> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getpara.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sign Authorization (EIP-7702)

> Signs an EIP-7702 authorization for account delegation. Only supported for
EVM wallets.

EIP-7702 allows an EOA to delegate execution to a smart contract address
for a single transaction, enabling features like gas sponsorship and
batched calls without migrating to a new contract wallet address. This is
used by account abstraction providers such as ZeroDev, Alchemy, Pimlico,
and others operating in 7702 mode.

The endpoint computes the authorization hash per EIP-7702
(`keccak256(0x05 || rlp([chainId, address, nonce]))`), signs it via MPC,
and returns the decomposed signature with `yParity` (0 or 1) — not
the legacy `v` (27/28) used by other signing endpoints.

Both `address` and `contractAddress` are accepted in the request body as
the delegation target. This matches viem's `signAuthorization` API.




## OpenAPI

````yaml /openapi.yaml post /v1/wallets/{walletId}/sign-authorization
openapi: 3.0.3
info:
  title: Para REST API
  version: '1.0'
  description: Server-to-server wallet creation and signing over HTTP
servers:
  - url: https://api.beta.getpara.com
    description: Beta
  - url: https://api.getpara.com
    description: Production
security:
  - ApiKeyAuth: []
paths:
  /v1/wallets/{walletId}/sign-authorization:
    post:
      tags:
        - Signing
      summary: Sign Authorization (EIP-7702)
      description: >
        Signs an EIP-7702 authorization for account delegation. Only supported
        for

        EVM wallets.


        EIP-7702 allows an EOA to delegate execution to a smart contract address

        for a single transaction, enabling features like gas sponsorship and

        batched calls without migrating to a new contract wallet address. This
        is

        used by account abstraction providers such as ZeroDev, Alchemy, Pimlico,

        and others operating in 7702 mode.


        The endpoint computes the authorization hash per EIP-7702

        (`keccak256(0x05 || rlp([chainId, address, nonce]))`), signs it via MPC,

        and returns the decomposed signature with `yParity` (0 or 1) — not

        the legacy `v` (27/28) used by other signing endpoints.


        Both `address` and `contractAddress` are accepted in the request body as

        the delegation target. This matches viem's `signAuthorization` API.
      operationId: signAuthorization
      parameters:
        - $ref: '#/components/parameters/WalletId'
        - $ref: '#/components/parameters/RequestId'
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignAuthorizationRequest'
      responses:
        '200':
          description: Signed authorization
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignAuthorizationResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          $ref: '#/components/responses/IdempotencyConflict'
        '422':
          $ref: '#/components/responses/Unprocessable'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/ServerError'
components:
  parameters:
    WalletId:
      name: walletId
      in: path
      required: true
      description: Wallet ID
      schema:
        type: string
        example: 0a1b2c3d-4e5f-6789-abcd-ef0123456789
    RequestId:
      name: X-Request-Id
      in: header
      required: false
      description: UUID for request tracing. Para returns one if omitted.
      schema:
        type: string
        format: uuid
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: >
        Unique key for safe retries on POST endpoints. If a request with the
        same key

        is received within 24 hours, the original response is returned without
        re-executing.

        Recommended format: UUID v4. Max length 256 characters.

        Returns 422 if the same key is reused with a different request body.

        Returns 409 if a request with the same key is still being processed.
      schema:
        type: string
        maxLength: 256
  schemas:
    SignAuthorizationRequest:
      type: object
      required:
        - authorization
      properties:
        authorization:
          type: object
          required:
            - chainId
            - nonce
          properties:
            address:
              type: string
              description: >-
                Contract address to delegate execution to. Mutually exclusive
                with `contractAddress`.
              example: '0x1234567890abcdef1234567890abcdef12345678'
            contractAddress:
              type: string
              description: >-
                Alias for `address` (matches viem's API). Mutually exclusive
                with `address`.
              example: '0x1234567890abcdef1234567890abcdef12345678'
            chainId:
              type: integer
              minimum: 0
              description: >-
                Chain ID for the authorization. Use 0 for chain-agnostic
                authorizations.
              example: 1
            nonce:
              type: integer
              minimum: 0
              description: Account nonce for the authorization.
              example: 0
    SignAuthorizationResponse:
