Access Keys
In most blockchains, users control their accounts by holding a singleprivate key (a secret only they know) and using it to sign transactions.

Full-Access Keys: Have full control over the account, and should never be sharedFunction-Call Keys: Can only sign calls for specific contracts, and are meant to be shared
Function-Call Keys
Function-Call keys can only sign transactions calling a specific contract, and do not allow to attach NEAR tokens to the call.
They are defined by three attributes:
receiver_id: The only contract which the key allows to call, no other contract can be called with this keymethod_names(Optional): The contract’s methods the key allows to call. If omitted, all contract’s methods can be calledallowance(Optional): The amount of NEAR allowed to be spent on gas. If omitted, the key can consume unlimited gas
Function Call Keys are meant to be shared with applications, so third-parties can make contract calls in your name. This is useful in multiple scenarios as we will see below.
Full-Access Keys
As the name suggests,Full-Access keys have full control of an account, meaning they can be used to sign transactions doing any action in your account’s behalf:
- Transfer NEAR Ⓝ
- Delete your account or create sub-accounts of it
- Add or remove Access Keys
- Deploy a smart contract in the account
- Call methods on any contract
Full-Access, otherwise you are giving total control over the account.
Gas Keys
Gas keys (NEP-611) are access keys designed for sending many transactions in parallel. They were introduced in nearcore 2.13 (protocol version 86) and differ from regular access keys in two ways:- Prepaid gas balance: a gas key holds its own NEAR balance, and transactions signed with it pay gas from that balance instead of the account’s main balance
- Parallel nonces: a gas key has up to 1,024 independent nonces (called nonce lanes), so many transactions can be in flight at once without nonce collisions
FullAccess or FunctionCall permission, with one restriction: a function-call gas key cannot set an allowance — its prepaid balance already serves as the gas budget.
This makes gas keys ideal for programmatic senders — relayers, bots, exchanges, or a fleet of agents operating one account — which previously had to juggle many separate access keys just to avoid nonce collisions, and risked draining the account’s main balance on gas.
Lifecycle of a Gas Key
A gas key is managed with the same actions as any other key, plus two new actions to move NEAR in and out of its balance:- Create: an
AddKeyaction with a gas-key permission creates the key, specifying its number of nonces (num_nonces, between 1 and 1,024). The key is always created with zero balance - Fund: a
TransferToGasKeyaction moves NEAR from the account’s balance into the gas key’s balance. It can be used repeatedly to top up the key - Use: transactions signed with the gas key specify a
nonce_indexselecting which nonce lane to use, and consume gas from the key’s balance - Withdraw: a
WithdrawFromGasKeyaction moves NEAR from the key’s balance back to the account. Only the account itself can withdraw - Delete: a
DeleteKeyaction removes the key. Any remaining balance is burned, so the action fails if the key holds more than 1 NEAR — withdraw first, then delete
How Gas Keys Pay for Transactions
When a transaction is signed with a gas key:- The gas costs (both burned gas and gas prepaid for function calls) are charged to the gas key’s balance
- Any attached NEAR (deposits, transfers) is still paid from the account’s main balance
- Gas refunds for unspent gas return to the gas key’s balance, so the key sustains itself between top-ups, while balance refunds go to the account
Using Nonce Lanes
Each of the key’snum_nonces lanes keeps its own independent nonce. A transaction signed with a gas key picks a lane through a nonce_index field (from 0 to num_nonces - 1), and only that lane’s nonce advances. Two transactions on different lanes can never conflict, so a sender can run one lane per worker and submit transactions concurrently — with a single key to manage.
You can inspect a gas key’s lanes with the view_gas_key_nonces RPC query, and gas keys appear in view_access_key with their balance and num_nonces.
Tooling supportYou can create and manage gas keys with the NEAR CLI (
near account add-key ... grant-gas-key-full-access, fund-gas-key, withdraw-from-gas-key, view-gas-key-nonces) and from your app with the near-kit (TypeScript) and near-kit-rs (Rust) libraries — both cover creating, funding, withdrawing, signing on a nonce lane, and reading a key’s lanes via view_gas_key_nonces. Contracts can also add and fund gas keys through batch-promise host functions — though only the account’s own transactions can withdraw from one.DelegateV2 action lets a user sign a delegate action on a gas key’s nonce lane, enabling relayers to sponsor gas end to end.
Signature Schemes
Independently of its permission level, every access key is a cryptographic key pair belonging to one of NEAR’s supported signature schemes. A public key is written as<scheme>:<base58-data>, where the prefix identifies the scheme — for example ed25519:CQLP1o1F3Jbdttek3GoRJYhzfT....
ed25519 is the default scheme, used by most wallets and tooling and by NEAR implicit accounts. secp256k1 is used mainly for chain signatures and Ethereum-compatible flows. A single account can hold keys from different schemes at the same time.
Post-Quantum Keys (ML-DSA-65)
ml-dsa-65 is a post-quantum signature scheme, standardized by NIST as FIPS 204 (Module-Lattice-Based Digital Signature Algorithm, security category 3). Unlike ed25519 and secp256k1 — whose security a large enough quantum computer could break — ml-dsa-65 is designed to stay secure against quantum attacks, so an account protected by an ml-dsa-65 key cannot be taken over by forging its signature.
You add and use an ml-dsa-65 key exactly like any other key: it can be a full-access or a function-call key, and it signs transactions the same way.
Post-quantum keys are stored by hashAn
ml-dsa-65 public key is large — 1952 bytes, versus 32 for ed25519 — and its signatures are 3309 bytes. To keep accounts cheap to store, NEAR does not keep the full public key on-chain; instead it stores a 32-byte SHA3-256 hash of it — the same size as an ed25519 public key — which keeps the per-key storage cost close to that of a classical key.ml-dsa-65 entries. When you query an account’s keys (for example with view_access_key_list), ml-dsa-65 keys appear with an ml-dsa-65-hash: prefix instead of ml-dsa-65::
near:ml-dsa-65-pubkey-hash:v1 followed by the raw 1952-byte public key. Hashing the key without that prefix will not match the returned value. To look up a specific key directly with view_access_key, pass the full ml-dsa-65: public key and the network hashes it for you.
You can create and manage ml-dsa-65 keys today with the NEAR CLI, and from your app with the near-kit (TypeScript) and near-kit-rs (Rust) libraries. Contracts can add them via near-sdk-rs with no code changes.
Limited Access Key Caveats
Account with Only Function-Call Keys
If an account has no full-access keys and only function-call keys, it becomes effectively restricted:- It cannot transfer NEAR, delete itself, or manage its own keys
- It can only perform the specific contract calls defined by the key’s
receiver_idandmethod_names
Allowance Exhaustion
Theallowance field defines how much NEAR the key can spend on gas fees:
- If set to a specific amount and fully consumed → the key becomes unusable and no new transactions can be signed
- If set to
0or omitted → unlimited allowance (the key has no gas budget restriction)