Skip to main content
Access control runs during signup/login. For the full authentication flow, see Authentication Flow. Access control lets you decide who can use your app or specific parts of it. Dynamic provides two mechanisms:
  • Access lists – Restrict or allow access based on a list of emails, wallet addresses, or other identifiers.
  • Gates – Rules that combine criteria (for example, access list membership or NFT/token ownership).
Both support the same two outcomes:

Allow or block site access

When you choose Allow Site Access, Dynamic enforces the rule at authentication time. Users who do not meet the criteria do not receive a JWT and cannot sign in. This behavior works with any integration—no SDK is required for enforcement. Your app simply never receives a session for blocked users.

Return a scope

When you choose Return scope, Dynamic adds a scope to the user’s JWT when they meet the criteria. You can use that scope in your app for fine-grained UI (for example, showing or hiding features). Advanced usage—reading scopes and customizing the blocked experience—is SDK-specific. See the SDK docs linked below.

Next steps

  • Access lists – Create and manage lists of allowed users (emails, wallets, etc.).
  • Gates – Define rules with NFT/token or access list criteria.
For reading scopes in-app and customizing copy or buttons, see your SDK docs: