POST
/
v1
/
policies
curl --request POST \
  --url https://api.privy.io/v1/policies \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "version": "1.0",
  "name": "Allowlisted stablecoins",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allowlist USDC contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "action": "ALLOW"
    },
    {
      "name": "Allowlist USDT contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2"
        }
      ],
      "action": "ALLOW"
    }
  ]
}'
{
  "id": "tb54eps4z44ed0jepousxi4n",
  "name": "Allowlisted stablecoins",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allowlist USDC contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "action": "ALLOW"
    },
    {
      "name": "Allowlist USDT contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2"
        }
      ],
      "action": "ALLOW"
    }
  ],
  "owner_id": null,
  "version": "1.0",
  "created_at": 1741833088894
}

Authorizations

​
Authorization
string
header
required

App secret authentication.

Headers

​
privy-app-id
string
required

ID of your Privy app.

​
privy-authorization-signature
string

Request authorization signature. If multiple signatures are required, they should be comma separated.

Body

application/json
​
version
enum<string>
required

Version of the policy. Currently, 1.0 is the only version.

Available options:
1.0
​
name
string
required

Name to assign to policy.

Maximum length: 50
​
chain_type
enum<string>
required

Chain type the policy applies to.

Available options:
ethereum
​
rules
object[]
required

The rules that apply to each method the policy covers.

​
owner
object | null

The pem-formatted, P-256 public key of the owner of the policy. If you provide this, do not specify an owner_id as it will be generated automatically.

​
owner_id
string | null

The key quorum ID to set as the owner of the policy. If you provide this, do not specify an owner.

Response

200 - application/json
Created policy object.
​
version
enum<string>
required

Version of the policy. Currently, 1.0 is the only version.

Available options:
1.0
​
name
string
required

Name to assign to policy.

Maximum length: 50
​
chain_type
enum<string>
required

Chain type the policy applies to.

Available options:
ethereum
​
rules
object[]
required

The rules that apply to each method the policy covers.

​
id
string
required

Unique ID of the created policy. This will be the primary identifier when using the policy in the future.

Required string length: 24
​
owner_id
string | null
required

The key quorum ID of the owner of the policy.

​
created_at
number
required

Unix timestamp of when the policy was created in milliseconds.