You can update a policy by updating rules one at a time, or by updating the whole policy at once. You can do this using the Privy Dashboard, the NodeJS SDK, or the REST API. If a policy has an owner, the owner’s signature is required to modify the policy, see setting authorization signatures.

Updating policy rules individually

You can create, get, update, and delete individual rules in a policy. We recommend this over updating the whole policy at once, especially if you find yourself updating the same policy over time. This way, you can ensure there would be no race conditions when updating the policy.

Add a rule to a policy

Use the PrivyClient’s addRuleToPolicy method to add a rule to a policy.
const rule = await client.walletApi.addRuleToPolicy({
  policyId: 'fmfdj6yqly31huorjqzq38zc',
  name: 'Allowlist USDT',
  method: 'eth_sendTransaction',
  conditions: [
    {
      fieldSource: 'ethereum_transaction',
      field: 'to',
      operator: 'eq',
      value: '0xdAC17F958D2ee523a2206206994597C13D831ec7'
    }
  ],
  action: 'ALLOW'
});

Edit a rule in a policy

Use the PrivyClient’s updateRuleInPolicy method to update a rule in a policy.
const rule = await client.walletApi.updateRuleInPolicy({
  policyId: 'fmfdj6yqly31huorjqzq38zc',
  ruleId: 'allow-list-usdt-18381838',
  name: 'Allowlist USDT',
  method: 'eth_sendTransaction',
  conditions: [
    {
      fieldSource: 'ethereum_transaction',
      field: 'to',
      operator: 'eq',
      value: '0xdAC17F958D2ee523a2206206994597C13D831ec7'
    }
  ],
  action: 'ALLOW'
});

Delete a rule from a policy

Use the PrivyClient’s deleteRuleFromPolicy method to delete a rule from a policy.
const rule = await client.walletApi.deleteRuleFromPolicy({
  policyId: 'fmfdj6yqly31huorjqzq38zc',
  ruleId: 'allow-list-usdt-18381838'
});
</Tab>
<Tab title="REST API">
To delete a rule from a policy, make a `DELETE` request to:

```sh
https://api.privy.io/v1/policies/<policy_id>/rules/<rule_id>
Replacing <policy_id> with the ID of your desired policy and <rule_id> with the ID of the rule you want to delete.ResponseIf the rule is deleted successfully, the response will be
{success: true}

Update a whole policy

Use the PrivyClient’s updatePolicy method to update an existing policy.
const policy = await client.walletApi.updatePolicy({
  id: 'fmfdj6yqly31huorjqzq38zc',
  name: 'Transactions must be <= 5ETH',
  rules: [
    {
      name: 'Transactions must be <= 5ETH',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'value',
          operator: 'lte',
          value: '0x2386F26FC10000'
        }
      ]
    }
  ]
});