This feature is available for all Dynamic v3 embedded wallets (TSS-MPC). Upgrade is required if you are on v2 or earlier.

Overview

Policy and Rules gives developers fine-grained control over how wallets interact. Policies are enforced before a transaction is signed ensuring there is validation before execution. This allows you to:
  • Block malicious or unauthorized counterparties
  • Create custom workflows around wallet interactions
  • Ensure transactions are simulated and verified before execution
Policies are chain-agnostic, working seamlessly across EVM including Account Abstraction wallets and interactions on Solana

Security Model

Dynamic’s policy system is designed with security and transparency at its core:
  • Tamper Resistance: Policies are created and enforced in a trusted execution environment, ensuring they cannot be bypassed at the client level. Only administrators and those with permissions can update and modify rules
  • Auditability: Every policy update is logged and traceable.
  • Transaction Simulation: Before a transaction is signed, it is simulated against your rules. Non-compliant requests are automatically rejected.
  • **Malicious Transaction Detection ** Before a transaction is signed, all transactions will be validated to ensure they are not being sent to a malicious address.
  • Pre-Signing Enforcement: Rules apply at signing time, not just after execution. This means developers can trust that no transaction leaves the wallet unless it passes policy checks.

Creating a Rule

Step 1: Navigate to the Policies Tab

On the developer dashboard, navigate to the Policies tab under the Wallets section. Click on Create your first rule to get started.
Policies Setup Screenshot

Step 2: Configure the Rule

In Basic Settings, you can configure the following for the rule:
  • Rule Name: A descriptive name for the rule
  • Rule Description: A description of the rule
  • Rule Type: The type of rule to create. You can choose between:
    • Allow: This rule allows the operation to proceed
    • Deny: This rule blocks the operation
  • Chain: The blockchain network the rule applies to (e.g., Ethereum, Base)
  • Network/Environment: The specific network or environment, such as Sepolia, Base Sepolia, etc.
  • Address: The address the rule applies to
Below is an example of configuring a rule to only allow users interacting with the WETH contract on Ethereum mainnet.
Policies Setup Screenshot

Step 3: Add/Update a Rule

There are two ways to add/update a rule: you can either update using the dashboard or send an API request with your authorized token.

Creating a Rule

  1. Click on Save Rule to create a rule by clicking on Add Rule in Basic Settings once you have configured the rule.
  2. You can also send an API request with your authorized token to create/update a rule. The payload can be found in the JSON tab of the Rule creation page.
Below is an example of creating a rule via curl: 
curl -X POST \
"https://app.dynamicauth.com/api/v0/environments/<environment_id>/waas/policies" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your_token>" \
-d '{
  "rulesToAdd": [
    {
        "chain": "EVM",
        "chainId": 1,
        "name": "Allow only transaction with WETH contract on ETH mainnet",
        "ruleType": "allow",
        "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
    }
  ]
}'

Update a Rule

If you have active rules, you will see the Policy & Rules Management tab in the Policies tab.
  1. Click on the rule you want to update, which will expand to the Edit Rule page
  2. Update the rule configuration and click on Save Rule to update the rule
Policies Setup Screenshot
Below is an example of updating a rule via curl: 
curl -X PUT \
"https://app.dynamicauth.com/api/v0/environments/<environment_id>/waas/policies" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your_token>" \
-d '{
  "rulesToUpdate": [
    {
        "id": <existing_rule_id>,
        "chain": "EVM",
        "chainId": 1,
        "name": "Allow only transaction with WETH contract on ETH mainnet",
        "ruleType": "allow",
        "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
    }
  ]
}'

Step 4: Verifying Policy

To confirm that your policy rule is enforced, attempt to send a transaction that matches or violates the rule you configured. We recommend performing these tests on a testnet within a sandbox environment. Expected Behavior:
  • If the transaction complies with the policy, it will be processed as normal.
  • If the transaction violates the policy, the SDK or wallet connector will return an error indicating that the operation is not permitted.
Below is an example of a policy violation error displayed when a transaction does not meet the configured rule criteria:
Policies Setup Screenshot

Step 5: Deleting a Rule

If you have active rules, you will see the Policy & Rules Management tab in the Policies tab.
  1. Click ... next to the rule you want to delete, which will expand a dropdown menu with the option to delete the rule
  2. Check the box to confirm you want to delete the rule and click on Delete Rule button
Policies Setup Screenshot
Below is an example of deleting a rule via curl: 
curl -X DELETE \
"https://app.dynamicauth.com/api/v0/environments/<environment_id>/waas/policies" \
-H "Authorization: Bearer <your_token>" \
-H "Content-Type: application/json" \
-d '{
  "ruleIdsToDelete": ["<existing_rule_id>"]
}'

Creating, Updating, and Deleting Rules in Bulk

You can programmatically create or update multiple policy rules at once using the API. To do this, provide an array of rules in the rulesToAdd, rulesToUpdate, or ruleIdsToDelete fields of your request payload. Here is an example of how to create multiple rules using a POST request (SDKs or HTTP clients): 
curl -X POST \
"https://app.dynamicauth.com/api/v0/environments/<environment_id>/waas/policies" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your_token>" \
-d '{
  "rulesToAdd": [
    {
        "chain": "EVM",
        "chainId": 1,
        "name": "Allow only transaction with the WETH contract on ETH mainnet",
        "ruleType": "allow",
        "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
    },
    {
        "chain": "EVM",
        "chainId": 8453,
        "name": "Allow only transaction with USDC contract on Base mainnet",
        "ruleType": "allow",
        "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
    }
  ]
}'
Here is an example of how to update multiple rules using curl: 
curl -X PUT \
"https://app.dynamicauth.com/api/v0/environments/<environment_id>/waas/policies" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your_token>" \
-d '{
  "rulesToUpdate": [
    {
        "id": <existing_rule_id>,
        "chain": "EVM",
        "chainId": 1,
        "name": "Allow only transaction with the WETH contract on ETH mainnet",
        "ruleType": "allow",
        "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
    },
    {
        "id": <existing_rule_id>,
        "chain": "EVM",
        "chainId": 8453,
        "name": "Allow only transaction with USDC contract on Base mainnet",
        "ruleType": "allow",
        "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
    }
  ]
}'
Here is an example of how to delete multiple rules using curl: 
curl -X DELETE \
"https://app.dynamicauth.com/api/v0/environments/<environment_id>/waas/policies" \
-H "Authorization: Bearer <your_token>" \
-H "Content-Type: application/json" \
-d '{
  "ruleIdsToDelete": ["<existing_rule_id>", "<existing_rule_id>"]
}'

Additional Notes

  • The list of available chains in the dashboard depends on your configuration settings. Some networks may not be available for policy validation.
  • Policies and rules are currently supported only for most EVM and Solana chains, including their respective testnets.
  • Sui embedded wallets are not supported at this time.