Authorization keys
- Overview
- Creating authorization keys
- User authorization keys
Quorum approvals
Example policies
Check out some example policies below.
Allow list a specific smart contract or program interaction
{
version: '1.0',
name: 'Allowlisted contracts',
chain_type: 'ethereum',
rules: [
{
name: 'Allow list the USDC address',
method: 'eth_sendTransaction',
action: 'ALLOW'
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
]
},
{
name: 'Allow list for Base specifically',
method: 'eth_signTypedData_v4',
action: 'ALLOW'
conditions: [
{
field_source: 'ethereum_typed_data_domain',
field: 'chainId',
operator: 'eq',
value: '8453'
}
]
}
],
}
{
version: '1.0',
name: 'Allowlisted contracts',
chain_type: 'ethereum',
rules: [
{
name: 'Allow list the USDC address',
method: 'eth_sendTransaction',
action: 'ALLOW'
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
]
},
{
name: 'Allow list for Base specifically',
method: 'eth_signTypedData_v4',
action: 'ALLOW'
conditions: [
{
field_source: 'ethereum_typed_data_domain',
field: 'chainId',
operator: 'eq',
value: '8453'
}
]
}
],
}
{
version: '1.0',
name: 'Allowlisted programs'
chain_type: 'solana',
rules: [{
name: 'Allow list the SPL token program ID',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'solana_instruction',
field: 'program_id',
operator: 'eq',
value: 'TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA'
}
],
action: 'ALLOW'
}]
}
Configure a max transfer value of the native token (ETH, SOL)
{
version: '1.0',
name: 'Native token transfer maximums',
chain_type: 'ethereum',
rules: [{
name: 'Restrict ETH transfers to a maximum value',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'value',
operator: 'lte',
value: '0x2386F26FC10000',
},
],
action: 'ALLOW'
}]
}
{
version: '1.0',
name: 'Native token transfer maximums',
chain_type: 'ethereum',
rules: [{
name: 'Restrict ETH transfers to a maximum value',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'value',
operator: 'lte',
value: '0x2386F26FC10000',
},
],
action: 'ALLOW'
}]
}
{
version: '1.0',
name: 'Native token transfer maximums'
chain_type: 'solana',
rules: [{
name: 'Restrict SOL transfers to a maximum value',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'interpreted_transaction',
field: 'sol_transfer_value',
operator: 'lte',
value: '5'
},
],
action: 'ALLOW'
}]
}
Configure a max transfer value of an ERC20 or SPL token
{
version: '1.0',
name: 'ERC20 maximums'
chain_type: 'ethereum',
rules: [
{
name: 'Restrict USDC transfers on Base to be less than or equal to some value',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
{
field_source: 'ethereum_calldata',
// 'transfer' must match the function name, 'amount' must match an input name.
field: 'transfer.amount',
abi: [{
"inputs": [
{
"internalType": "address",
"name": "recipient",
"type": "address"
},
{
"internalType": "uint256",
"name": "amount",
"type": "uint256"
}
],
"name": "transfer",
"outputs": [
{
"internalType": "bool",
"name": "",
"type": "bool"
}
],
"stateMutability": "nonpayable",
"type": "function"
}],
operator: 'lte',
value: '0x2386F26FC10000',
}
],
action: 'ALLOW'
},
{
name: 'Specify chain',
method: 'eth_signTypedData_v4',
conditions: [{
field_source: 'ethereum_typed_data_domain',
field: 'chainId',
operator: 'eq',
value: '8453'
}],
}
]
}
{
version: '1.0',
name: 'ERC20 maximums'
chain_type: 'ethereum',
rules: [
{
name: 'Restrict USDC transfers on Base to be less than or equal to some value',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
{
field_source: 'ethereum_calldata',
// 'transfer' must match the function name, 'amount' must match an input name.
