POST /sessions
Create a short-lived session token bound to a wallet address and scoped to a set of capabilities. This endpoint requires an API key and is intended for server-side use only.
Request
POST https://api.aerosol.com/api/v1/burner/sessionsHeaders
| Header | Required | Description |
|---|---|---|
X-Api-Key | Yes | Your API key (ak_live_...) |
Content-Type | Yes | application/json |
Body
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
walletAddress | string | Yes | — | Solana wallet address to bind the session to |
scopes | string[] | No | All scopes | Array of scope strings |
ttlSeconds | number | No | 300 | Token lifetime in seconds (max 3600) |
Example request
curl -X POST https://api.aerosol.com/api/v1/burner/sessions \
-H "X-Api-Key: ak_live_abc123" \
-H "Content-Type: application/json" \
-d '{
"walletAddress": "DRpbCBMxVnDK7maPM5tGv6MvB3v1sRMC86PZ8okm21hy",
"scopes": ["wallet:read", "transactions:build", "transactions:submit"],
"ttlSeconds": 600
}'Response
200 OK
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresAt": "2026-04-09T12:10:00.000Z",
"scopes": ["wallet:read", "transactions:build", "transactions:submit"]
}| Field | Type | Description |
|---|---|---|
token | string | The session token. Pass to BurnerClient via sessionToken or send as Authorization: Bearer <token>. |
expiresAt | string | ISO 8601 timestamp when the token expires. |
scopes | string[] | The scopes granted to this session. |
Error responses
| Status | Cause |
|---|---|
| 400 | Missing walletAddress, invalid scope string, or ttlSeconds out of range |
| 401 | Invalid or revoked API key |
| 429 | Rate limit exceeded |
SDK example
import { BurnerClient, SessionScope } from '@burnandclaim/sdk'
const server = new BurnerClient({
apiKey: process.env.BURNER_API_KEY,
})
const session = await server.createSession({
walletAddress: 'DRpbCBMxVnDK7maPM5tGv6MvB3v1sRMC86PZ8okm21hy',
scopes: [SessionScope.WalletRead, SessionScope.TransactionsBuild],
ttlSeconds: 600,
})Last updated on