You can update a policy by updating rules one at a time, or by updating the whole policy at once. You can do this using the Privy Dashboard, the NodeJS SDK, or the REST API.
If a policy has an owner, the owner’s signature is required to modify the policy, see setting authorization signatures .
Updating policy rules individually You can create, get, update, and delete individual rules in a policy. We recommend this over updating the whole policy at once, especially if you find yourself updating the same policy over time. This way, you can ensure there would be no race conditions when updating the policy.
Add a rule to a policy Use the PrivyClientaddRuleToPolicy
const rule = await client . walletApi . addRuleToPolicy ({ policyId: 'fmfdj6yqly31huorjqzq38zc' , name: 'Allow list USDT' , method: 'eth_sendTransaction' , conditions: [ { fieldSource: 'ethereum_transaction' , field: 'to' , operator: 'eq' , value: '0xdAC17F958D2ee523a2206206994597C13D831ec7' } ], action: 'ALLOW' }); Use the PrivyClientaddRuleToPolicy
const rule = await client . walletApi . addRuleToPolicy ({ policyId: 'fmfdj6yqly31huorjqzq38zc' , name: 'Allow list USDT' , method: 'eth_sendTransaction' , conditions: [ { fieldSource: 'ethereum_transaction' , field: 'to' , operator: 'eq' , value: '0xdAC17F958D2ee523a2206206994597C13D831ec7' } ], action: 'ALLOW' }); To add a rule to a policy, make a POST request to:
https://api.privy.io/v1/policies/ <policy_id>/rules Replacing <policy_id> with the ID of your desired policy.
In the request body, include the following fields:
Name to assign to the rule.
method
'personal_sign' | 'eth_signTypedData_v4' | 'eth_signTransaction' | 'eth_sendTransaction' | 'signTransaction' | 'signAndSendTransaction' | '*'
RPC method to apply the conditions to. Must correspond to the chain_type of the parent policy.
A set of boolean conditions that define the action the rule allows or denies.
Whether the rule should allow or deny a wallet request if it satisfies all of the rule’s
conditions.
Body
Here is an example of a request body:
$ curl --request POST https://api.privy.io/v1/policies/fmfdj6yqly31huorjqzq38zc/rules \ -u "<your-privy-app-id>:<your-privy-app-secret>" \ -H "privy-app-id: <your-privy-app-id>" \ -H "privy-authorization-signature: <authorization-signature-for-request>" \ -H 'Content-Type: application/json' \ -d '{ "name": "Allow list USDT", "method": "eth_sendTransaction", "conditions": [ { "field_source": "ethereum_transaction", "field": "to", "operator": "eq", "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7" } ], "action": "ALLOW" }' Response
If the rule is added successfully, the response will include the full rule object, like below:
{ "name" : "Allow list USDT" , "method" : "eth_sendTransaction" , "conditions" : [ { "field_source" : "ethereum_transaction" , "field" : "to" , "operator" : "eq" , "value" : "0xdAC17F958D2ee523a2206206994597C13D831ec7" } ], "action" : "ALLOW" , "id" : "allow-list-usdt-18381838" } Edit a rule in a policy Use the PrivyClientupdateRuleInPolicy
const rule = await client . walletApi . updateRuleInPolicy ({ policyId: 'fmfdj6yqly31huorjqzq38zc' , ruleId: 'allow-list-usdt-18381838' , name: 'Allow list USDT' , method: 'eth_sendTransaction' , conditions: [ { fieldSource: 'ethereum_transaction' , field: 'to' , operator: 'eq' , value: '0xdAC17F958D2ee523a2206206994597C13D831ec7' } ], action: 'ALLOW' }); Use the PrivyClientupdateRuleInPolicy
const rule = await client . walletApi . updateRuleInPolicy ({ policyId: 'fmfdj6yqly31huorjqzq38zc' , ruleId: 'allow-list-usdt-18381838' , name: 'Allow list USDT' , method: 'eth_sendTransaction' , conditions: [ { fieldSource: 'ethereum_transaction' , field: 'to' , operator: 'eq' , value: '0xdAC17F958D2ee523a2206206994597C13D831ec7' } ], action: 'ALLOW' }); To add a rule to a policy, make a PATCH request to:
https://api.privy.io/v1/policies/ <policy_id>/rules/<rule_id> Replacing <policy_id> with the ID of your desired policy.
In the request body, include the following fields:
Name to assign to the rule.
method
'personal_sign' | 'eth_signTypedData_v4' | 'eth_signTransaction' | 'eth_sendTransaction' | 'signTransaction' | 'signAndSendTransaction' | '*'
RPC method to apply the conditions to. Must correspond to the chain_type of the parent policy.
A set of boolean conditions that define the action the rule allows or denies.
Whether the rule should allow or deny a wallet request if it satisfies all of the rule’s
conditions.
