Using key quorums

You can specify the key quorum ID as the owner_id when creating a wallet or policy, which will require the quorum to sign for updates to the resource.

​

Taking actions with wallets

Signatures from the wallet’s owner are also required to take actions on a wallet. You can grant permissions to additional keys or quorums by specifying them as additional_signers on the wallet.

​

Collecting required signatures

To make requests with a wallet with quorum approvals, you’ll need to:

1. Generate the authorization signature payload for the request
2. Obtain signatures from the required number of authorization keys
3. Combine the signatures for submission

See generating signatures for examples.

​

Submitting multi-signature requests

Once you’ve collected the required signatures, combine them in a comma-separated list and include them in the privy-authorization-signature header:

curl --request POST https://api.privy.io/v1/wallets/y5ofctvacjiv53u4hmnqi0e5/rpc \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <sig1>,<sig2>" \
-H 'Content-Type: application/json' \
-d '{
  "caip2": "eip155:1",
  "method": "eth_sendTransaction",
  "params": {
    "transaction": {
      "to": "0xE3070d3e4309afA3bC9a6b057685743CF42da77C",
      "value": "0x2386f26fc10000",
      "data": "0x"
    }
  }
}'

Privy validates that:

1. The required number of signatures are provided
2. All signatures are valid for the request payload
3. All signatures come from authorization keys for the wallet

If any validation fails, the request is rejected.

​

Securing your authorization flow

For production systems using quorum approvals, consider these best practices:

1. Store authorization keys in secure environments
2. Maintain comprehensive logs of authorization requests and signatures
3. For wallets with quorum approvals, always make sure authorization keys are managed by different entities