Skip to main content

Allow a specific user to create wallets

Allow users with a specific tag to create users

Require two users with a specific tag to add policies

Deny all delete actions for users with a specific tag

Allow a specific user (e.g. API-only user) to create a sub-org

Allow a specific user to perform auth type activities (full list here)

Note: The activity.resource portion determines which activities can be performed. The activity.action determines what types of actions can be taken upon those resources.

Allow a specific user to perform generic OTP activities

Allow a specific user to perform a specific activity type (full list here)

Note: Activities may be upgraded over time, and thus new versions may be introduced. These policies will NOT be valid if an activity type is upgraded and requests are made on the new activity type. For example, if 0xkey introduces ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V3 (upgraded from ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2) and a request is made with the newer V3 version, this policy with not allow that user to perform ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V3 activities.
JSON

Allow a specific credential type to perform a specific action (full list of credential types here)

This policy can be used to say, only passkeys are allowed to sign transactions and not authentication through SMS (or any other authentication method).
JSON

Allow a specific credential with a specific public key type to perform a specific action

JSON