- User Authentication
- API Key Authentication
Operations:
signEndUserEvmTransaction, sendEndUserEvmTransaction, signEndUserEvmMessage, signEndUserEvmTypedDataAllowlist
{
"scope": "project",
"description": "Allow end-user signing only to approved addresses",
"rules": [
{
"action": "accept",
"operation": "signEndUserEvmTransaction",
"criteria": [
{
"type": "evmAddress",
"addresses": ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "0x000000000000000000000000000000000000dEaD"],
"operator": "in"
}
]
}
]
}
Denylist
{
"scope": "project",
"description": "Block end-user signing to known risky addresses",
"rules": [
{
"action": "accept",
"operation": "signEndUserEvmTransaction",
"criteria": [
{
"type": "evmAddress",
"addresses": ["0xffffffffffffffffffffffffffffffffffffffff"],
"operator": "not in"
}
]
}
]
}
Transaction value limit
{
"scope": "project",
"description": "Limit end-user transactions to 1 ETH",
"rules": [
{
"action": "accept",
"operation": "signEndUserEvmTransaction",
"criteria": [
{
"type": "ethValue",
"ethValue": "1000000000000000000",
"operator": "<="
}
]
}
]
}
USD spend limit
The
netUSDChange criterion is only evaluated for mainnet transactions.{
"scope": "project",
"description": "Limit end-user transactions to $100 USD",
"rules": [
{
"action": "accept",
"operation": "signEndUserEvmTransaction",
"criteria": [{ "type": "netUSDChange", "changeCents": 10000, "operator": "<=" }]
},
{
"action": "accept",
"operation": "sendEndUserEvmTransaction",
"criteria": [{ "type": "netUSDChange", "changeCents": 10000, "operator": "<=" }]
}
]
}
Network restriction
{
"scope": "project",
"description": "Restrict end-user sends to Base and Ethereum only",
"rules": [
{
"action": "accept",
"operation": "sendEndUserEvmTransaction",
"criteria": [
{
"type": "evmNetwork",
"networks": ["base", "ethereum"],
"operator": "in"
}
]
}
]
}
Message signing restriction
{
"scope": "project",
"description": "Only allow signing messages with app prefix",
"rules": [
{
"action": "accept",
"operation": "signEndUserEvmMessage",
"criteria": [{ "type": "evmMessage", "match": "^MyApp:.*" }]
}
]
}
Typed data — restrict verifying contract
{
"scope": "project",
"description": "Only allow typed data signing for approved contracts",
"rules": [
{
"action": "accept",
"operation": "signEndUserEvmTypedData",
"criteria": [
{
"type": "evmTypedDataVerifyingContract",
"addresses": ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"],
"operator": "in"
}
]
}
]
}
Operations:
signEvmTransaction, sendEvmTransaction, signEvmMessage, signEvmTypedData, signEvmHash, prepareUserOperation, sendUserOperationAllowlist
{
"description": "Allowlist policy example",
"scope": "project",
"rules": [
{
"action": "accept",
"operation": "signEvmTransaction",
"criteria": [
{
"type": "evmAddress",
"addresses": ["0xffffffffffffffffffffffffffffffffffffffff", "0x1111111111111111111111111111111111111111"],
"operator": "in"
}
]
}
]
}
Denylist
{
"description": "Denylist policy example",
"scope": "project",
"rules": [
{
"action": "accept",
"operation": "signEvmTransaction",
"criteria": [
{
"type": "evmAddress",
"addresses": ["0xffffffffffffffffffffffffffffffffffffffff", "0x1111111111111111111111111111111111111111"],
"operator": "not in"
}
]
}
]
}
Transaction value limit
{
"description": "Limit transactions to 2 ETH",
"scope": "project",
"rules": [
{
"action": "accept",
"operation": "signEvmTransaction",
"criteria": [
{
"type": "ethValue",
"ethValue": "2000000000000000000",
"operator": "<="
}
]
}
]
}
Network restriction
{
"description": "Restrict sends to Base only",
"scope": "project",
"rules": [
{
"action": "accept",
"operation": "sendEvmTransaction",
"criteria": [
{
"type": "evmNetwork",
"networks": ["base"],
"operator": "in"
}
]
}
]
}
Message signing restriction
{
"description": "Only allow signing messages with app prefix",
"scope": "project",
"rules": [
{
"action": "accept",
"operation": "signEvmMessage",
"criteria": [{ "type": "evmMessage", "match": "^MyApp:.*" }]
}
]
}