Management API Reference

wallet_grantPermissions

Allow applications to act on behalf of the wallet user.

Grants permissions for an Application to perform actions on behalf of the account. Based on ERC-7715.

Request#


_38
type Request = {
_38
method: 'wallet_grantPermissions',
_38
params: [{
_38
/**
_38
* Address of the account to grant permissions on.
_38
* Defaults to the current account.
_38
*/
_38
address?: `0x${string}`
_38
_38
/** Chain ID to grant permissions on. */
_38
chainId?: `0x${string}`
_38
_38
/** Expiry of the permissions. */
_38
expiry: number
_38
_38
/** Key to grant permissions to. Defaults to a wallet-managed key. */
_38
key?: {
_38
/**
_38
* Public key.
_38
* Accepts an address for `address` & `secp256k1` types.
_38
*/
_38
publicKey?: `0x${string}`,
_38
/** Key type. */
_38
type?: 'address' | 'p256' | 'secp256k1' | 'webauthn-p256',
_38
}
_38
_38
/** Permissions to grant. */
_38
permissions: {
_38
/** Call permissions. */
_38
calls: {
_38
/** Function signature or 4-byte signature. */
_38
signature?: string
_38
/** Authorized target address. */
_38
to?: `0x${string}`
_38
}[],
_38
},
_38
}]
_38
}

Response#


_16
type Response = {
_16
address: `0x${string}`,
_16
chainId: `0x${string}`,
_16
expiry: number,
_16
id: `0x${string}`,
_16
key: {
_16
publicKey: `0x${string}`,
_16
type: 'address' | 'p256' | 'secp256k1' | 'webauthn-p256',
_16
},
_16
permissions: {
_16
calls: {
_16
signature?: string,
_16
to?: `0x${string}`,
_16
}[],
_16
},
_16
}

Example#

To make these instructions concrete, we have created a sample cross-app wallet called Rapidfire ID. To interact with it, you can find its SDK in the NPM package directory: @rapidfire/id.

You can check out the GitHub repository for Rapidfire Wallet to learn how to create your own wallet.

The example below demonstrates granting permissions for an Application to perform transfer calls on the EXP ERC20 contract, with a spending limit of up to 50 EXP per day.

Once permissions have been granted, they will be automatically applied to any calls made by the Application via wallet_sendCalls or eth_sendTransaction.


_20
import RapidfireID from '@rapidfire/id'
_20
import { parseEther, toHex } from 'viem'
_20
_20
const rapidfire = new RapidfireID()
_20
const provider = rapidfire.getEthereumProvider()
_20
_20
const token = '0x706aa5c8e5cc2c67da21ee220718f6f6b154e75c'
_20
_20
const permissions = await provider.request({
_20
method: 'wallet_grantPermissions',
_20
params: [{
_20
expiry: Math.floor(Date.now() / 1000) + 7 * 24 * 60 * 60, // 1 week
_20
permissions: {
_20
calls: [{
_20
signature: 'transfer(address,uint256)',
_20
to: token
_20
}],
_20
},
_20
}],
_20
})