Appearance
Configuring permissions
INFO
Granular permissions for delegated actions are coming soon. Please reach out to hi@privy.io for more information or to request certain controls.
Configure permissions to control what kinds of actions are available to your app once users grant consent.
Prior to taking delegated actions, your app must receive consent from users to take certain action on their behalf. You can configure the requested permissions in the Privy Dashboard.
Available permissions
Your app may request wallet delegation with the following optional permissions from users:
Allowlists
allowed_transfer_recipients
: List ofstring
addresses that are allowed as transfer destination recipients. If empty, all destinations are allowed.allowed_contracts
: List ofstring
addresses for contracts or programs that may be interacted with. If empty, all contracts or programs are allowed.
Denylists
denied_transfer_recipients
: List ofstring
addresses that are denied as transfer destination recipients. If empty, all destinations are allowed.denied_contracts
: List ofstring
addresses for contracts or programs that may not be interacted with. If empty, all contracts or programs are allowed.
Expiration
expiration_period_seconds
: Number of seconds that delegation is valid for. Maximum is 2592000 seconds (30 days). After this period, your user must reconsent to wallet delegation for continued access. If empty, delegation does not expire unless revoked.
Maximum transaction value
maximum_transaction_value_sol
: Maximum value in SOL that any individual transaction may transfer. Valid values are (0, 100]. If empty, no limit is set.
Maximum transaction total
maximum_transaction_total_sol
: Maximum value in SOL that all transactions may transfer in total. Valid values are (0, 100]. If empty, no limit is set.
Changing permissions
INFO
If your app changes permissions after users have already granted consent, your users will have to reconsent to the updated permissions.
You can update permissions that your app requires in the Privy Dashboard. If you make changes to the requested permissions, previous permissions will be revoked. This means existing users must reconsent to delegate wallets under the new permissions set. The invariant is that all your users grant your app the same set of permissions.
Granting consent
After permissions are configured, your app can prompt users to grant consent to take actions on their behalf.
Taking permissioned action
If your app requests specific permissions, you must use the signTransaction
interface to take wallet actions. The signMessage
interface is disabled when granular permissions are enforced.
Requests to take action on a delegated wallet must comply with the permissions that are granted. If your app makes a request that is disallowed by the user's permissions, you will receive a 401 error response with the error code delegated_wallet_permission_denied
.