EVM Policies

EVM policy examples for controlling transaction signing, sending, message signing, and typed data signing.

User Authentication
API Key Authentication

Operations: signEndUserEvmTransaction, sendEndUserEvmTransaction, signEndUserEvmMessage, signEndUserEvmTypedData

Allowlist

{
  "scope": "project",
  "description": "Allow end-user signing only to approved addresses",
  "rules": [
    {
      "action": "accept",
      "operation": "signEndUserEvmTransaction",
      "criteria": [
        {
          "type": "evmAddress",
          "addresses": ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "0x000000000000000000000000000000000000dEaD"],
          "operator": "in"
        }
      ]
    }
  ]
}

Denylist

{
  "scope": "project",
  "description": "Block end-user signing to known risky addresses",
  "rules": [
    {
      "action": "accept",
      "operation": "signEndUserEvmTransaction",
      "criteria": [
        {
          "type": "evmAddress",
          "addresses": ["0xffffffffffffffffffffffffffffffffffffffff"],
          "operator": "not in"
        }
      ]
    }
  ]
}

Transaction value limit

{
  "scope": "project",
  "description": "Limit end-user transactions to 1 ETH",
  "rules": [
    {
      "action": "accept",
      "operation": "signEndUserEvmTransaction",
      "criteria": [
        {
          "type": "ethValue",
          "ethValue": "1000000000000000000",
          "operator": "<="
        }
      ]
    }
  ]
}

USD spend limit

The netUSDChange criterion is only evaluated for mainnet transactions.

{
  "scope": "project",
  "description": "Limit end-user transactions to $100 USD",
  "rules": [
    {
      "action": "accept",
      "operation": "signEndUserEvmTransaction",
      "criteria": [{ "type": "netUSDChange", "changeCents": 10000, "operator": "<=" }]
    },
    {
      "action": "accept",
      "operation": "sendEndUserEvmTransaction",
      "criteria": [{ "type": "netUSDChange", "changeCents": 10000, "operator": "<=" }]
    }
  ]
}

Network restriction

{
  "scope": "project",
  "description": "Restrict end-user sends to Base and Ethereum only",
  "rules": [
    {
      "action": "accept",
      "operation": "sendEndUserEvmTransaction",
      "criteria": [
        {
          "type": "evmNetwork",
          "networks": ["base", "ethereum"],
          "operator": "in"
        }
      ]
    }
  ]
}

Message signing restriction

{
  "scope": "project",
  "description": "Only allow signing messages with app prefix",
  "rules": [
    {
      "action": "accept",
      "operation": "signEndUserEvmMessage",
      "criteria": [{ "type": "evmMessage", "match": "^MyApp:.*" }]
    }
  ]
}

Typed data — restrict verifying contract

{
  "scope": "project",
  "description": "Only allow typed data signing for approved contracts",
  "rules": [
    {
      "action": "accept",
      "operation": "signEndUserEvmTypedData",
      "criteria": [
        {
          "type": "evmTypedDataVerifyingContract",
          "addresses": ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"],
          "operator": "in"
        }
      ]
    }
  ]
}

Operations: signEvmTransaction, sendEvmTransaction, signEvmMessage, signEvmTypedData, signEvmHash, prepareUserOperation, sendUserOperation

Allowlist

{
  "description": "Allowlist policy example",
  "scope": "project",
  "rules": [
    {
      "action": "accept",
      "operation": "signEvmTransaction",
      "criteria": [
        {
          "type": "evmAddress",
          "addresses": ["0xffffffffffffffffffffffffffffffffffffffff", "0x1111111111111111111111111111111111111111"],
          "operator": "in"
        }
      ]
    }
  ]
}

Denylist

{
  "description": "Denylist policy example",
  "scope": "project",
  "rules": [
    {
      "action": "accept",
      "operation": "signEvmTransaction",
      "criteria": [
        {
          "type": "evmAddress",
          "addresses": ["0xffffffffffffffffffffffffffffffffffffffff", "0x1111111111111111111111111111111111111111"],
          "operator": "not in"
        }
      ]
    }
  ]
}

Transaction value limit

{
  "description": "Limit transactions to 2 ETH",
  "scope": "project",
  "rules": [
    {
      "action": "accept",
      "operation": "signEvmTransaction",
      "criteria": [
        {
          "type": "ethValue",
          "ethValue": "2000000000000000000",
          "operator": "<="
        }
      ]
    }
  ]
}

Network restriction

{
  "description": "Restrict sends to Base only",
  "scope": "project",
  "rules": [
    {
      "action": "accept",
      "operation": "sendEvmTransaction",
      "criteria": [
        {
          "type": "evmNetwork",
          "networks": ["base"],
          "operator": "in"
        }
      ]
    }
  ]
}

Message signing restriction

{
  "description": "Only allow signing messages with app prefix",
  "scope": "project",
  "rules": [
    {
      "action": "accept",
      "operation": "signEvmMessage",
      "criteria": [{ "type": "evmMessage", "match": "^MyApp:.*" }]
    }
  ]
}

GET STARTED

PAYMENTS

TRADING

WALLETS

ONCHAIN TOOLS

WEBHOOKS

CONSUMER APIS

BUSINESS APIS

INSTITUTIONAL APIS

Allowlist

Denylist

Transaction value limit

USD spend limit

Network restriction

Message signing restriction

Typed data — restrict verifying contract

Allowlist

Denylist

Transaction value limit

Network restriction

Message signing restriction

GET STARTED

PAYMENTS

TRADING

WALLETS

ONCHAIN TOOLS

WEBHOOKS

CONSUMER APIS

BUSINESS APIS

INSTITUTIONAL APIS

Documentation Index

​Allowlist

​Denylist

​Transaction value limit

​USD spend limit

​Network restriction

​Message signing restriction

​Typed data — restrict verifying contract

​Allowlist

​Denylist

​Transaction value limit

​Network restriction

​Message signing restriction

Allowlist

Denylist

Transaction value limit

USD spend limit

Network restriction

Message signing restriction

Typed data — restrict verifying contract

Allowlist

Denylist

Transaction value limit

Network restriction

Message signing restriction