field: 'transfer.amount',
abi: [{
"inputs": [
{
"internalType": "address",
"name": "recipient",
"type": "address"
},
{
"internalType": "uint256",
"name": "amount",
"type": "uint256"
}
],
"name": "transfer",
"outputs": [
{
"internalType": "bool",
"name": "",
"type": "bool"
}
],
"stateMutability": "nonpayable",
"type": "function"
}],
operator: 'lte',
value: '0x2386F26FC10000',
}
],
action: 'ALLOW'
},
{
name: 'Specify chain',
method: 'eth_signTypedData_v4',
conditions: [{
field_source: 'ethereum_typed_data_domain',
field: 'chainId',
operator: 'eq',
value: '8453'
}],
}
]
}
{
version: '1.0',
name: 'SPL maximums',
chain_type: 'solana',
rules: [{
name: 'Restrict USDC transfers to be less than or equal to some value',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'interpreted_transaction',
field: 'spl_mint_address',
operator: 'eq',
value: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v'
},
{
field_source: 'interpreted_transaction',
field: 'spl_transfer_value',
operator: 'lte',
value: '500'
},
],
action: 'ALLOW'
}]
}
Denylist recipients of a transaction
{
version: '1.0',
name: 'Deny listed addresses',
chain_type: 'ethereum',
rules: [{
name: 'Deny interactions with the USDC contract',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
],
action: 'DENY'
}]
}
{
version: '1.0',
name: 'Deny listed addresses',
chain_type: 'ethereum',
rules: [{
name: 'Deny interactions with the USDC contract',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
],
action: 'DENY'
}]
}
{
version: '1.0',
name: 'Deny listed addresses',
chain_type: 'solana',
rules: [{
name: 'Deny SOL transfers to an address',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'interpreted_transaction',
field: 'sol_transfer_recipient',
operator: 'eq',
value: '4tFqt2qzaNsnZqcpjPiyqYw9LdRzxaZdX2ewPncYEWLA'
},
],
action: 'DENY'
}]
}
Enforce policies across multiple RPC methods
{
version: '1.0',
name: 'Example policy with multiple RPC methods',
chain_type: 'ethereum',
rules: [{
name: 'Deny interactions with the USDC contract',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
],
action: 'DENY'
}, {
name: 'Only allow certain messages to be signed',
method: 'personal_sign',
conditions: [
{
field_source: 'ethereum_message',
field: 'value',
operator: 'eq',
value: 'Hello world'
},
],
action: 'ALLOW'
}]
}
{
version: '1.0',
name: 'Example policy with multiple RPC methods',
chain_type: 'ethereum',
rules: [{
name: 'Deny interactions with the USDC contract',
method: 'eth_sendTransaction',
conditions: [
{
field_source: 'ethereum_transaction',
field: 'to',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
},
],
action: 'DENY'
}, {
name: 'Only allow certain messages to be signed',
method: 'personal_sign',
conditions: [
{
field_source: 'ethereum_message',
field: 'value',
operator: 'eq',
value: 'Hello world'
},
],
action: 'ALLOW'
}]
}
{
version: '1.0',
name: 'Deny listed addresses',
chain_type: 'solana',
rules: [
{
name: 'Deny SOL transfers to an address',
method: 'signAndSendTransaction',
conditions: [
{
field_source: 'interpreted_transaction',
field: 'sol_transfer_recipient',
operator: 'eq',
value: '4tFqt2qzaNsnZqcpjPiyqYw9LdRzxaZdX2ewPncYEWLA'
