Appearance
Creating a policy
To create a new policy, make a POST request to:
sh
https://api.privy.io/v1/policiesTIP
In the request headers, make sure to include Privy's required authentication headers and headers that may be required for your app's wallet API setup.
Body
In the request body, include the following:
| Field | Type | Description |
|---|---|---|
version | '1.0' | Version of the policy. Currently, 1.0 is the only version. |
name | string | Name to assign to policy. |
chain_type | 'ethereum' | Chain type for wallets that the policy will be applied to. |
method_rules | MethodRule | A list of MethodRule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. This list may contain at most one MethodRule entry for each RPC method. Learn more about MethodRules. |
default_action | 'ALLOW' | 'DENY' | The default action to take if a wallet request does not satisfy any of the method_rules for the policy. |
Once you have successfully created a policy, you can assign that policy to server wallets at creation.
INFO
Currently, the policy engine supports the eth_signTransaction and eth_sendTransaction RPC methods and the ethereum_transaction field source. We are actively expanding support here.
Response
If the policy is created successfully, the response will include the request body as well as an additional unique id field for the policy.
| Field | Type | Description |
|---|---|---|
id | string | Unique ID for the policy. |
version | '1.0' | Version of the policy. Currently, 1.0 is the only version. |
name | string | Name to assign to policy. |
chain_type | 'ethereum' | Chain type for wallets that the policy will be applied to. |
method_rules | MethodRule | A list of MethodRule objects describing what rules to apply to each RPC method (e.g. 'eth_sendTransaction') that the wallet can take. This list may contain at most one MethodRule entry for each RPC method. Learn more about MethodRules. |
default_action | 'ALLOW' | 'DENY' | The default action to take if a wallet request does not satisfy any of the rules for the policy. |
Example
As an example, a sample request to create a new eth_sendTransaction policy might look like the following:
bash
$ curl --request POST https://api.privy.io/v1/policies \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H "privy-authorization-signature: <authorization-signature-for-request>" \
-H 'Content-Type: application/json' \
-d '{
"version": "1.0",
"name": "Allowlist certain smart contracts",
"chain_type": "ethereum",
"method_rules": [{
"method": "eth_sendTransaction",
"rules": [{
"name": "Allowlist USDC"
"conditions": [
{
"field_source": "ethereum_transaction",
"field": "to",
"operator": "eq",
"value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
},
],
"action": "ALLOW"
}],
}],
"default_action": "DENY"
}'A successful response will look like the following:
json
{
"id": "fmfdj6yqly31huorjqzq38zc",
"name": "Allowlist certain smart contracts",
"version": "1.0",
"chain_type": "ethereum",
"method_rules": [
{
"method": "eth_sendTransaction",
"rules": [
{
"name": "Allowlist USDC",
"conditions": [
{
"field_source": "ethereum_transaction",
"field": "to",
"operator": "eq",
"value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
}
],
"action": "ALLOW"
}
]
}
],
"default_action": "DENY"
}