Update a policy

You can update a policy by updating rules one at a time, or by updating the whole policy at once. You can do this using the Privy Dashboard, the NodeJS SDK, or the REST API. If a policy has an owner, the owner’s signature is required to modify the policy, see setting authorization signatures.

Updating policy rules individually

You can create, get, update, and delete individual rules in a policy. We recommend this over updating the whole policy at once, especially if you find yourself updating the same policy over time. This way, you can ensure there would be no race conditions when updating the policy.

Add a rule to a policy

NodeJS
NodeJS (server-auth)
Rust
REST API

Use the PrivyClient’s createRule method in the policies() interface to add a rule to a policy.

const rule = await client.policies().createRule('insert-policy-id', {
  name: 'Allow list USDT',
  method: 'eth_sendTransaction',
  conditions: [
    {
      field_source: 'ethereum_transaction',
      field: 'to',
      operator: 'eq',
      value: '0xdAC17F958D2ee523a2206206994597C13D831ec7'
    }
  ],
  action: 'ALLOW'
});

The @privy-io/server-auth library is deprecated. We recommend integrating @privy-io/node for the latest features and support.

Use the PrivyClient’s addRuleToPolicy method to add a rule to a policy.

const rule = await client.walletApi.addRuleToPolicy({
  policyId: 'fmfdj6yqly31huorjqzq38zc',
  name: 'Allowlist USDT',
  method: 'eth_sendTransaction',
  conditions: [
    {
      fieldSource: 'ethereum_transaction',
      field: 'to',
      operator: 'eq',
      value: '0xdAC17F958D2ee523a2206206994597C13D831ec7'
    }
  ],
  action: 'ALLOW'
});

Use the PrivyClient’s create_rule method in the policies() interface to add a rule to a policy.

use privy_rs::{PrivyClient, generated::types::*};

let client = PrivyClient::new(app_id, app_secret)?;

let usdt_condition = PolicyRuleCondition {
    field_source: "ethereum_transaction".to_string(),
    field: "to".to_string(),
    operator: "eq".to_string(),
    value: serde_json::Value::String("0xdAC17F958D2ee523a2206206994597C13D831ec7".to_string()),
};

let request = CreatePolicyRuleBody {
    name: "Allow list USDT".to_string(),
    method: "eth_sendTransaction".to_string(),
    action: PolicyRuleAction::Allow,
    conditions: vec![usdt_condition],
};

let rule = client
    .policies()
    .create_rule("insert-policy-id", request, &authorization_context)
    .await?;

println!("Created rule: {}", rule.id);

Parameters and Returns

See the Rust SDK documentation for detailed parameter and return types, including embedded examples:

PoliciesClient::create_rule

For REST API details, see the API reference.

To add a rule to a policy, make a POST request to:

https://api.privy.io/v1/policies/<policy_id>/rules

Replacing <policy_id> with the ID of your desired policy.In the request body, include the following fields:

Hide body attributes

name

string

Name to assign to the rule.

method

RPC method to apply the conditions to. Must correspond to the chain_type of the parent policy.

conditions

Condition[]

A set of boolean conditions that define the action the rule allows or denies.

action

'ALLOW' | 'DENY'

Whether the rule should allow or deny a wallet request if it satisfies all of the rule’s conditions.

BodyHere is an example of a request body:

$ curl --request POST https://api.privy.io/v1/policies/fmfdj6yqly31huorjqzq38zc/rules \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
      "name": "Allowlist USDT",
      "method": "eth_sendTransaction",
      "conditions": [
          {
              "field_source": "ethereum_transaction",
              "field": "to",
              "operator": "eq",
              "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
          }
      ],
      "action": "ALLOW"
}'

ResponseIf the rule is added successfully, the response will include the full rule object, like below:

{
  "name": "Allowlist USDT",
  "method": "eth_sendTransaction",
  "conditions": [
    {
      "field_source": "ethereum_transaction",
      "field": "to",
      "operator": "eq",
      "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
    }
  ],
  "action": "ALLOW",
  "id": "allow-list-usdt-18381838"
}

Edit a rule in a policy

NodeJS
NodeJS (server-auth)
Rust
REST API

Use the PrivyClient’s updateRule method in the policies() interface to update a rule in a policy.

const rule = await client.policies().updateRule('insert-rule-id', {
  policy_id: 'insert-policy-id',
  name: 'Allow list USDT',
  method: 'eth_sendTransaction',
  conditions: [
    {
      field_source: 'ethereum_transaction',
      field: 'to',
      operator: 'eq',
      value: '0xdAC17F958D2ee523a2206206994597C13D831ec7'
    }
  ],
  action: 'ALLOW'
});

The @privy-io/server-auth library is deprecated. We recommend integrating @privy-io/node for the latest features and support.

