Skip to main content
Intention asks your wallet for a single session-scoped signature the first time you open the trading app. This page explains what that signature means, what it does not mean, and how to control it.

Why a session signature exists

A perpetuals trader places a large number of orders per minute. Asking the wallet to pop up a confirmation dialog for every order would be unusable. Instead, Intention’s app requests one typed-data signature up front that binds a short-lived trading key to your account. The app then uses the short-lived key to sign individual order messages locally, without bothering the wallet again, until the session expires.

What the session signature grants

  • The ability for the app to submit trading actions on your behalf, using a derived key that is scoped to a specific account, a specific expiry, and a specific set of action types (place order, cancel, modify, and similar).
  • Nothing more. The signature is not a blanket approval and is not a token allowance.

What it does NOT grant

  • It does not move funds out of your account. Withdrawals to an external chain require a separate, explicit signature each time.
  • It does not change your account’s security settings. It cannot add a new signer, rotate keys, or delegate authority beyond the scoped action set.
  • It does not persist past its expiry. Once the session deadline is reached, the derived key is invalid on-chain and the app will ask for a fresh signature.

How to inspect a signature request

Every modern wallet shows the typed-data payload before you sign. Read it. The payload that Intention requests will name the account you are authorizing, the expiry timestamp, and the domain intention.xyz. If a signature request claims to come from Intention but shows a different domain, a different account, or an expiry far in the future, reject it and report the page that asked for it to security@intention.xyz.
Never approve a typed-data signature that you cannot read and understand. “Just sign this to verify your wallet” is the most common phishing pattern in the entire industry. Intention will never ask you to sign a vague “verification” message.

Revoking a session

You can end a session in three ways.
  1. From inside the app. Open the account menu and choose the option to disconnect or to revoke the active session. The app will discard the short-lived key on your device and the session key will stop being accepted on-chain as soon as the revocation is observed.
  2. From your wallet. Disconnect the site in the wallet’s connected-sites list. The app will no longer be able to request a fresh signature on your next visit.
  3. By waiting. Sessions have a finite expiry. Once it passes, the key becomes useless regardless of whether you did anything else.

What happens when the session expires

Pending unfilled orders placed under the expired session remain valid on the book — they were signed while the session was live and the protocol has already recorded them. New orders will fail until you sign a fresh session. This is deliberate: expiry cannot retroactively cancel work that was already committed.