}
],
action: 'DENY'
},
{
name: 'Only allow certain messages to be signed',
method: 'signMessage',
conditions: [
{
field_source: 'solana_message',
field: 'value',
operator: 'eq',
value: 'Hello world'
},
],
action: 'DENY'
},
{
name: 'Default Action',
method: '*'
conditions: [],
action: 'ALLOW'
}
]
}
Allow all requests for a given RPC method
{
version: '1.0',
name: 'Example policy to allow all personal_sign requests',
chain_type: 'ethereum',
rules: [{
name: 'Allow all EIP191 messages to be signed',
method: 'ethereum_message',
conditions: [{
field_source: 'ethereum_message',
field: 'value',
operator: 'eq',
value: '*' // Allow all
}],
action: 'ALLOW'
}]
}
{
version: '1.0',
name: 'Example policy to allow all personal_sign requests',
chain_type: 'ethereum',
rules: [{
name: 'Allow all EIP191 messages to be signed',
method: 'ethereum_message',
conditions: [{
field_source: 'ethereum_message',
field: 'value',
operator: 'eq',
value: '*' // Allow all
}],
action: 'ALLOW'
}]
}
{
version: '1.0',
name: 'Example policy to allow all signMessage requests',
chain_type: 'solana',
rules: [{
name: 'Allow all messages to be signed',
method: 'signMessage',
conditions: [
{
field_source: 'solana_message',
field: 'value',
operator: 'eq',
value: '*' // Allow all
},
],
action: 'ALLOW'
}]
}
Restrict typed data domains to a specific chain ID and verifying contract
{
version: '1.0',
name: 'Example policy to allow a specific signing domain',
chain_type: 'ethereum',
method_rules: [{
method: 'eth_signTypedData_v4',
rules: [{
name: 'Allow specific domain to sign messages',
conditions: [
{
field_source: 'ethereum_typed_data_domain',
field: 'chainId',
operator: 'eq',
value: '8453'
},
{
field_source: 'ethereum_typed_data_domain',
field: 'verifyingContract',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
}
],
action: 'ALLOW'
}],
}],
}
{
version: '1.0',
name: 'Example policy to allow a specific signing domain',
chain_type: 'ethereum',
method_rules: [{
method: 'eth_signTypedData_v4',
rules: [{
name: 'Allow specific domain to sign messages',
conditions: [
{
field_source: 'ethereum_typed_data_domain',
field: 'chainId',
operator: 'eq',
value: '8453'
},
{
field_source: 'ethereum_typed_data_domain',
field: 'verifyingContract',
operator: 'eq',
value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
}
],
action: 'ALLOW'
}],
}],
}
Restrict parameters of a typed data message
{
version: '1.0',
name: 'Allow ERC20 Permits for known owners, max value',
chain_type: 'ethereum',
rules: [{
name: 'Allow specific owner addresses and a max value',
method: 'eth_signTypedData_v4',
conditions: [
{
field_source: 'ethereum_typed_data_message',
typed_data: {
types: {
Person: [
{name: 'name', type: 'string'},
{name: 'wallet', type: 'address'},
],
Permit: [
{name: 'owner', type: 'Person'},
{name: 'spender', type: 'Person'},
{name: 'value', type: 'uint256'},
{name: 'deadline', type: 'uint256'},
{name: 'v', type: 'uint8'},
{name: 'r', type: 'bytes32'},
{name: 's', type: 'bytes32'},
],
},
primary_type: 'Permit',
},
field: 'owner.wallet', // dot-separated path to primitive 'address' type that 'value' will be compared against.