      type: object
      required:
        - address
        - chainId
        - nonce
        - r
        - s
        - yParity
        - signature
      properties:
        address:
          type: string
          description: Contract address the authorization delegates to.
          example: '0x1234567890abcdef1234567890abcdef12345678'
        chainId:
          type: integer
          description: Chain ID from the authorization.
          example: 1
        nonce:
          type: integer
          description: Nonce from the authorization.
          example: 0
        r:
          type: string
          description: ECDSA signature r component (hex with 0x prefix).
          example: 0xa1b2c3...
        s:
          type: string
          description: ECDSA signature s component (hex with 0x prefix).
          example: 0xd4e5f6...
        yParity:
          type: integer
          enum:
            - 0
            - 1
          description: >-
            EIP-7702 parity bit (0 or 1). Unlike other signing endpoints that
            return v (27/28), this uses yParity per the EIP-7702 spec.
          example: 0
        signature:
          type: string
          description: Raw hex-encoded 65-byte signature without `0x` prefix (r + s + v).
          example: a1b2c3d4e5f6...
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Machine-readable error code for programmatic handling
          example: INVALID_REQUEST
        message:
          type: string
          description: Human-readable error message
        transactionId:
          type: string
          format: uuid
          description: >-
            Persisted transaction record id. Present only when a broadcast
            request failed after a history row was created.
        failureStage:
          type: string
          enum:
            - mpc_sign
            - signature_apply
            - signer_verify
            - broadcast
            - monitor_timeout
          description: >-
            Which stage of the broadcast lifecycle failed. Present on persisted
            broadcast failures.
        failureCode:
          type: string
          description: >-
            Machine-readable failure reason from the underlying broadcast helper
            (e.g. `INSUFFICIENT_NATIVE_BALANCE`, `EXECUTION_FAILED`). Present on
            broadcast-stage failures.
        signedTransaction:
          type: string
          description: >-
            Signed transaction bytes. Present on broadcast failures that happen
            after signing completed.
      additionalProperties: true
      description: >
        All error responses include `code` and `message` fields. Some errors
        include extra fields (e.g. `walletId` on 409 Conflict).

        Broadcast failures that occur after a persisted transaction row is
        created include `transactionId`,

        `failureStage`, and (on broadcast-stage failures) `failureCode`, and
        also set the `x-transaction-id`

        response header. If signing completed before the failure,
        `signedTransaction` is included so callers

        can inspect or retry the already-signed bytes.


        Common error codes: `INVALID_REQUEST`, `UNAUTHORIZED`, `FORBIDDEN`,
        `NOT_FOUND`, `CONFLICT`, `WALLET_ALREADY_EXISTS`,
        `WALLET_ALREADY_CLAIMED`, `RATE_LIMITED`, `INTERNAL_ERROR`.
  responses:
    BadRequest:
      description: Invalid request body
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: INVALID_REQUEST
            message: type must be one of EVM, SOLANA, COSMOS, STELLAR
    Unauthorized:
      description: API key not provided
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: UNAUTHORIZED
            message: secret api key not provided
    Forbidden:
      description: Invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: FORBIDDEN
            message: invalid secret api key
    NotFound:
      description: Wallet not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: NOT_FOUND
            message: wallet not found
    IdempotencyConflict:
      description: A request with this idempotency key is currently being processed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: CONFLICT
            message: A request with this idempotency key is currently being processed
    Unprocessable:
      description: Idempotency key reused with a different request body
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: UNPROCESSABLE
            message: >-
              Idempotency key has already been used with different request
              parameters
    TooManyRequests:
      description: Rate limit exceeded
      headers:
        Retry-After:
          schema:
            type: integer
          description: Seconds until the rate limit window resets
          example: 60
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: RATE_LIMITED
            message: Rate limit exceeded, try again shortly.
    ServerError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: INTERNAL_ERROR
            message: Internal Server Error
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: Your partner secret key (server-side only)
      x-default: sk_your_secret_key_here

````