To sign a request with a key quorum:

  1. Collect the private keys for a threshold of authorization keys in the key quorum. For example, if your key quorum is configured with an m-of-n authorization threshold, you must have the private keys for at least m of the authorization keys in the key quorum. For users in your key quorum, request the user key per this guide.
  2. Sign the request with each authorization key individually.
  3. Pass the signatures as a comma-delimited string in the privy-authorization-signature header for your requests to the Privy API.

An example request signed by a 2-of-n key quorum might look as follows

REST API
curl --request POST https://api.privy.io/v1/wallets/y5ofctvacjiv53u4hmnqi0e5/rpc \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <insert-authorization-sig1>,<insert-authorization-sig2>" \
-H 'Content-Type: application/json' \
-d '{
  "caip2": "eip155:1",
  "method": "eth_sendTransaction",
  "params": {
    "transaction": {
      "to": "0xE3070d3e4309afA3bC9a6b057685743CF42da77C",
      "value": "0x2386f26fc10000",
      "data": "0x"
    }
  }
}'

When the API receives the request, Privy validates that:

  1. The required number of signatures are provided.
  2. All signatures are valid for the request payload.
  3. All signatures come from authorization keys in the key quorum for the wallet.

If any validation fails, the request is rejected.