Create a policy

You can create a policy using the Privy Dashboard, the NodeJS SDK, or the REST API.

Policies optionally have owners, which represent the signatures required to modify the policy after creation, see setting authorization signatures.

We highly recommend specifying an owner for your policy to ensure that only authorized parties can modify them. Without an owner, the policy can be updated by your app secret alone.

Use the PrivyClient’s createPolicy method to create a new policy.

const policy = await privy.walletApi.createPolicy({
  name: 'Allow list certain smart contracts',
  version: '1.0',
  chainType: 'ethereum',
  rules: [
    {
      name: 'Allow list USDC',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'to',
          operator: 'eq',
          value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
        }
      ]
    }
  ],
  ownerId: 'fmfdj6yqly31huorjqzq38zc'
});

Use the PrivyClient’s createPolicy method to create a new policy.

const policy = await privy.walletApi.createPolicy({
  name: 'Allow list certain smart contracts',
  version: '1.0',
  chainType: 'ethereum',
  rules: [
    {
      name: 'Allow list USDC',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'to',
          operator: 'eq',
          value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
        }
      ]
    }
  ],
  ownerId: 'fmfdj6yqly31huorjqzq38zc'
});

To create a new policy, make a POST request to:

https://api.privy.io/v1/policies

In the request headers, make sure to include Privy’s required authentication headers and headers that may be required for your app’s wallet API setup.

Body

In the request body, include the following:

version

'1.0'

Version of the policy. Currently, 1.0 is the only version.

name

string

Name to assign to policy.

chain_type

'ethereum'

Chain type for wallets that the policy will be applied to.

rules

Rule

A list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

owner

{public_key: string} | null

The P-256 public key of the owner of the policy. If you provide this, do not specify an owner_id as it will be generated automatically.

owner_id

string | null

The key quorum ID of the owner of the policy. If you provide this, do not specify an owner.

Once you have successfully created a policy, you can assign that policy to server wallets at creation.

Currently, the policy engine supports the eth_signTransaction and eth_sendTransaction RPC methods and the ethereum_transaction field source. We are actively expanding support here.

Response

If the policy is created successfully, the response will include the request body as well as an additional unique id field for the policy.

string

Unique ID for the policy.

version

'1.0'

Version of the policy. Currently, 1.0 is the only version.

name

string

Name to assign to policy.

chain_type

'ethereum'

Chain type for wallets that the policy will be applied to.

rules

Rule[]

A list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

owner_id

string | null

The key quorum ID of the owner of the policy, whose signature is required to modify the policy.

Example

As an example, a sample request to create a new eth_sendTransaction policy might look like the following:

$ curl --request POST https://api.privy.io/v1/policies \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
    "version": "1.0",
    "name": "Allow list certain smart contracts",
    "chain_type": "ethereum",
    "rules": [{
      "name": "Allow list USDC",
      "method": "eth_sendTransaction",
      "conditions": [
          {
              "field_source": "ethereum_transaction",
              "field": "to",
              "operator": "eq",
              "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
          }
      ],
      "action": "ALLOW"
    }],
    "owner": {
      "public_key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEx4aoeD72yykviK+f/ckqE2CItVIG1rCnvC3/XZ1HgpOcMEMialRmTrqIK4oZlYd1RfxU3za/C9yjhboIuoPD3g=="
    }
}'

A successful response will look like the following:

{
  "id": "fmfdj6yqly31huorjqzq38zc",
  "name": "Allow list certain smart contracts",
  "version": "1.0",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allow list USDC",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "action": "ALLOW"
    }
  ],
  "owner_id": "fmfdj6yqly31huorjqzq38zc"
}

Authorization keys

Quorum approvals

Policies

Body

Response

Example

Authorization keys

Quorum approvals

Policies

​Body

​Response

​Example

Body

Response

Example