Ctrl+K

Create Wallet Policies

Overview

You can enhance security for your wallets by creating wallet policies. Policy rules control the conditions under which outgoing transactions can occur. When you configure wallet policies, you can:

  • Add wallet admins.
  • Create recipient whitelists.
  • Require admin approval.
  • Set spending limits.
  • Specify final approvers.

Note: For your security, new policy rules lock after 48 hours and can only be unlocked by BitGo support.

When a wallet policy updates, BitGo sends an email notification to all wallet users. However, BitGo doesn't send an email notification for the initial policy creation.

Prerequisites

Steps

  • SDK
  • API
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
const BitGoJS = require('../../../src/index.js');
const bitgo = new BitGoJS.BitGo({ env: 'test' });
const Promise = require('bluebird');

// Set your access token here
const accessToken = 'v2xcbe8617bd58947a9ec41cc7a92e0a9a9d81dc2780669faa59eab3016ad5792ae';
// Set your coin of choice here
const coin = 'tbtc';
// Set your wallet ID here
const walletId ='5d13ddd2ed50ae9603daa81970840e6e';

Promise.coroutine(function *() {
  bitgo.authenticateWithAccessToken({ accessToken });

  const wallet = yield bitgo.coin(coin).wallets().get({ id: walletId });

  console.log(`Setting new velocity limit policy on wallet ${wallet.label()}`);
  const policy = {
              action: {
              type: 'getApproval'
    },
    condition: {
              add: '2N7jDsDaGtZd2p6wb8anxsEZD5Zq2HBfWTT'
    },
    id: 'test_policy',
    type: 'coinAddressWhitelist'
  };

  const result = yield wallet.createPolicyRule(policy);
  console.dir(result);
})();

Step Results

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

{
  "admin": {
    "policy": {
      "id": "59cd72485007a239fb00282ed480da1f",
      "date": "2019-08-24T14:15:22Z",
      "label": "string",
      "latest": true,
      "rules": [
        {
          "id": "string",
          "lockDate": "2019-08-24T14:15:22Z",
          "mutabilityConstraint": "managed",
          "coin": "btc",
          "type": "advancedWhitelist",
          "condition": {
            "amountString": "2000000",
            "timeWindow": 2678400,
            "groupTags": [
              "59cd72485007a239fb00282ed480da1f"
            ],
            "excludeTags": [
              "59cd72485007a239fb00282ed480da1f"
            ]
          },
          "action": {
            "type": "deny",
            "approvalsRequired": 1,
            "userIds": [
              "59cd72485007a239fb00282ed480da1f"
            ]
          }
        }
      ],
      "version": 0
    }
  },
  "allowBackupKeySigning": true,
  "approvalsRequired": 1,
  "balanceString": "string",
  "buildDefaults": {
    "minFeeRate": 12000
  },
  "coin": "btc",
  "coinSpecific": {
    "creationFailure": [
      "b8a828b98dbf32d9fd1875cbace9640ceb8c82626716b4a64203fdc79bb46d26"
    ],
    "pendingChainInitialization": true,
    "rootAddress": "GCTTCPH4IIDK7P72FFAEJ3ZFN6WDHJH6GGMRPHPM56ZWGIQ7B3XTIJAM",
    "stellarUsername": "foo_bar@baz.com",
    "homeDomain": "bitgo.com",
    "stellarAddress": "foo_bar@baz.com*bitgo.com"
  },
  "custodialWallet": {},
  "custodialWalletId": "59cd72485007a239fb00282ed480da1f",
  "deleted": true,
  "disableTransactionNotifications": true,
  "enterprise": "59cd72485007a239fb00282ed480da1f",
  "freeze": {
    "time": "string",
    "expires": "string"
  },
  "id": "59cd72485007a239fb00282ed480da1f",
  "isCold": true,
  "keys": [
    "585951a5df8380e0e304a553",
    "585951a5df8380e0e30d645c",
    "585951a5df8380e0e30b6147"
  ],
  "label": "My Wallet",
  "m": 2,
  "n": 3,
  "nodeId": "59cd72485007a239fb00282ed480da1f",
  "receiveAddress": {
    "id": "59cd72485007a239fb00282ed480da1f",
    "address": "2MvrwRYBAuRtPTiZ5MyKg42Ke55W3fZJfZS",
    "chain": 1,
    "index": 0,
    "coin": "string",
    "lastNonce": -1,
    "wallet": "59cd72485007a239fb00282ed480da1f",
    "coinSpecific": {
      "xlm": {
        "memoId": "2000000",
        "rootAddress": "GCTTCPH4IIDK7P72FFAEJ3ZFN6WDHJH6GGMRPHPM56ZWGIQ7B3XTIJAM"
      },
      "txlm": {
        "memoId": "2000000",
        "rootAddress": "GCTTCPH4IIDK7P72FFAEJ3ZFN6WDHJH6GGMRPHPM56ZWGIQ7B3XTIJAM"
      }
    },
    "balance": {
      "updated": "2019-08-24T14:15:22Z",
      "balance": 50000,
      "balanceString": "50000",
      "totalReceived": 0,
      "totalSent": 0,
      "confirmedBalanceString": "40000",
      "spendableBalanceString": "40000"
    },
    "label": "Bob's Hot Wallet Address",
    "addressType": "p2sh"
  },
  "recoverable": true,
  "tags": [
    "59cd72485007a239fb00282ed480da1f"
  ],
  "spendableBalanceString": "string",
  "startDate": "string",
  "type": "cold",
  "users": [
    {
      "user": "55e8a1a5df8380e0e30e20c6",
      "permissions": [
        "admin",
        "view",
        "spend"
      ]
    }
  ],
  "customChangeKeySignatures": {
    "user": "string",
    "backup": "string",
    "bitgo": "string"
  },
  "multisigType": "onchain"
}

Next Steps

You can view the wallet policies using the Get Wallet API. For details, see API Reference: Get Wallet.

See Also

API Reference: Add Policy Rule