Policies

Smart Accounts provide flexible security and control through various policy mechanisms. This guide explains the key policies and how to use them effectively.

Policies are defined when creating a new smart account using the /smart-accounts endpoint. The policies object contains the following key components:

Authorities
Threshold
Admin Control

Authorities

Authorities are the entities that can perform actions on the smart account. Each authority has a set of permissions that define what actions they can take.

Permission Types

The following permissions can be assigned to authorities:

CAN_INITIATE: Required to propose new intents
CAN_VOTE: Required to approve intents
CAN_EXECUTE: Required to execute approved intents

Example Configuration

{
  "policies": {
    "authorities": [
      {
        "address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
        "permissions": ["CAN_INITIATE", "CAN_VOTE", "CAN_EXECUTE"]
      },
      {
        "address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
        "permissions": ["CAN_VOTE"]
      }
    ]
  }
}

Threshold

The threshold defines how many authorities must approve an intent. This creates a flexible M-of-N multisig setup.

Rules

Must be greater than 0
Cannot exceed the number of signers with CAN_VOTE permission
Maximum value is 10

Example Configuration

{
  "policies": {
    "authorities": [...],
    "threshold": 2
  }
}

Admin Control

Admin control is an optional security feature that restricts who can modify Smart Account settings. When an admin address is set, only that address can modify the account’s configuration.

Example Configuration

{
  "policies": {
    "authorities": [...],
    "threshold": 2,
    "admin_address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
  }
}

Creating a Smart Account with Policies

To create a smart account with policies, use the /smart-accounts endpoint:

POST /api/v0/grid/smart-accounts
{
  "policies": {
    "authorities": [
      {
        "address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
        "permissions": ["CAN_INITIATE", "CAN_VOTE", "CAN_EXECUTE"]
      },
      {
        "address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
        "permissions": ["CAN_VOTE"]
      }
    ],
    "threshold": 2,
    "admin_address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
  }
}

Retrieving Smart Account Policies

To retrieve the policies for a smart account, use the /smart-accounts/{smart_account_address} endpoint with the policies query parameter:

GET /api/v0/grid/smart-accounts/{smart_account_address}?policies=true

Best Practices

Authorities
- Separate duties between authorities
- Limit CAN_INITIATE to trusted parties
- Have multiple CAN_EXECUTE authorities for redundancy
Threshold
- Choose threshold based on security needs
- Consider operational efficiency
- Plan for key rotation
Admin Control
- Use admin control for managed accounts
- Keep admin keys secure and offline
- Consider using a multisig as admin

Get Started

Core Concepts

Modules

Policies

Policies

Authorities

Permission Types

Example Configuration

Threshold

Rules

Example Configuration

Admin Control

Example Configuration

Creating a Smart Account with Policies

Retrieving Smart Account Policies

Best Practices

Get Started

Core Concepts

Modules

​Policies

​Authorities

​Permission Types

​Example Configuration

​Threshold

​Rules

​Example Configuration

​Admin Control

​Example Configuration

​Creating a Smart Account with Policies

​Retrieving Smart Account Policies

​Best Practices

Policies

Authorities

Permission Types

Example Configuration

Threshold

Rules

Example Configuration

Admin Control

Example Configuration

Creating a Smart Account with Policies

Retrieving Smart Account Policies

Best Practices