Documentation | Policies › Update Policy

Policies

policies

Methods

Create Policy ->

Policy

post/v1/policies

Create a new policy.

Get Policy ->

Policy

get/v1/policies/{policy_id}

Get a policy by policy ID.

Get Policy Rule ->

PolicyRuleResponse

get/v1/policies/{policy_id}/rules/{rule_id}

Get a rule by policy ID and rule ID.

Update Policy ->

Policy

patch/v1/policies/{policy_id}

Update a policy by policy ID.

path Parameters

policy_id: string

(maxLength: 24, minLength: 24)

header Parameters

privy-authorization-signature: string

Optional

Request authorization signature. If multiple signatures are required, they should be comma separated.

privy-request-expiry: string

Optional

Request expiry. Value is a Unix timestamp in milliseconds representing the deadline by which the request must be processed.

Response fields

Policy

Request example

curl https://api.privy.io/v1/policies/$POLICY_ID \
    -X PATCH \
    -H 'Content-Type: application/json' \
    -u "$PRIVY_APP_ID:PRIVY_APP_SECRET" \
    -d '{}'

200Example

{
  "id": "tb54eps4z44ed0jepousxi4n",
  "chain_type": "ethereum",
  "created_at": 1741833088894,
  "name": "Allowlisted stablecoins",
  "owner_id": null,
  "rules": [
    {
      "id": "bdyfoa65pro1eez6iwtzanol",
      "action": "ALLOW",
      "conditions": [
        {
          "field": "to",
          "field_source": "ethereum_transaction",
          "operator": "eq",
          "value": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
        }
      ],
      "method": "eth_sendTransaction",
      "name": "Allowlist USDC contract on Base"
    }
  ],
  "version": "1.0"
}

Delete Policy ->

SuccessResponse

delete/v1/policies/{policy_id}

Delete a policy by policy ID.

Create Policy Rule ->

PolicyRuleResponse

post/v1/policies/{policy_id}/rules

Create a new rule for a policy.

Update Policy Rule ->

PolicyRuleResponse

patch/v1/policies/{policy_id}/rules/{rule_id}

Update a rule by policy ID and rule ID.

Delete Policy Rule ->

SuccessResponse

delete/v1/policies/{policy_id}/rules/{rule_id}

Delete a rule by policy ID and rule ID.

Domain types

AbiParameter = { type, components, indexed, 2 more... }

A parameter in a Solidity ABI function or event definition.

AbiSchema = Array<{ type, anonymous, inputs, 3 more... }>

A Solidity ABI definition for decoding smart contract calldata.

ActionRequestBodyCondition = { field, field_source, operator, 1 more... }

Condition on the original wallet action API request body fields.

AggregationCondition = { field, field_source, operator, 1 more... }

Condition referencing an aggregation value. The field must start with "aggregation." followed by the aggregation ID.

ConditionOperator = "eq" | "gt" | "gte" | 4 more...

Operator to use for policy conditions.

ConditionSet = { id, created_at, name, 1 more... }

A condition set for grouping related condition values.

ConditionSetAuthorizationHeaders = { privy-app-id, privy-authorization-signature, privy-request-expiry }

Headers required to authorize modifications to condition sets.

ConditionSetItem = { id, condition_set_id, created_at, 1 more... }

A single item in a condition set.

ConditionSetItemRequestParams = { condition_set_id, condition_set_item_id }

Unique IDs of the condition set and the condition set item within the condition set to take actions on.

ConditionSetItemValueInput = { value }

A single value to add to a condition set.

ConditionSetItems = Array<

ConditionSetItem

Array of condition set items.

ConditionSetItemsRequestBody = Array<

ConditionSetItemValueInput

Array of values to add to the condition set. Maximum 100 items per request.

ConditionSetItemsResponse = { items, next_cursor }

Paginated list of condition set items.

ConditionSetRequestBody = { name, owner, owner_id }

Request body for creating a condition set. Exactly one of owner or owner_id is required.

ConditionSetRequestParams = { condition_set_id }

Unique ID of the condition set to take actions on.

ConditionValue = string | Array<string>

Value to compare against in a policy condition. Can be a single string or an array of strings.

