> ## Documentation Index
> Fetch the complete documentation index at: https://docs.privy.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Treasury wallets setup

Privy enables developers to set up wallet infrastructure with flexible approval flows — from fully automated server-side execution to human-in-the-loop approvals requiring multiple parties.

This recipe walks through setting up a complete wallet infrastructure with:

* **Key quorums** to require multiple authorizations for sensitive actions
* **Policies** to restrict what transactions a wallet can execute automatically
* **Wallets** configured with both human-approved and server-approved transaction paths
* **Transaction execution** across both approval flows

<Info>
  For a simpler setup without dual approval paths, see the [business wallets
  recipe](/recipes/wallets/business-wallets). For execution-focused setups with EIP-7702, see the
  [execution wallets recipe](/recipes/wallets/execution-wallets).
</Info>

### Prerequisites

Before starting, ensure your Privy app is configured with at least one [Dashboard admin](/basics/get-started/dashboard/overview) and that you are familiar with [authorization keys](/controls/authorization-keys/keys/create/key) and [key quorums](/controls/key-quorum/create).

<Info>
  Manual approvals is an Enterprise feature. Reach out to [sales@privy.io](mailto:sales@privy.io) to
  request access for your app.
</Info>

## How it works

A wallet in Privy can support multiple approval flows simultaneously:

* The **owner** (typically an admin, or a quorum of admins) can execute transactions subject to a set of policies. Since the owner is a human quorum, these transactions require human-in-the-loop approvals.
* **Additional signers** (server held authorization key) can also execute transactions subject to their own set of policies. Since the additional signer is a server-controlled key, these transactions can be executed programmatically without human approvals.

This dual-path setup means most transactions can be automated via your server, while sensitive operations still require manual approval from your team.

## Setup

<Steps>
  <Step title="Create an admin key quorum">
    Key quorums require multiple authorization signatures before taking critical actions — such as updating wallet configurations, changing policies, or executing high-value transactions.

    For each approver group in your organization:

    1. Create a key quorum using Dashboard admin users of all members.
    2. Set the `authorization_threshold` to the number of signatures required (e.g., 2-of-3).

    The key quorum will serve as the **owner** of your wallets and policies, ensuring that updates and sensitive transactions require human approval.

    <CardGroup cols={2}>
      <Card title="Key quorums quickstart" href="/controls/key-quorum/create">
        Create a key quorum in the Privy Dashboard.
      </Card>

      <Card title="Manual approvals" href="/controls/dashboard/overview">
        Learn how to manually approve transactions.
      </Card>
    </CardGroup>
  </Step>

  <Step title="Create authorization keys">
    Authorization keys allow your server to sign requests to Privy's API automatically for permissioned actions. Create an [authorization key](/controls/authorization-keys/keys/create/key) in the Privy Dashboard and securely store the corresponding private key.

    <CardGroup cols={1}>
      <Card title="Create authorization keys" href="/controls/authorization-keys/keys/create/key">
        Generate authorization keys in the Privy Dashboard.
      </Card>
    </CardGroup>
  </Step>

  <Step title="Create policies">
    Policies restrict what actions a signer can take. Create separate policies for your human-approved and server-approved transaction paths.

    For each policy:

    1. Set the `owner_id` to the admin key quorum that should be able to update the policy.
    2. Define the `rules` for the policy (e.g., transfer limits, allowlists, calldata restrictions).
    3. Set a human-readable `name` to identify the policy.

    <Tip>A typical policy configuration applies stricter limits to server-approved transactions (for example, capping transfers at 1,000 USDC). Any transaction above that threshold instead requires human approval through the admin flow.</Tip>

    <CardGroup cols={2}>
      <Card title="Policies overview" href="/controls/policies/overview">
        Learn how to construct policies with Privy's policy language.
      </Card>

      <Card title="Policies quickstart" href="/controls/policies/create-a-policy">
        Create a policy.
      </Card>
    </CardGroup>
  </Step>

  <Step title="Create wallets">
    Create wallets with the following configuration to support both human and server approval flows:

    * Set `owner_id` to the key quorum that should control the wallet. The owner can update the wallet's configuration, execute transactions (subject to the key quorum threshold).
    * Set `policy_ids` to the policies that apply when the **owner** executes transactions. These are the human-approval policies.
    * In the `additional_signers` array, add an entry with:
      * `signer` set to the authorization key your server uses for automated transactions.
      * `override_policy_ids` set to the policies that apply for **server-approved** transactions.

    <CardGroup cols={1}>
      <Card title="Wallets quickstart" href="/wallets/wallets/create/create-a-wallet">
        Create a wallet.
      </Card>
    </CardGroup>

    <Info>
      The `policy_ids` on the wallet restrict what the owner can do. The `override_policy_ids` on an additional signer restrict what that specific signer can do. This allows the same wallet to have different constraints depending on who authorizes the transaction.
    </Info>
  </Step>

  <Step title="Execute transactions">
    Your wallet now supports two transaction flows:

    **Server-approved transactions** (automated, no human approval required):

    Sign the request with your authorization key and include the signature in the `privy-authorization-signature` header. Privy verifies the signature, evaluates the additional signer's override policies, and executes the transaction.

    **Human-approved transactions** (requires key quorum approval):

    Propose an intent to execute a transaction and Privy queues the approval for the Dashboard admin key quorum corresponding to the wallet's owner. Once a sufficient number of approvals are collected, Privy executes the transaction and emits a webhook with the result.

    <Tip>Privy strongly recommends using Privy's [server-side SDKs](/controls/authorization-keys/using-owners/sign/signing-on-the-server) to generate and include authorization signatures in your requests automatically.</Tip>

    <Info>
      For human-approved transactions, Privy emits webhooks when intents are created, authorized, executed, or failed. Use [intent webhooks](/controls/dashboard/intent-webhooks) to track approval progress and retrieve transaction results asynchronously.
    </Info>

    <CardGroup cols={3}>
      <Card title="Send an EVM transaction" href="/wallets/using-wallets/ethereum/send-a-transaction">
        Learn how to send an EVM transaction.
      </Card>

      <Card title="Send a Solana transaction" href="/wallets/using-wallets/solana/send-a-transaction">
        Learn how to send a Solana transaction.
      </Card>

      <Card title="Authorization signatures" href="/controls/authorization-keys/using-owners/sign/overview">
        Sign requests to the Privy API.
      </Card>
    </CardGroup>
  </Step>
</Steps>
