Docs

author_rotateKeys - Moonbeam RPC Method

Generate new session keys for validator operations on Moonbeam. Essential for validator setup, key rotation, and security best practices on the cross-chain connected EVM platform on Polkadot with $65M+ TVL and 100+ projects.

Generate a new set of session keys on Moonbeam. This method creates fresh cryptographic keys for all session key types (e.g., BABE, GRANDPA, ImOnline, ParaValidator, AuthorityDiscovery) and stores them in the node's local keystore. The returned concatenated public keys must be registered on-chain via session.setKeys.

Why Moonbeam? Build on the cross-chain connected EVM platform on Polkadot with $65M+ TVL and 100+ projects with full EVM compatibility on Polkadot, native XCM cross-chain messaging, 10K+ TPS, 24% staking APR, and $0.015 transaction costs.

When to Use This Method

author_rotateKeys is critical for cross-chain dApp developers, Polkadot builders, and teams requiring multi-chain interoperability:

  • Validator Setup — Generate initial session keys when setting up a new validator on cross-chain DeFi, multi-chain dApps, and Ethereum-to-Polkadot bridging via XCM, Axelar, LayerZero, and Wormhole
  • Key Rotation — Periodically rotate keys for operational security best practices
  • Recovery — Generate replacement keys after a potential key compromise or node migration
  • Validator Upgrades — Produce new keys when moving a validator to new hardware

Code Examples

Common Use Cases

1. Complete Validator Setup Workflow

Full end-to-end validator setup on Moonbeam:

JavaScript
async function setupValidator(api, stashAccount) {
  // Step 1: Generate session keys
  const keys = await api.rpc.author.rotateKeys();
  console.log('Generated session keys:', keys.toHex());

  // Step 2: Register keys on-chain
  const setKeysTx = api.tx.session.setKeys(keys, '0x');
  await new Promise((resolve, reject) => {
    setKeysTx.signAndSend(stashAccount, ({ status, events }) => {
      if (status.isFinalized) {
        const success = events.some(({ event }) =>
          api.events.system.ExtrinsicSuccess.is(event)
        );
        if (success) {
          console.log('Session keys registered successfully');
          resolve();
        } else {
          reject(new Error('setKeys transaction failed'));
        }
      }
    });
  });

  // Step 3: Verify registration
  const nextKeys = await api.query.session.nextKeys(stashAccount.address);
  console.log('Keys registered for next session:', nextKeys.isSome);
}

2. Scheduled Key Rotation

Automate periodic key rotation for security:

JavaScript
async function scheduleKeyRotation(api, validatorAccount, intervalDays = 30) {
  const intervalMs = intervalDays * 24 * 60 * 60 * 1000;

  async function rotateAndRegister() {
    try {
      const newKeys = await api.rpc.author.rotateKeys();
      console.log(`Rotated keys at ${new Date().toISOString()}`);

      const tx = api.tx.session.setKeys(newKeys, '0x');
      await tx.signAndSend(validatorAccount);
      console.log('New keys registered — active next session');
    } catch (error) {
      console.error('Key rotation failed:', error.message);
    }
  }

  // Initial rotation
  await rotateAndRegister();

  // Schedule future rotations
  setInterval(rotateAndRegister, intervalMs);
}

Validator Setup Workflow

  1. Generate keys — Call author_rotateKeys on your validator node
  2. Register on-chain — Submit session.setKeys(keys, proof) extrinsic from your stash account
  3. Wait for session — Keys become active at the start of the next session
  4. Verify — Query session.nextKeys to confirm registration

Security Considerations

  • Local access only — Only call this method on your own validator node via localhost
  • Never expose publicly — This RPC method is marked as unsafe and should not be accessible from the internet
  • Keystore security — Session keys are stored in the node's keystore directory on disk
  • Rotate regularly — Follow a key rotation schedule to limit exposure from potential compromises
  • Backup awareness — New keys replace old ones in the keystore; old keys cannot be recovered

Error Handling

Error CodeDescriptionSolution
-32603RPC call is unsafeEnable --rpc-methods unsafe flag on the node (local access only)
-32601Method not foundVerify the node has the author RPC module enabled
-32603Internal errorCheck node keystore permissions and disk space
  • author_hasSessionKeys — Check if session keys exist in the keystore
  • author_submitExtrinsic — Submit the setKeys transaction
  • author_pendingExtrinsics — View pending transactions
  • session_nextKeys — Query registered session keys on-chain

author_submitAndWatchExtrinsic

Submit an extrinsic and subscribe to lifecycle status updates on Moonbeam. Track transactions from pool admission through finalization with real-time WebSocket events for cross-chain DeFi, multi-chain dApps, and Ethereum-to-Polkadot bridging via XCM, Axelar, LayerZero, and Wormhole.

payment_queryInfo

Estimate transaction fees on Moonbeam. Get the weight, dispatch class, and partial fee for an extrinsic before submitting it to the network.

On this page

When to Use This Method
Code Examples
Common Use Cases
1. Complete Validator Setup Workflow
2. Scheduled Key Rotation
Validator Setup Workflow
Security Considerations
Error Handling
Related Methods