Create a policy

Use the PrivyClient’s createPolicy method to create a new policy.

const policy = await privy.walletApi.createPolicy({
  name: 'Allow list certain smart contracts',
  version: '1.0',
  chainType: 'ethereum',
  rules: [
    {
      name: 'Allow list USDC',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'to',
          operator: 'eq',
          value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
        }
      ]
    }
  ]
});

Use the PrivyClient’s createPolicy method to create a new policy.

const policy = await privy.walletApi.createPolicy({
  name: 'Allow list certain smart contracts',
  version: '1.0',
  chainType: 'ethereum',
  rules: [
    {
      name: 'Allow list USDC',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'to',
          operator: 'eq',
          value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
        }
      ]
    }
  ]
});

To create a new policy, make a POST request to:

https://api.privy.io/v1/policies

In the request headers, make sure to include Privy’s required authentication headers and headers that may be required for your app’s wallet API setup.

Body

In the request body, include the following:

version

'1.0'

Version of the policy. Currently, 1.0 is the only version.

name

string

Name to assign to policy.

chain_type

'ethereum'

Chain type for wallets that the policy will be applied to.

rules

Rule

A list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

Once you have successfully created a policy, you can assign that policy to server wallets at creation.

Currently, the policy engine supports the eth_signTransaction and eth_sendTransaction RPC methods and the ethereum_transaction field source. We are actively expanding support here.

Response

If the policy is created successfully, the response will include the request body as well as an additional unique id field for the policy.

Unique ID for the policy.

Version of the policy. Currently, 1.0 is the only version.

Name to assign to policy.

Chain type for wallets that the policy will be applied to.

A list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

Example

As an example, a sample request to create a new eth_sendTransaction policy might look like the following:

$ curl --request POST https://api.privy.io/v1/policies \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
    "version": "1.0",
    "name": "Allow list certain smart contracts",
    "chain_type": "ethereum",
    "rules": [{
      "name": "Allow list USDC",
      "method": "eth_sendTransaction",
      "conditions": [
          {
              "field_source": "ethereum_transaction",
              "field": "to",
              "operator": "eq",
              "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
          }
      ],
      "action": "ALLOW"
    }]
}'

A successful response will look like the following:

{
  "id": "fmfdj6yqly31huorjqzq38zc",
  "name": "Allow list certain smart contracts",
  "version": "1.0",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allow list USDC",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "action": "ALLOW"
    }
  ]
}

Authorization keys

Quorum approvals

Policies

Body

Response

Example

Authorization keys

Quorum approvals

Policies

​Body

​Response

​Example

Body

Response

Example