Use the PrivyClient’s updateRuleInPolicy method to update a rule in a policy.

const rule = await client.walletApi.updateRuleInPolicy({
  policyId: 'fmfdj6yqly31huorjqzq38zc',
  ruleId: 'allow-list-usdt-18381838',
  name: 'Allowlist USDT',
  method: 'eth_sendTransaction',
  conditions: [
    {
      fieldSource: 'ethereum_transaction',
      field: 'to',
      operator: 'eq',
      value: '0xdAC17F958D2ee523a2206206994597C13D831ec7'
    }
  ],
  action: 'ALLOW'
});

Use the PrivyClient’s update_rule method in the policies() interface to update a rule in a policy.

use privy_rs::{PrivyClient, generated::types::*};

let client = PrivyClient::new(app_id, app_secret)?;

let usdt_condition = PolicyRuleCondition {
    field_source: "ethereum_transaction".to_string(),
    field: "to".to_string(),
    operator: "eq".to_string(),
    value: serde_json::Value::String("0xdAC17F958D2ee523a2206206994597C13D831ec7".to_string()),
};

let request = UpdatePolicyRuleBody {
    policy_id: "insert-policy-id".to_string(),
    name: "Allow list USDT".to_string(),
    method: "eth_sendTransaction".to_string(),
    action: PolicyRuleAction::Allow,
    conditions: vec![usdt_condition],
};

let rule = client
    .policies()
    .update_rule("insert-rule-id", request, &authorization_context)
    .await?;

println!("Updated rule: {}", rule.id);

Parameters and Returns

See the Rust SDK documentation for detailed parameter and return types, including embedded examples:

PoliciesClient::update_rule

For REST API details, see the API reference.

To add a rule to a policy, make a PATCH request to:

https://api.privy.io/v1/policies/<policy_id>/rules/<rule_id>

Replacing <policy_id> with the ID of your desired policy.In the request body, include the following fields:

Hide body attributes

name

string

Name to assign to the rule.

method

RPC method to apply the conditions to. Must correspond to the chain_type of the parent policy.

conditions

Condition[]

A set of boolean conditions that define the action the rule allows or denies.

action

'ALLOW' | 'DENY'

Whether the rule should allow or deny a wallet request if it satisfies all of the rule’s conditions.

BodyHere is an example of a request body:

$ curl --request PATCH https://api.privy.io/v1/policies/fmfdj6yqly31huorjqzq38zc/rules/allow-list-usdt-18381838 \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
      "name": "Allowlist USDT",
      "method": "eth_sendTransaction",
      "conditions": [
          {
              "field_source": "ethereum_transaction",
              "field": "to",
              "operator": "eq",
              "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
          }
      ],
      "action": "ALLOW"
}'

ResponseIf the rule is added successfully, the response will include the full rule object, like below:

{
  "name": "Allowlist USDT",
  "method": "eth_sendTransaction",
  "conditions": [
    {
      "field_source": "ethereum_transaction",
      "field": "to",
      "operator": "eq",
      "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
    }
  ],
  "action": "ALLOW",
  "id": "allow-list-usdt-18381838"
}

Delete a rule from a policy

NodeJS
NodeJS (server-auth)
Rust
REST API

Use the PrivyClient’s deleteRule method in the policies() interface to delete a rule from a policy.

const rule = await client.policies().deleteRule('insert-rule-id', {
  policy_id: 'insert-policy-id'
});

The @privy-io/server-auth library is deprecated. We recommend integrating @privy-io/node for the latest features and support.

Use the PrivyClient’s deleteRuleFromPolicy method to delete a rule from a policy.

import {PrivyClient} from '@privy-io/server-auth';

const client = new PrivyClient('insert-app-id', 'insert-app-secret');

const rule = await client.walletApi.deleteRuleFromPolicy({
  policyId: 'fmfdj6yqly31huorjqzq38zc',
  ruleId: 'allow-list-usdt-18381838'
});

Use the PrivyClient’s delete_rule method in the policies() interface to delete a rule from a policy.

use privy_rs::PrivyClient;

let client = PrivyClient::new(app_id, app_secret)?;

let request = DeletePolicyRuleBody {
    policy_id: "insert-policy-id".to_string(),
};

let response = client
    .policies()
    .delete_rule("insert-rule-id", request, &authorization_context)
    .await?;

println!("Rule deleted successfully");

Parameters and Returns

See the Rust SDK documentation for detailed parameter and return types, including embedded examples:

PoliciesClient::delete_rule

For REST API details, see the API reference.

