You can create a policy using the Privy Dashboard, the NodeJS SDK, or the REST API.

Policies optionally have owners, which represent the signatures required to modify the policy after creation, see setting authorization signatures.

We highly recommend specifying an owner for your policy to ensure that only authorized parties can modify them. Without an owner, the policy can be updated by your app secret alone.

Use the PrivyClient’s createPolicy method to create a new policy.

const policy = await privy.walletApi.createPolicy({
  name: 'Allow list certain smart contracts',
  version: '1.0',
  chainType: 'ethereum',
  rules: [
    {
      name: 'Allow list USDC',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'to',
          operator: 'eq',
          value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
        }
      ]
    }
  ],
  ownerId: 'fmfdj6yqly31huorjqzq38zc'
});