific tokens and amounts.
Not a smart contract wallet
The Account Keychain is a precompile, not a contract. Accounts remain standard EOAs. They work with every protocol and tool that expects EOA addresses. This is different from EIP-4337 smart contract wallets, which are contract accounts and may not be compatible with all protocols.
The tradeoff: the keychain offers a fixed set of constraints (signature type, expiry, spending limits). You can't implement arbitrary access control logic like "only allow transfers to whitelisted addresses." For most payment use cases, the fixed model is sufficient.
Related content
- How to Use Access Keys and Session Keys on Tempo: authorize, revoke, and query access keys
- How Do Passkeys Work on Tempo?: combine passkeys with session keys
- Transfa Data API reference: query access key state via the
/accounts/{address}/access-keysendpoints