Appearance
Configuring server delegated actions
At a high-level, setting up server delegated actions for your app involves three steps:
- Enable server delegated actions: Within the Privy Dashboard, enable server delegated actions to allow your app to request permission from users to transact on their behalf.
- Generate an authorization key: (Optional, but strongly recommended) Within the Privy Dashboard, when enabling server delegated actions, generate an authorization keypair to ensure that actions with user's wallets are only taken with requests signed by your app's servers.
- Prompt users to grant consent: Within your client (web or native mobile app), prompt the user to delegate certain permissions over their wallet to your app.
Enable server delegated actions
To enable server delegated actions for your app, visit the Privy Dashboard and navigate to the Embedded wallets page for your app.
Select the Advanced tab and toggle the Delegated actions setting to enable server delegated actions for your app.
Generate an authorization key
Once you've enabled delegated actions, you can further secure your integration by generating an authorization key that is required to sign requests.
To generate an authorization key, under the toggle to enable delegated actions, enable the Require signed requests setting. A modal will appear with a Signing key to copy. Copy this value and save it securely in a secrets manager or similar.
With this setting enabled, all requests to take delegated actions with user's wallet must be signed with your Signing key. This ensures that Privy only ever executes requests sent by your server.
Privy never sees this private key and cannot help you recover it.
INFO
The authorization key is the private key of a P-256 keypair. Privy never sees the private key, and verifies signatures on your requests against the corresponding public key to ensure your server authorizes the action to take with a user's delegated wallet.
Delegating wallets
To use server delegated actions, your user must first grant consent for your app to take certain actions on their behalf. To have users grant consent, follow the guides below depending on the client-side SDK(s) you integrate.