Many apps require both users and servers to approve transactions, which can be used to enhance the security of your application. For example, if a user’s account is compromised, attackers cannot unilaterally take actions with the user’s wallets without the server’s approval.To enable a configuration where both users and servers must approve transactions, Privy recommends the following:
1
Create a wallet owned by an m-of-k key quorum
Create a wallet owned by an m-of-k key quorum (m ≥ 2) whose elements include at least a
user and an authorization key controlled by your server. You can do this via Privy’s
REST API.
2
Have users and server(s) both sign transaction requests
Next, construct your transaction request and have
usersandservers sign the transaction request.
3
Execute your transaction request with the user and server signatures