operator: 'in',
value: ['0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', '0x123589fCD6eDb6E08f4c7C32D4f71b54bdA02911'],
},
{
field_source: 'ethereum_typed_data_message',
typed_data: {
types: {
Person: [
{name: 'name', type: 'string'},
{name: 'wallet', type: 'address'},
],
Permit: [
{name: 'owner', type: 'Person'},
{name: 'spender', type: 'Person'},
{name: 'value', type: 'uint256'},
{name: 'deadline', type: 'uint256'},
{name: 'v', type: 'uint8'},
{name: 'r', type: 'bytes32'},
{name: 's', type: 'bytes32'},
],
},
primary_type: 'Permit',
},
field: 'value',
operator: 'lte',
value: '0x2386F26FC10000',
},
],
action: 'ALLOW'
}],
}
{
version: '1.0',
name: 'Allow ERC20 Permits for known owners, max value',
chain_type: 'ethereum',
rules: [{
name: 'Allow specific owner addresses and a max value',
method: 'eth_signTypedData_v4',
conditions: [
{
field_source: 'ethereum_typed_data_message',
typed_data: {
types: {
Person: [
{name: 'name', type: 'string'},
{name: 'wallet', type: 'address'},
],
Permit: [
{name: 'owner', type: 'Person'},
{name: 'spender', type: 'Person'},
{name: 'value', type: 'uint256'},
{name: 'deadline', type: 'uint256'},
{name: 'v', type: 'uint8'},
{name: 'r', type: 'bytes32'},
{name: 's', type: 'bytes32'},
],
},
primary_type: 'Permit',
},
field: 'owner.wallet', // dot-separated path to primitive 'address' type that 'value' will be compared against.
operator: 'in',
value: ['0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', '0x123589fCD6eDb6E08f4c7C32D4f71b54bdA02911'],
},
{
field_source: 'ethereum_typed_data_message',
typed_data: {
types: {
Person: [
{name: 'name', type: 'string'},
{name: 'wallet', type: 'address'},
],
Permit: [
{name: 'owner', type: 'Person'},
{name: 'spender', type: 'Person'},
{name: 'value', type: 'uint256'},
{name: 'deadline', type: 'uint256'},
{name: 'v', type: 'uint8'},
{name: 'r', type: 'bytes32'},
{name: 's', type: 'bytes32'},
],
},
primary_type: 'Permit',
},
field: 'value',
operator: 'lte',
value: '0x2386F26FC10000',
},
],
action: 'ALLOW'
}],
}
Prevent private key exports while allowing other actions
{
version: '1.0',
name: 'Prevent private key exports',
chain_type: 'ethereum',
rules: [
{
name: 'Block private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'DENY'
},
{
name: 'Allow all other actions',
method: '*',
conditions: [],
action: 'ALLOW'
}
]
}
{
version: '1.0',
name: 'Prevent private key exports',
chain_type: 'ethereum',
rules: [
{
name: 'Block private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'DENY'
},
{
name: 'Allow all other actions',
method: '*',
conditions: [],
action: 'ALLOW'
}
]
}
{
version: '1.0',
name: 'Prevent private key exports',
chain_type: 'solana',
rules: [
{
name: 'Block private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'DENY'
},
{
name: 'Allow all other actions',
method: '*',
conditions: [],
action: 'ALLOW'
}
]
}
Only permit private key exports
{
version: '1.0',
name: 'Only allow private key exports',
chain_type: 'ethereum',
rules: [
{
name: 'Allow private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'ALLOW'
},
{
name: 'Block all other actions',
method: '*',
conditions: [],
action: 'DENY'
}
]
}
{
version: '1.0',
name: 'Only allow private key exports',
chain_type: 'ethereum',
rules: [
{
name: 'Allow private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'ALLOW'
},
{
name: 'Block all other actions',
method: '*',
conditions: [],
action: 'DENY'
}
]
}
{
version: '1.0',
name: 'Only allow private key exports',
chain_type: 'solana',
rules: [
{
name: 'Allow private key exports',
method: 'exportPrivateKey',
conditions: [],
action: 'ALLOW'
},
{
name: 'Block all other actions',
method: '*',
conditions: [],
action: 'DENY'
}
]
}
On this page
- Allow list a specific smart contract or program interaction
- Configure a max transfer value of the native token (ETH, SOL)
- Configure a max transfer value of an ERC20 or SPL token
- Denylist recipients of a transaction
- Enforce policies across multiple RPC methods
- Allow all requests for a given RPC method
- Restrict typed data domains to a specific chain ID and verifying contract
- Restrict parameters of a typed data message
- Prevent private key exports while allowing other actions
- Only permit private key exports