Skip to main content

PoliciesClient

Client for managing policies that govern the behavior of projects and accounts.

create_policy

async def create_policy(
    self,
    policy: CreatePolicyOptions,
    idempotency_key: str | None = None,
) -> Policy:
Create a policy that can be used to govern the behavior of projects and accounts.
policy
CreatePolicyOptions
required
The policy to create, containing scope, description, and rules.
idempotency_key
str | None
Optional idempotency key for safe retryable requests.
return
Policy
The created policy.
# Example: Create a policy to restrict transfers
from cdp.policies.types import (
    CreatePolicyOptions,
    SendEvmTransactionRule,
    EvmAddressCriterion,
)

policy = await cdp.policies.create_policy(
    policy=CreatePolicyOptions(
        scope="account",
        description="Only allow transfers to whitelisted addresses",
        rules=[
            SendEvmTransactionRule(
                action="accept",
                operation="sendEvmTransaction",
                criteria=[
                    EvmAddressCriterion(
                        type="evmAddress",
                        addresses=["0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"],
                        operator="in",
                    )
                ],
            )
        ],
    )
)

update_policy

async def update_policy(
    self,
    id: str,
    policy: UpdatePolicyOptions,
    idempotency_key: str | None = None,
) -> Policy:
Update an existing policy by its unique identifier. This will apply the updated policy to any project or accounts that are currently using it.
id
str
required
The unique identifier of the policy to update.
policy
UpdatePolicyOptions
required
The updated policy configuration.
idempotency_key
str | None
Optional idempotency key.
return
Policy
The updated policy.

delete_policy

async def delete_policy(
    self,
    id: str,
    idempotency_key: str | None = None,
) -> None:
Delete a policy by its unique identifier.
If a policy is referenced by an active project or account, this operation will fail.
id
str
required
The unique identifier of the policy to delete.
idempotency_key
str | None
Optional idempotency key.
return
None
Returns None on success.

get_policy_by_id

async def get_policy_by_id(
    self,
    id: str,
) -> Policy:
Retrieve a policy by its unique identifier.
id
str
required
The unique identifier of the policy to retrieve.
return
Policy
The requested policy.

list_policies

async def list_policies(
    self,
    page_size: int | None = None,
    page_token: str | None = None,
    scope: PolicyScope | None = None,
) -> ListPoliciesResult:
List policies belonging to the developer’s CDP Project. Can be filtered by scope (project or account).
page_size
int | None
The number of policies to return per page.
page_token
str | None
The token for the next page of policies, if any.
scope
PolicyScope | None
The scope of the policies to list (“project” or “account”).
return
ListPoliciesResult
A paginated list of policies.

Policy Types

Policy

A single Policy that can be used to govern the behavior of projects and accounts.
id
str
The unique identifier for the policy.
description
str | None
An optional human-readable description of the policy.
scope
PolicyScope
The scope of the policy (“project” or “account”). Only one project-level policy can exist at any time.
rules
list[Rule]
A list of rules that comprise the policy.
created_at
str
The ISO 8601 timestamp at which the Policy was created.
updated_at
str
The ISO 8601 timestamp at which the Policy was last updated.

CreatePolicyOptions

scope
PolicyScope
required
The scope of the policy (“project” or “account”).
description
str | None
An optional human-readable description of the policy.
rules
list[Rule]
required
A list of rules that comprise the policy.

Rule Types

SendEvmTransactionRule

A policy rule that can accept or reject EVM transactions based on criteria.
action
Action
required
“accept” or “reject” - determines whether matching the rule will allow or block the transaction.
operation
Literal['sendEvmTransaction']
required
Must be “sendEvmTransaction”.
criteria
list[Criterion]
required
The set of criteria that must be matched. Can include:
  • EthValueCriterion: Compare ETH value
  • EvmAddressCriterion: Check recipient addresses
  • EvmNetworkCriterion: Restrict networks
  • EvmDataCriterion: Validate contract call data
  • NetUSDChangeCriterion: Limit USD value changes

SignEvmMessageRule

A policy rule for EVM message signing.
action
Action
required
“accept” or “reject”.
operation
Literal['signEvmMessage']
required
Must be “signEvmMessage”.
criteria
list[EvmMessageCriterion]
required
Criteria for matching messages (regex patterns).