To delete a rule from a policy, make a DELETE request to:

https://api.privy.io/v1/policies/<policy_id>/rules/<rule_id>

Replacing <policy_id> with the ID of your desired policy and <rule_id> with the ID of the rule you want to delete.ResponseIf the rule is deleted successfully, the response will be

{success: true}

Update a whole policy

NodeJS
NodeJS (server-auth)
Java
Rust
REST API

Use the PrivyClient’s update method from the policies() interface to update an existing policy.

const policy = await client.policies().update('fmfdj6yqly31huorjqzq38zc', {
  name: 'Transactions must be <= 5ETH',
  rules: [
    {
      name: 'Transactions must be <= 5ETH',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          field_source: 'ethereum_transaction',
          field: 'value',
          operator: 'lte',
          value: '0x2386F26FC10000'
        }
      ]
    }
  ]
});

The @privy-io/server-auth library is deprecated. We recommend integrating @privy-io/node for the latest features and support.

Use the PrivyClient’s updatePolicy method to update an existing policy.

const policy = await client.walletApi.updatePolicy({
  id: 'fmfdj6yqly31huorjqzq38zc',
  name: 'Transactions must be <= 5ETH',
  rules: [
    {
      name: 'Transactions must be <= 5ETH',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'value',
          operator: 'lte',
          value: '0x2386F26FC10000'
        }
      ]
    }
  ]
});

You can update a policy using the Java SDK by using the policies().update() method.

If the policy has an owner, the owner’s signature is required to modify the policy. Use an authorization context to pass into the update() method and sign the request.

try {
    PolicyRule valueUnder5Eth = PolicyRule.builder()
        .name("Transactions must be <= 5ETH")
        .method(PolicyRuleMethod.ETH_SEND_TRANSACTION)
        .action(Action.ALLOW)
        .conditions(List.of(
            EthereumTransactionCondition.builder()
                .fieldSource(EthereumTransactionConditionFieldSource.ETHEREUM_TRANSACTION)
                .field(EthereumTransactionConditionField.VALUE)
                .operator(ConditionOperator.LTE)
                .value(ConditionValue.of("0x2386F26FC10000"))
                .build()
        ))
        .build();

    PolicyUpdateRequestBody updateRequest = PolicyUpdateRequestBody.builder()
      .name("Transactions must be <= 5ETH")
      .rules(List.of(valueUnder5Eth))
      .build();

    // Example: If wallet's owner is an authorization private key
    AuthorizationContext authorizationContext = AuthorizationContext.builder()
        .addAuthorizationPrivateKey("authorization-key")
        .build();

    PolicyUpdateResponse response = privyClient
        .policies()
        .update(
            "fmfdj6yqly31huorjqzq38zc",
            updateRequest,
            authorizationContext
        );

    if (response.policy().isPresent()) {
      Policy policy = response.policy().get();
      String policyId = policy.id();
    }
} catch (APIException e) {
    String errorBody = e.bodyAsString();
    System.err.println(errorBody);
} catch (Exception e) {
    System.err.println(e.getMessage());
}

Parameters

When updating a policy, you may specify the following values on the PolicyUpdateRequestBody builder:

name

String

Name to assign to policy.

chainType

PolicyChainType

Chain type for wallets that the policy will be applied to.

rules

List<PolicyRule>

A list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

owner

OwnerInput

The owner of the policy.

ownerId

String

The key quorum ID of the owner of the policy.

Returns

The PolicyUpdateResponse object contains an optional policy() field that contains the updated policy if the policy was updated successfully.

policy()

Optional<Policy>

The updated policy.

Show Policy

version

Version

Version of the policy.

name

String

Name of the policy.

chainType

PolicyChainType

Chain type of the wallets that the policy will be applied to.

