Policies

Create Policy

Create a policy with rules to govern wallet transactions.

cURL

curl -X POST \
  -H "x-api-key: dev-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "walletId": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Trading Limits",
    "active": true,
    "rules": [
      {
        "type": "spending_limit",
        "maxLamportsPerTx": 10000000,
        "maxLamportsPerDay": 100000000,
        "requireApprovalAboveLamports": 50000000
      },
      {
        "type": "protocol_allowlist",
        "protocols": ["system-program", "jupiter", "marinade"]
      }
    ]
  }' \
  http://localhost:3000/api/v1/policies

Request Body

walletId

string

required

Wallet UUID this policy applies to

name

string

required

Policy name (1-128 characters)

active

boolean

default:true

Whether policy is active

rules

array

required

Array of policy rules (see Rule Types below)

Response

string

required

Policy UUID

walletId

string

required

Wallet UUID

name

string

required

Policy name

version

number

required

Policy version number (starts at 1)

active

boolean

required

Active status

rules

array

required

Policy rules

createdAt

string

required

ISO 8601 timestamp

updatedAt

string

required

ISO 8601 timestamp

Rule Types

{
  "type": "spending_limit",
  "maxLamportsPerTx": 10000000,
  "maxLamportsPerDay": 100000000,
  "requireApprovalAboveLamports": 50000000
}

Fields:

maxLamportsPerTx - Maximum lamports per transaction
maxLamportsPerDay - Maximum lamports per 24-hour period
requireApprovalAboveLamports - Amount threshold requiring manual approval

{
  "type": "address_allowlist",
  "addresses": [
    "7xKLvUhXW9XqHZzN3Jw8wVHGK6R4tN2gqV9mP3kL5eXy",
    "8yMLvVhYW0YrHZaN4Kx9xWIHK7S5tO3hqW0nQ4mM6fYz"
  ]
}

Only allows transactions to specified addresses.

{
  "type": "address_blocklist",
  "addresses": [
    "BlockedAddr111111111111111111111111111111111"
  ]
}

Blocks transactions to specified addresses.

{
  "type": "program_allowlist",
  "programIds": [
    "11111111111111111111111111111111",
    "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA"
  ]
}

Only allows transactions invoking specified program IDs.

{
  "type": "token_allowlist",
  "mints": [
    "So11111111111111111111111111111111111111112",
    "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
  ]
}

Only allows transactions with specified token mints.

{
  "type": "protocol_allowlist",
  "protocols": ["system-program", "jupiter", "marinade"]
}

Only allows specified protocols.

{
  "type": "rate_limit",
  "maxTx": 10,
  "windowSeconds": 3600
}

Limits number of transactions per time window.

{
  "type": "time_window",
  "startHourUtc": 9,
  "endHourUtc": 17
}

Only allows transactions during specified UTC hours.

{
  "type": "max_slippage",
  "maxBps": 100
}

Maximum allowed slippage for swaps (in basis points).

{
  "type": "protocol_risk",
  "protocol": "jupiter",
  "maxSlippageBps": 50,
  "maxPoolConcentrationBps": 5000,
  "allowedPools": ["pool1", "pool2"],
  "allowedPrograms": ["JUP..."]
}

Protocol-specific risk controls.

{
  "type": "portfolio_risk",
  "maxDrawdownLamports": 100000000,
  "maxDailyLossLamports": 50000000,
  "maxExposureBpsPerToken": 2500,
  "maxExposureBpsPerProtocol": 5000
}

Portfolio-level risk limits.

Update Policy

Update an existing policy (creates new version).

cURL

curl -X PUT \
  -H "x-api-key: dev-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Updated Trading Limits",
    "rules": [
      {
        "type": "spending_limit",
        "maxLamportsPerTx": 20000000
      }
    ]
  }' \
  http://localhost:3000/api/v1/policies/123e4567-e89b-12d3-a456-426614174000

Path Parameters

policyId

string

required

Policy UUID

Request Body

name

string

New policy name

rules

array

New rules array

active

boolean

Active status

Updating a policy creates a new version. The version number increments automatically.