Body
Here is an example of a request body:
$ curl --request PATCH https://api.privy.io/v1/policies/fmfdj6yqly31huorjqzq38zc/rules/allow-list-usdt-18381838 \ -u "<your-privy-app-id>:<your-privy-app-secret>" \ -H "privy-app-id: <your-privy-app-id>" \ -H "privy-authorization-signature: <authorization-signature-for-request>" \ -H 'Content-Type: application/json' \ -d '{ "name": "Allow list USDT", "method": "eth_sendTransaction", "conditions": [ { "field_source": "ethereum_transaction", "field": "to", "operator": "eq", "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7" } ], "action": "ALLOW" }' Response
If the rule is added successfully, the response will include the full rule object, like below:
{ "name" : "Allow list USDT" , "method" : "eth_sendTransaction" , "conditions" : [ { "field_source" : "ethereum_transaction" , "field" : "to" , "operator" : "eq" , "value" : "0xdAC17F958D2ee523a2206206994597C13D831ec7" } ], "action" : "ALLOW" , "id" : "allow-list-usdt-18381838" } Delete a rule from a policy Use the PrivyClientdeleteRuleFromPolicy
const rule = await client . walletApi . deleteRuleFromPolicy ({ policyId: 'fmfdj6yqly31huorjqzq38zc' , ruleId: 'allow-list-usdt-18381838' }); </ Tab > < Tab title = "REST API" > To delete a rule from a policy, make a `DELETE` request to: ```sh https://api.privy.io/v1/policies/ < policy_id > /rules/ < rule_id > Replacing <policy_id> with the ID of your desired policy and <rule_id> with the ID of the rule you want to delete.
Response
If the rule is deleted successfully, the response will be
Use the PrivyClientdeleteRuleFromPolicy
const rule = await client . walletApi . deleteRuleFromPolicy ({ policyId: 'fmfdj6yqly31huorjqzq38zc' , ruleId: 'allow-list-usdt-18381838' }); </ Tab > < Tab title = "REST API" > To delete a rule from a policy, make a `DELETE` request to: ```sh https://api.privy.io/v1/policies/ < policy_id > /rules/ < rule_id > Replacing <policy_id> with the ID of your desired policy and <rule_id> with the ID of the rule you want to delete.
Response
If the rule is deleted successfully, the response will be
Update a whole policy Use the PrivyClientupdatePolicy
const policy = await client . walletApi . updatePolicy ({ id: 'fmfdj6yqly31huorjqzq38zc' , name: 'Transactions must be <= 5ETH' , rules: [ { name: 'Transactions must be <= 5ETH' , method: 'eth_sendTransaction' , action: 'ALLOW' , conditions: [ { fieldSource: 'ethereum_transaction' , field: 'value' , operator: 'lte' , value: '0x2386F26FC10000' } ] } ] }); Use the PrivyClientupdatePolicy
const policy = await client . walletApi . updatePolicy ({ id: 'fmfdj6yqly31huorjqzq38zc' , name: 'Transactions must be <= 5ETH' , rules: [ { name: 'Transactions must be <= 5ETH' , method: 'eth_sendTransaction' , action: 'ALLOW' , conditions: [ { fieldSource: 'ethereum_transaction' , field: 'value' , operator: 'lte' , value: '0x2386F26FC10000' } ] } ] }); To update an existing policy, make a PATCH request to:
https://api.privy.io/v1/policies/ <policy_id> Replacing <policy_id> with the ID of your desired policy.
Body In the request body, include the following fields:
(Optional) New name to assign to policy.
(Optional) New list of Rule objects describing what rules to apply to each RPC method (e.g.
'eth_sendTransaction') that the wallet can take. Learn more about
Rules .
owner
{public_key: string} | null
The P-256 public key of the owner of the policy. If you provide this, do not specify an owner_id
as it will be generated automatically.
The key quorum ID of the owner of the policy. If you provide this, do not specify an owner.
Any fields not included in the PATCH request body will remain unchanged from the original policy.
Response If the policy is updated successfully, the response will include the full updated policy object.
Unique ID for the policy.
Version of the policy. Currently, 1.0 is the only version.
Updated name of the policy.
Chain type for wallets that the policy will be applied to.
Updated list of Rule objects describing what rules to apply to each RPC method (e.g.
'eth_sendTransaction') that the wallet can take. Learn more about
Rules .
The key quorum ID of the owner of the policy, whose signature is required to modify the policy.
Example As an example, a sample request to update the rules of a policy with ID fmfdj6yqly31huorjqzq38zc might look like the following:
$ curl --request PATCH https://api.privy.io/v1/policies/fmfdj6yqly31huorjqzq38zc \ -u "<your-privy-app-id>:<your-privy-app-secret>" \ -H "privy-app-id: <your-privy-app-id>" \ -H "privy-authorization-signature: <authorization-signature-for-request>" \ -H 'Content-Type: application/json' \ -d '{ "rules": [{ "name": "Allow list USDT", "method": "eth_sendTransaction", "conditions": [ { "field_source": "ethereum_transaction", "field": "to", "operator": "eq", "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7" } ], "action": "ALLOW" }] }' A successful response will look like the following:
{ "id" : "fmfdj6yqly31huorjqzq38zc" , "name" : "Allow list certain smart contracts" , "version" : "1.0" , "chain_type" : "ethereum" , "rules" : [ { "name" : "Allow list USDT" , "method" : "eth_sendTransaction" , "conditions" : [ { "field_source" : "ethereum_transaction" , "field" : "to" , "operator" : "eq" , "value" : "0xdAC17F958D2ee523a2206206994597C13D831ec7" } ], "action" : "ALLOW" , "id" : "allow-list-usdt-18381838" } ], "owner_id" : "fmfdj6yqly31huorjqzq38zc" } 
