curl --request POST \
--url https://api.privy.io/v1/policies \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--header 'privy-app-id: <privy-app-id>' \
--data '{
"version": "1.0",
"name": "<string>",
"chain_type": "ethereum",
"rules": [
{
"name": "<string>",
"method": "eth_sendTransaction",
"conditions": [
{
"field_source": "ethereum_transaction",
"field": "to",
"operator": "eq",
"value": "<string>"
}
],
"action": "ALLOW"
}
],
"owner": {
"public_key": "<string>"
},
"owner_id": "<string>"
}'
{
"id": "tb54eps4z44ed0jepousxi4n",
"name": "Allowlisted stablecoins",
"chain_type": "ethereum",
"rules": [
{
"name": "Allowlist USDC contract on Base",
"method": "eth_sendTransaction",
"conditions": [
{
"field_source": "ethereum_transaction",
"field": "to",
"operator": "eq",
"value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
}
],
"action": "ALLOW"
}
],
"owner_id": null,
"version": "1.0",
"created_at": 1741833088894
}
Create a new policy.
curl --request POST \
--url https://api.privy.io/v1/policies \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--header 'privy-app-id: <privy-app-id>' \
--data '{
"version": "1.0",
"name": "<string>",
"chain_type": "ethereum",
"rules": [
{
"name": "<string>",
"method": "eth_sendTransaction",
"conditions": [
{
"field_source": "ethereum_transaction",
"field": "to",
"operator": "eq",
"value": "<string>"
}
],
"action": "ALLOW"
}
],
"owner": {
"public_key": "<string>"
},
"owner_id": "<string>"
}'
{
"id": "tb54eps4z44ed0jepousxi4n",
"name": "Allowlisted stablecoins",
"chain_type": "ethereum",
"rules": [
{
"name": "Allowlist USDC contract on Base",
"method": "eth_sendTransaction",
"conditions": [
{
"field_source": "ethereum_transaction",
"field": "to",
"operator": "eq",
"value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
}
],
"action": "ALLOW"
}
],
"owner_id": null,
"version": "1.0",
"created_at": 1741833088894
}
Basic Auth header with your app ID as the username and your app secret as the password.
ID of your Privy app.
Idempotency keys ensure API requests are executed only once within a 24-hour window.
Created policy object.
The response is of type object
.