List Wallet Policies

List all policies for a wallet.

cURL

curl -H "x-api-key: dev-api-key" \
     http://localhost:3000/api/v1/wallets/550e8400-e29b-41d4-a716-446655440000/policies

Path Parameters

walletId

string

required

Wallet UUID

Evaluate Policy

Test if an operation would pass policy evaluation.

cURL

curl -X POST \
  -H "x-api-key: dev-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "walletId": "550e8400-e29b-41d4-a716-446655440000",
    "type": "transfer_sol",
    "protocol": "system-program",
    "destination": "7xKLvUhXW9XqHZzN3Jw8wVHGK6R4tN2gqV9mP3kL5eXy",
    "amountLamports": 1000000
  }' \
  http://localhost:3000/api/v1/evaluate

Request Body

walletId

string

required

Wallet UUID

type

string

required

Transaction type

protocol

string

required

Protocol name

destination

string

Destination address

tokenMint

string

Token mint address

amountLamports

number

Amount in lamports

programIds

array

Program IDs involved

slippageBps

number

Slippage in basis points

Response

decision

enum

required

allow, deny, or require_approval

reasons

array

required

Array of reason strings explaining the decision

riskTier

enum

required

low, medium, high, or critical

{
  "status": "success",
  "data": {
    "decision": "allow",
    "reasons": [
      "Within spending limit",
      "Protocol is allowed",
      "Destination not blocklisted"
    ],
    "riskTier": "low"
  }
}

Get Policy Versions

List all versions of a policy.

cURL

curl -H "x-api-key: dev-api-key" \
     http://localhost:3000/api/v1/policies/123e4567-e89b-12d3-a456-426614174000/versions

Path Parameters

policyId

string

required

Policy UUID

Get Policy Version

Retrieve a specific policy version.

cURL

curl -H "x-api-key: dev-api-key" \
     http://localhost:3000/api/v1/policies/123e4567-e89b-12d3-a456-426614174000/versions/2

Path Parameters

policyId

string

required

Policy UUID

version

number

required

Version number

Migrate Policy

Migrate policy to a specific version.

cURL

curl -X POST \
  -H "x-api-key: dev-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "targetVersion": 2,
    "mode": "safe"
  }' \
  http://localhost:3000/api/v1/policies/123e4567-e89b-12d3-a456-426614174000/migrate

Path Parameters

policyId

string

required

Policy UUID

Request Body

targetVersion

number

required

Target version number

mode

enum

Migration mode: safe (default) or force

Check Policy Compatibility

Validate policy rules for compatibility.

cURL

curl -X POST \
  -H "x-api-key: dev-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "rules": [
      {
        "type": "spending_limit",
        "maxLamportsPerTx": 10000000
      }
    ]
  }' \
  http://localhost:3000/api/v1/policies/compatibility-check

Request Body

rules

array

required

Array of policy rules to validate

Response

{
  "status": "success",
  "data": {
    "compatible": true,
    "warnings": [],
    "errors": []
  }
}

Overview

Endpoints

Create Policy

Request Body

Response

Rule Types

Update Policy

Path Parameters

Request Body

List Wallet Policies

Path Parameters

Evaluate Policy

Request Body

Response

Get Policy Versions

Path Parameters

Get Policy Version

Path Parameters

Migrate Policy

Path Parameters

Request Body

Check Policy Compatibility

Request Body

Response

Build docs developers (and LLMs) love

Overview

Endpoints

​Create Policy

​Request Body

​Response

​Rule Types

​Update Policy

​Path Parameters

​Request Body

​List Wallet Policies

​Path Parameters

​Evaluate Policy

​Request Body

​Response

​Get Policy Versions

​Path Parameters

​Get Policy Version

​Path Parameters

​Migrate Policy

​Path Parameters

​Request Body

​Check Policy Compatibility

​Request Body

​Response

Build docs developers (and LLMs) love

Create Policy

Request Body

Response

Rule Types

Update Policy

Path Parameters

Request Body

List Wallet Policies

Path Parameters

Evaluate Policy

Request Body

Response

Get Policy Versions

Path Parameters

Get Policy Version

Path Parameters

Migrate Policy

Path Parameters

Request Body

Check Policy Compatibility

Request Body

Response