SignEvmTypedDataRule

A policy rule for EIP-712 typed data signing.
action
Action
required
“accept” or “reject”.
operation
Literal['signEvmTypedData']
required
Must be “signEvmTypedData”.
criteria
list[Criterion]
required
Can include:
  • SignEvmTypedDataFieldCriterion: Validate typed data fields
  • SignEvmTypedDataVerifyingContractCriterion: Restrict verifying contracts

SendUserOperationRule

A policy rule for smart account user operations.
action
Action
required
“accept” or “reject”.
operation
Literal['sendUserOperation']
required
Must be “sendUserOperation”.
criteria
list[Criterion]
required
Similar to SendEvmTransactionRule criteria.

Solana Rules

Similar rules exist for Solana operations:
  • SignSolanaTransactionRule
  • SendSolanaTransactionRule
  • SignSolMessageRule

Criterion Types

EthValueCriterion

Compare transaction ETH value against a threshold.
type
Literal['ethValue']
required
Must be “ethValue”.
ethValue
str
required
The ETH value in wei (as a string of digits).
operator
Operator
required
Comparison operator: ">", "<", ">=", "<=", "==", "!=".

EvmAddressCriterion

Check if transaction recipient is in/not in a list of addresses.
type
Literal['evmAddress']
required
Must be “evmAddress”.
addresses
list[str]
required
List of 0x-prefixed 40-character hex addresses (max 300).
operator
Literal['in', 'not in']
required
“in” or “not in”.

EvmNetworkCriterion

Restrict operations to specific networks.
type
Literal['evmNetwork']
required
Must be “evmNetwork”.
networks
list[str]
required
List of network names: “base-sepolia”, “base”, “ethereum”, “ethereum-sepolia”, “avalanche”, “polygon”, “optimism”, “arbitrum”, “zora”, “bnb”.
operator
Literal['in', 'not in']
required
“in” or “not in”.

NetUSDChangeCriterion

Limit the USD value of asset transfers.
type
Literal['netUSDChange']
required
Must be “netUSDChange”.
changeCents
int
required
The amount of USD in cents (non-negative integer).
operator
Operator
required
Comparison operator: ">", ">=", "==", "<", "<=".

EvmDataCriterion

Validate contract call parameters.
type
Literal['evmData']
required
Must be “evmData”.
abi
KnownAbiType | AbiInner
required
The ABI of the smart contract.
conditions
list[EvmDataCondition]
required
Conditions to apply against function arguments.

Example: Comprehensive Policy

from cdp.policies.types import (
    CreatePolicyOptions,
    SendEvmTransactionRule,
    SignEvmMessageRule,
    EvmAddressCriterion,
    EvmNetworkCriterion,
    EthValueCriterion,
    EvmMessageCriterion,
)

policy = await cdp.policies.create_policy(
    policy=CreatePolicyOptions(
        scope="account",
        description="Restrict account to specific operations",
        rules=[
            # Only allow transactions to whitelisted addresses
            SendEvmTransactionRule(
                action="accept",
                operation="sendEvmTransaction",
                criteria=[
                    EvmAddressCriterion(
                        type="evmAddress",
                        addresses=[
                            "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
                            "0x1234567890123456789012345678901234567890",
                        ],
                        operator="in",
                    ),
                    # Only on specific networks
                    EvmNetworkCriterion(
                        type="evmNetwork",
                        networks=["base", "base-sepolia"],
                        operator="in",
                    ),
                    # Limit transaction value
                    EthValueCriterion(
                        type="ethValue",
                        ethValue="1000000000000000000",  # 1 ETH in wei
                        operator="<=",
                    ),
                ],
            ),
            # Restrict message signing to specific patterns
            SignEvmMessageRule(
                action="accept",
                operation="signEvmMessage",
                criteria=[
                    EvmMessageCriterion(
                        type="evmMessage",
                        match="^Sign in to.*",
                    )
                ],
            ),
        ],
    ),
)

print(f"Created policy: {policy.id}")

Build docs developers (and LLMs) love

Get started for freeTalk to us