Configuring permissions

Configure permissions to control what kinds of actions your app can take with delegated actions.

Prior to taking delegated actions, your app can request consent from users to take certain action on their behalf. You can configure the requested permissions in the Privy Dashboard.

Available permissions

INFO

Please reach out to [email protected] to request certain controls if you don't see them below.

Your app may request wallet delegation with the following optional permissions from users:

Allowlists

• allowed_transfer_recipients: List of string addresses that are allowed as transfer destination recipients. If empty, all destinations are allowed.
• allowed_contracts: List of string addresses for contracts or programs that may be interacted with. If empty, all contracts or programs are allowed.

Denylists

• denied_transfer_recipients: List of string addresses that are denied as transfer destination recipients. If empty, all destinations are allowed.
• denied_contracts: List of string addresses for contracts or programs that may not be interacted with. If empty, all contracts or programs are allowed.

Expiration

• expiration_period_seconds: Number of seconds that delegation is valid for. By default, delegation does not expire unless the user revokes their wallet. You can customize delegation to expire after a window of expiration_period_seconds, up to a maximum of 2592000 seconds (30 days).

Maximum transaction value

• maximum_transaction_value_sol: Maximum value in SOL that any individual transaction may transfer. Valid values are (0, 100]. If empty, no limit is set.

Maximum transaction total

• maximum_transaction_total_sol: Maximum value in SOL that all transactions may transfer in total. Valid values are (0, 100]. If empty, no limit is set.

Changing permissions

INFO

If your app changes permissions after users have already granted consent, your users will have to reconsent to the updated permissions.

You can update permissions that your app requires in the Privy Dashboard. If you make changes to the requested permissions, previous permissions will be revoked. This means existing users will have to reconsent to delegate wallets under the new permissions set. The invariant is that all your users grant your app the same set of permissions.

Granting consent

After permissions are configured, your app can prompt users to grant consent to take actions on their behalf.

Taking permissioned action

If your app requests specific permissions, you must use the signTransaction interface to take wallet actions. The signMessage interface is disabled when granular permissions are enforced.

Requests to take action on a delegated wallet must comply with the permissions that are granted. If your app makes a request that is disallowed by the user's permissions, you will receive a 401 error response with the error code delegated_wallet_permission_denied.