An Introduction to NEAR Accounts
Usability is an important design principle of the NEAR blockchain. After all, what’s the point of a scalable blockchain when people struggle to use it? The NEAR whitepaper says that “applications deployed to the platform should be seamless to use for end users and seamless to create for developers.” NEAR accounts play a prominent role in this usability for developers and users alike.
What is a NEAR account?
NEAR accounts work differently from accounts in most other blockchains. For one, instead of a public key hash, NEAR uses readable account IDs. For example, `test.near` is the public identifier of an account deployed on the NEAR mainnet. Think of your NEAR account as a username that you can easily remember and type in without copy-pasting.
A NEAR account must be between 2 and 64 characters long and always consists of account ID parts made of lowercase alphanumeric symbols separated by a dot (`test` and `near` in our example). The right-most account ID part is the top level account (TLA). Currently, `near` and `testnet` are the TLAs for all accounts on the NEAR mainnet and testnet, respectively.
Every NEAR account can create as many subaccounts as they want, but they have to be direct. For example, `test.near` can create `banana.test.near` but does not have permission to create `apple.banana.test.near`. Only the immediate parent account can create a subaccount. Keep in mind that you are limited in the number of subaccounts you can create because of the 64-character account length limit.
How do I create a NEAR account?
There are two ways you can create a NEAR account: explicitly and implicitly. Let’s cover explicit account creation first. The easiest way to create an account is through the NEAR wallet. You can do this on the NEAR testnet or the NEAR mainnet. Creating an account on the NEAR mainnet requires at least 1 NEAR (Ⓝ) in funding.
You can buy NEAR tokens on Binance, Huobi, and OKEx. Alternatively, you can buy NEAR with your credit or debit card directly from the account creation interface, made possible because of NEAR’s integration with Moonpay.
This is how almost all users and developers will create their first NEAR account. But it isn’t the only way to create an account. Developers have the option to create accounts implicitly too, and it’s a powerful way to seamlessly onboard new users. But to fully understand how implicit account creation works in NEAR, we need to talk about keys first.
What about the keys of a NEAR account?
Unlike most other blockchains, a NEAR account is not fundamentally tied to a public/private keypair. Instead, keys in NEAR (called access keys) are flexible. Firstly, you can have as many access keys as you need in your account. Secondly, there are two types of access keys:
- Full access keys
- Function call keys
What is a full access key?
A full access key gives you full control over your account. You can transfer money, stake money, deploy a contract, delete a key, etc. Here’s a list of all the actions that a full access key allows you to take.
When you create an account with the NEAR wallet and haven’t enabled 2FA, you’ll have two full access keys. One stored in your browser’s local storage (search for `key` in the application tab of your browser’s developer tools when on the NEAR wallet interface) and one that represents your seed phrase in case you’ve lost access to the key in your browser’s local storage.
Use the NEAR CLI to see the keys attached to your account. Type `near keys [account ID]`.
What is a function call key?
A function call key, sometimes referred to as a limited access key, can only use the `FunctionCall` action. Every function call key has three attributes:
- `allowance`. A certain amount of Ⓝ to cover gas fees (0.25 Ⓝ by default).
- `receiver_id`. The smart contract that the key is allowed to call methods on.
- `method_names`. The contract methods that the key is allowed to call (optional).
Let’s say you want to do some DeFi yield farming on NEAR with the Berry Club dApp. When you connect your NEAR wallet to Berry Club, The dApp will request your account to create a functional key that comes with a certain Ⓝ `allowance’ and has its smart contract as the `receiver_id`. Once you agree to give permission, the Berry Club dApp can now use the functional key attached to your account to call the contract’s methods. This means you don’t need to authorize the dApp over and over again.
Under the Account tab of your NEAR wallet, you’ll see a nice overview of the dApps that have a functional key linked to your account. You can easily remove each key by clicking deauthorize on a particular dApp.
NEAR’s account model and its key flexibility open up many possibilities for developers. It allows you to create an interface that is similar to how people connect to web apps today, except that it runs on a decentralized and scalable blockchain underneath it all. Users might not even need a NEAR account in the first place. A dApp can create a function call key that points to itself and allows anyone to interact with it.
Function call keys also allow the NEAR wallet to have 2FA functionality. Mike Purvis, NEAR Developer, explains in detail how this works in the video below. The gist of it is that the full access keys to your account will be removed and replaced by function call keys that interact with a multisig smart contract.
What about an account with zero access keys?
Just as it’s possible to have a NEAR account with many access keys, it’s also possible to have an account that has none. An account with zero access keys is useful when a developer wants to increase the trustlessness of what they’re building. That’s because no one can access an account that has no access keys.
Any NEAR account can have one and only one smart contract deployed to it. If that NEAR account has no access keys, other accounts can still interact with the smart contract on that account, but the account itself will have no owner who can fiddle with the code or conduct transactions from it.
Be careful though. The smart contract attached to the account can still be nefarious and set up in such a way that it redeploys access keys, for example. Whenever possible, dig into the code to make sure that everything looks safe.
Let’s return to implicit accounts
Now that we’ve covered how keys work in NEAR, let’s explain how implicit accounts work. You can create an implicit account by generating an Ed25519 key pair locally. Similar to Bitcoin or Ethereum accounts, this key pair will have a public key that represents an account ID.
This allows you to reserve an account ID and attach some NEAR tokens to it. Combined with a NEAR Drop, you can onboard users without them even having to purchase NEAR tokens. This way, you can entirely avoid what is still a huge barrier for those unfamiliar with cryptocurrencies.
That’s just one use case of implicit accounts. As the NEAR ecosystem grows, developers will find numerous other creative use cases, and that’s the reason why NEAR offers such flexibility in all these areas: it wants to give developers the ability to build whatever they want without limiting them technically.
In summary
NEAR puts usability front and center. That’s why it’s accounts and keys are more flexible than most other blockchains. In particular, these features stand out:
- Accounts have human readable IDs.
- Accounts can be created explicitly or implicitly.
- Accounts can have many different access keys or none at all.
- Access keys come in two types: full access keys and function call keys.
- Full access keys give full permission over an account.
- Function call keys give limited permission over an account.
This blog post was an introduction to accounts and keys on NEAR. If you want to dive in deeper, read Aaron Luhning’s blog posts on NEAR accounts and keys. There’s also a lunch and learn that digs into how accounts connect to NEAR’s runtime and a NEAR webinar about accounts and key registration. Alternatively, if you want to get your hands dirty right away, visit the Getting Started section of the NEAR docs and have a working dApp running in less than five minutes.