String

Unique ID of the policy.

ownerId

String

The key quorum ID of the owner of the policy.

createdAt

Double

The Unix time of when the policy was created.

rules

List<PolicyRule>

A list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

Use the PrivyClient’s update method from the policies() interface to update an existing policy.

use privy_rs::{PrivyClient, generated::types::*};

let client = PrivyClient::new(app_id, app_secret)?;

let value_condition = PolicyRuleCondition {
    field_source: "ethereum_transaction".to_string(),
    field: "value".to_string(),
    operator: "lte".to_string(),
    value: serde_json::Value::String("0x2386F26FC10000".to_string()),
};

let value_rule = PolicyRule {
    name: "Transactions must be <= 5ETH".to_string(),
    method: "eth_sendTransaction".to_string(),
    action: PolicyRuleAction::Allow,
    conditions: vec![value_condition],
};

let request = UpdatePolicyBody {
    name: Some("Transactions must be <= 5ETH".to_string()),
    rules: Some(vec![value_rule]),
    owner_id: None,
    owner: None,
};

let policy = client
    .policies()
    .update("fmfdj6yqly31huorjqzq38zc", request, &authorization_context)
    .await?;

println!("Updated policy: {}", policy.name);

Parameters and Returns

See the Rust SDK documentation for detailed parameter and return types, including embedded examples:

PoliciesClient::update

For REST API details, see the API reference.

To update an existing policy, make a PATCH request to:

https://api.privy.io/v1/policies/<policy_id>

Replacing <policy_id> with the ID of your desired policy.

In the request headers, make sure to include Privy’s required authentication headers and headers that may be required for your app’s wallet API setup.

Body

In the request body, include the following fields:

name

string

(Optional) New name to assign to policy.

rules

Rule

(Optional) New list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

owner

{public_key: string} | null

The P-256 public key of the owner of the policy. If you provide this, do not specify an owner_id as it will be generated automatically.View this guide to learn more about owners.

owner_id

string | null

The key quorum ID of the owner of the policy. If you provide this, do not specify an owner.View this guide to learn more about owners.

Any fields not included in the PATCH request body will remain unchanged from the original policy.

Response

If the policy is updated successfully, the response will include the full updated policy object.

string

Unique ID for the policy.

version

'1.0'

Version of the policy. Currently, 1.0 is the only version.

name

string

Updated name of the policy.

chain_type

'ethereum'

Chain type for wallets that the policy will be applied to.

rules

Rule

Updated list of Rule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. Learn more about Rules.

owner_id

string | null

The key quorum ID of the owner of the policy, whose signature is required to modify the policy.

Example

As an example, a sample request to update the rules of a policy with ID fmfdj6yqly31huorjqzq38zc might look like the following:

$ curl --request PATCH https://api.privy.io/v1/policies/fmfdj6yqly31huorjqzq38zc \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
    "rules": [{
      "name": "Allowlist USDT",
      "method": "eth_sendTransaction",
      "conditions": [
          {
              "field_source": "ethereum_transaction",
              "field": "to",
              "operator": "eq",
              "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
          }
      ],
      "action": "ALLOW"
    }]
}'

A successful response will look like the following:

{
  "id": "fmfdj6yqly31huorjqzq38zc",
  "name": "Allowlist certain smart contracts",
  "version": "1.0",
  "chain_type": "ethereum",
  "rules": [
    {
      "name": "Allowlist USDT",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
        }
      ],
      "action": "ALLOW",
      "id": "allow-list-usdt-18381838"
    }
  ],
  "owner_id": "fmfdj6yqly31huorjqzq38zc"
}

Owners & signers

Configuring your wallets

Creating owners & signers

Using owners & signers

Key quorums

Policies

Dashboard controls

Updating policy rules individually

Add a rule to a policy

Parameters and Returns

Edit a rule in a policy

Parameters and Returns

Delete a rule from a policy

Parameters and Returns

Update a whole policy

Parameters

Returns

Parameters and Returns

Body

Response

Example

Owners & signers

Configuring your wallets

Creating owners & signers

Using owners & signers

Key quorums

Policies

Dashboard controls

​Updating policy rules individually

​Add a rule to a policy

​Parameters and Returns

​Edit a rule in a policy

​Parameters and Returns

​Delete a rule from a policy

​Parameters and Returns

​Update a whole policy

​Parameters

​Returns

​Parameters and Returns

​Body

​Response

​Example

Updating policy rules individually

Add a rule to a policy

Parameters and Returns

Edit a rule in a policy

Parameters and Returns

Delete a rule from a policy

Parameters and Returns

Update a whole policy

Parameters

Returns

Parameters and Returns

Body

Response

Example