Skip to content

Configuring permissions

INFO

Granular permissions for delegated actions are coming soon. Please reach out to [email protected] for more information or to request certain controls.

Configure permissions to control what kinds of actions are available to your app once users grant consent.

Prior to taking delegated actions, your app must receive consent from users to take certain action on their behalf. You can configure the requested permissions in the Privy Dashboard.

Available permissions

Your app may request wallet delegation with the following optional permissions from users:

Allowlists

  • allowed_transfer_recipients: List of string addresses that are allowed as transfer destination recipients. If empty, all destinations are allowed.
  • allowed_contracts: List of string addresses for contracts or programs that may be interacted with. If empty, all contracts or programs are allowed.

Denylists

  • denied_transfer_recipients: List of string addresses that are denied as transfer destination recipients. If empty, all destinations are allowed.
  • denied_contracts: List of string addresses for contracts or programs that may not be interacted with. If empty, all contracts or programs are allowed.

Expiration

  • expiration_period_seconds: Number of seconds that delegation is valid for. Maximum is 2592000 seconds (30 days). After this period, your user must reconsent to wallet delegation for continued access. If empty, delegation does not expire unless revoked.

Maximum transaction value

  • maximum_transaction_value_sol: Maximum value in SOL that any individual transaction may transfer. Valid values are (0, 100]. If empty, no limit is set.

Maximum transaction total

  • maximum_transaction_total_sol: Maximum value in SOL that all transactions may transfer in total. Valid values are (0, 100]. If empty, no limit is set.

Changing permissions

INFO

If your app changes permissions after users have already granted consent, your users will have to reconsent to the updated permissions.

You can update permissions that your app requires in the Privy Dashboard. If you make changes to the requested permissions, previous permissions will be revoked. This means existing users must reconsent to delegate wallets under the new permissions set. The invariant is that all your users grant your app the same set of permissions.

After permissions are configured, your app can prompt users to grant consent to take actions on their behalf.

Taking permissioned action

If your app requests specific permissions, you must use the signTransaction interface to take wallet actions. The signMessage interface is disabled when granular permissions are enforced.

Requests to take action on a delegated wallet must comply with the permissions that are granted. If your app makes a request that is disallowed by the user's permissions, you will receive a 401 error response with the error code delegated_wallet_permission_denied.