Ethereum7702AuthorizationCondition = { field, field_source, operator, 1 more... }

Allowed contract addresses for eth_sign7702Authorization requests.

EthereumCalldataCondition = { abi, field, field_source, 2 more... }

The decoded calldata in a smart contract interaction as the smart contract method's parameters. Note that 'ethereum_calldata' conditions must contain an abi parameter with the JSON ABI of the smart contract.

EthereumTransactionCondition = { field, field_source, operator, 1 more... }

The verbatim Ethereum transaction object in an eth_signTransaction or eth_sendTransaction request.

EthereumTypedDataDomainCondition = { field, field_source, operator, 1 more... }

Attributes from the signing domain that will verify the signature.

EthereumTypedDataMessageCondition = { field, field_source, operator, 2 more... }

'types' and 'primary_type' attributes of the TypedData JSON object defined in EIP-712.

Policy = { id, chain_type, created_at, 4 more... }

A policy for controlling wallet operations.

PolicyAction = "ALLOW" | "DENY"

The action to take when a policy rule matches.

PolicyAuthorizationHeaders = { privy-app-id, privy-authorization-signature, privy-request-expiry }

Headers required to authorize modifications to policies.

PolicyCondition =

EthereumTransactionCondition

EthereumCalldataCondition

EthereumTypedDataDomainCondition

| 13 more...

A condition that must be true for the rule action to be applied.

PolicyMethod = "eth_sendTransaction" | "eth_signTransaction" | "eth_signUserOperation" | 13 more...

Method the rule applies to.

PolicyRequestBody = { policy_id }

Unique ID of the policy to take actions on.

PolicyRuleRequestBody = { action, conditions, method, 1 more... }

The rules that apply to each method the policy covers.

PolicyRuleRequestParams = { policy_id, rule_id }

Unique IDs of the policy and the rule within the policy to take actions on.

PolicyRuleResponse = { id, action, conditions, 2 more... }

A rule that defines the conditions and action to take if the conditions are true.

SolanaProgramInstructionCondition = { field, field_source, operator, 1 more... }

Solana Program attributes, enables allowlisting Solana Programs.

SolanaSystemProgramInstructionCondition = { field, field_source, operator, 1 more... }

Solana System Program attributes, including more granular Transfer instruction fields.

SolanaTokenProgramInstructionCondition = { field, field_source, operator, 1 more... }

Solana Token Program attributes, including more granular TransferChecked instruction fields.

SuiTransactionCommandCondition = { field, field_source, operator, 1 more... }

SUI transaction command attributes, enables allowlisting specific command types. Allowed commands: 'TransferObjects', 'SplitCoins', 'MergeCoins'. Only 'eq' and 'in' operators are supported.

SuiTransactionCommandOperator = "eq" | "in"

Operator to use for SUI transaction command conditions. Only 'eq' and 'in' are supported for command names.

SuiTransferObjectsCommandCondition = { field, field_source, operator, 1 more... }

SUI TransferObjects command attributes, including recipient and amount fields.

SuiTransferObjectsCommandField = "recipient" | "amount"

Supported fields for SUI TransferObjects command conditions. Only 'recipient' and 'amount' are supported.

SystemCondition = { field, field_source, operator, 1 more... }

System attributes, including current unix timestamp (in seconds).

TempoTransactionCondition = { field, field_source, operator, 1 more... }

A Tempo (type 118) transaction-level field. Evaluated once per transaction (not per call).

TempoTransactionConditionField = "fee_token" | "fee_payer_signature" | "nonce_key" | 2 more...

Tempo (type 118) transaction-level fields that can be referenced in a policy condition.

TronCalldataCondition = { abi, field, field_source, 2 more... }

Decoded calldata from a TRON TriggerSmartContract interaction.

TronTransactionCondition = { field, field_source, operator, 1 more... }

TRON transaction fields for TransferContract and TriggerSmartContract transaction types.

UpdateConditionSetRequestBody = { name, owner, owner_id }

Request body for updating a condition set. At least one field must be provided. owner and owner_id are mutually exclusive.