POST
/
v1
/
policies
curl --request POST \
  --url https://api.privy.io/v1/policies \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "version": "1.0",
  "name": "Allowlisted stablecoins",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allowlist USDC contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "action": "ALLOW"
    },
    {
      "name": "Allowlist USDT contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2"
        }
      ],
      "action": "ALLOW"
    }
  ]
}'
{
  "id": "tb54eps4z44ed0jepousxi4n",
  "name": "Allowlisted stablecoins",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allowlist USDC contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "action": "ALLOW"
    },
    {
      "name": "Allowlist USDT contract on Base",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2"
        }
      ],
      "action": "ALLOW"
    }
  ],
  "owner_id": null,
  "version": "1.0",
  "created_at": 1741833088894
}

Authorizations

Authorization
string
header
required

App secret authentication.

Headers

privy-app-id
string
required

ID of your Privy app.

privy-authorization-signature
string

Request authorization signature. If multiple signatures are required, they should be comma separated.

Body

application/json
version
enum<string>
required

Version of the policy. Currently, 1.0 is the only version.

Available options:
1.0
name
string
required

Name to assign to policy.

Maximum length: 50
chain_type
enum<string>
required

Chain type the policy applies to.

Available options:
ethereum
rules
object[]
required

The rules that apply to each method the policy covers.

owner
object | null

The pem-formatted, P-256 public key of the owner of the policy. If you provide this, do not specify an owner_id as it will be generated automatically.

owner_id
string | null

The key quorum ID to set as the owner of the policy. If you provide this, do not specify an owner.

Response

200 - application/json
Created policy object.
version
enum<string>
required

Version of the policy. Currently, 1.0 is the only version.

Available options:
1.0
name
string
required

Name to assign to policy.

Maximum length: 50
chain_type
enum<string>
required

Chain type the policy applies to.

Available options:
ethereum
rules
object[]
required

The rules that apply to each method the policy covers.

id
string
required

Unique ID of the created policy. This will be the primary identifier when using the policy in the future.

Required string length: 24
owner_id
string | null
required

The key quorum ID of the owner of the policy.

created_at
number
required

Unix timestamp of when the policy was created in milliseconds.