Many apps require both users and servers to approve transactions, which can be used to enhance the security of your application. For example, if a user’s account is compromised, attackers cannot unilaterally take actions with the user’s wallets without the server’s approval. To enable a configuration where both users and servers must approve transactions, Privy recommends the following:
1

Create a wallet owned by an m-of-k key quorum

Create a wallet owned by an m-of-k key quorum (m ≥ 2) whose elements include at least a user and an authorization key controlled by your server. You can do this via Privy’s REST API.
2

Have users and server(s) both sign transaction requests

Next, construct your transaction request and have users and servers sign the transaction request.
3

Execute your transaction request with the user and server signatures

Finally, execute the transaction request with both signatures.