Quorum approvals

Privy enables your app to require quorum approvals on wallet actions, so that signatures from m-of-n approver keys are required in order to take action using the wallet.

At a high-level, using quorum approvals involves three steps:

1. Create a wallet with your desired quorum approval configuration
2. When making a request to the wallet, sign the request with the required number of authorization keys based on the wallet's quorum approval configuration.
3. Send the request to Privy's API, including the necessary authorization signatures in the 'privy-authorization-signature' header.

1. Create a wallet with a quorum approval configured

To create a wallet that requires quorum approvals, your request to create the wallet must specify two values:

• Authorization key IDs: a list of authorization key IDs that can sign & approve RPC requests
• Authorization threshold: the number of authorization keys that are required to sign RPC requests. If no threshold is explicitly specified, all of the authorization keys for the wallet must sign RPC requests.

As an example, you might create a wallet with a 2-of-3 quorum approval schema like below:

curl --request POST https://api.privy.io/v1/wallets \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
  "chain_type": "ethereum",
  "authorization_key_ids": [
    "onz3itqhcx667gz3lyxjofui",
    "j0uov7pqoy7bnqrt7612prr0",
    "eexjdc5g72vfzzqdl7sb1vbj",
  ],
  "authorization_threshold": 2,
}'

2. Sign wallet request with the required number of authorization key

To execute requests with a quorum wallet, sign the RPC request with the required number of authorization keys that are associated with the wallet.

TIP

Refer to the authorization signatures guide to produce signatures of the appropriate format.

If your authorization keys are controlled by multiple separate parties or services, we recommend setting up a central server that requests a signature from each party over an RPC request before sending the RPC request to Privy.

You must sign the RPC request with the required authorization keys before making a request to Privy's REST API.

3. Include the authorization signatures as a request header

Lastly, once you have collected the required number of authorization signatures over your RPC request, include the signatures as a comma-delimited list in the 'privy-authorization-signature' header for your request.

If the required number of signatures is not included in this header, or the signatures are invalid for the request, Privy's API will reject the request.