Skip to main content
Custodial wallets support authorization controls in the same way as non-custodial wallets. You can add owners, signers, and policies to existing or new custodial wallets to control who can initiate transactions and modify wallet configuration.

Meaning of owner for custodial wallets

For custodial wallets, the owner field has a different meaning than for non-custodial wallets. Unlike non-custodial wallets, the owner for custodial wallets cannot export the wallet’s private key or unilaterally execute transactions without the custodian’s approval. The owner field represents the authorized controller who can configure wallet policies and additional signers, as well as initiate wallet operations. The owner does not have the ability to export the wallet’s private key. All transactions are still mediated through the custody provider’s infrastructure.

Configuration guidance

You may require an additional authorization key to sign over each transaction request by adding an owner and/or signer to the custodial wallet. This ensures integrity of the transaction request and adds an additional layer of security beyond API key authentication.
You can configure just an owner, or an owner with additional signers. We recommend the latter if you plan to rotate keys in the future. Additional signers can also be added after the wallet is created.For detailed information on using public keys as authorization keys, see the authorization keys documentation.

Setting authorization controls on a custodial wallet

To create a custodial wallet with an owner, provide the owner argument with a public key as part of wallet creation. You can update an existing custodial wallet’s owner, signers, or policies using the PATCH /wallets/{id} endpoint. See the wallets API reference for details.
When providing the public_key input, make sure to include \n to indicate newlines in the public key string.

Additional signers

You may also set additional signers on a custodial wallet, which are authorized keys that can initiate transaction requests for the wallet according to set signer-specific policies.

Signing transaction requests

Once a custodial wallet has an owner or signer, all requests to Privy’s /wallets/{id}/rpc endpoint require an authorization signature in the privy-authorization-signature header.

Policy enforcement

Custodial wallets support the same robust policy engine available for all Privy wallets.
View the complete Policies documentation to learn about all available policy options and configuration.

Next steps

Webhooks

Monitor wallet events and transaction status

Send funds

Execute transactions from custodial wallets