Delegated actions

With Privy, your app can prompt users for permission to take certain actions on their behalf. In this setup, your users can delegate permissions for your app to take allowlisted actions on their behalf, such as signing certain messages or sending certain transactions. These are delegated actions.

When delegating these permissions to your app, the user provisions a secure enclave with a key share for their embedded wallet. This enables you to trigger delegated actions by making a server call to produce a signature within the enclave. The key material used to produce this signature is secured using Shamir's secret sharing (SSS) cryptography within trusted execution environments (TEEs) to ensure that both:

• private keys are only ever reconstituted within a secure, isolated enclave as needed to generate the signature,
• permissioned actions can only take place with the user's consent.

Users must always consent to delegated actions to enable apps to take any onchain actions on their behalf. Likewise, users always have the option to revoke delegated actions. You can read more about the system here.

Get started with delegated actions with the guides below:

Setup

Enable delegated actions and create an authorization keypair

Prompting consent

Prompt users to consent to delegated actions from their device

Configuring permissions

Configure permissions that users can grant your app

Using delegated actions

Take actions with delegated wallets like signatures, transactions, and more

Revoke delegated actions

Allow users to revoke delegated actions

Architecture

Read more about the architecture and security behind delegated actions