Create Whitelists
Overview
You can enhance security for a wallet by whitelisting the following:
- Bank Accounts - Whitelist your bank accounts to enable withdrawing fiat currency. BitGo enables fiat withdraws only to whitelisted bank accounts. Bank account whitelists apply to your whole enterprise.
- Address and Wallets - Whitelisting crypto addresses and wallets creates a wallet policy. Wallet policies dictate what actions trigger when a withdrawal initiates to a non-whitelisted address or wallet. For example, you can configure a wallet policy to automatically deny transactions to non-whitelisted addresses or require approval from an admin to proceed. Wallet policies are specific to individual wallets.
When you update a wallet policy, BitGo sends an email notification to all wallet users. However, BitGo doesn't send an email notification when you initially create a wallet policy. For your security, new wallet-policy rules lock after 48 hours and can only be unlocked by BitGo support. Wallet policies are different than enterprise policies. To learn more about enterprise policies, see Policy Builder Overview.
Note: Wallet-policies apply only to transactions that involve the BitGo key. Transactions that use the user key and the backup key bypass wallet policies. For more details about transacting with the backup key, see Set Up Wallet Recovery Wizard.
Prerequisites
Steps
1. Create Wallet Policy
Endpoint: Add wallet-policy rule
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24export COIN="<ASSET_ID>" export WALLET_ID="<YOUR_WALLET_ID>" export ACCESS_TOKEN="<YOUR_ACCESS_TOKEN>" export ID="<NAME_OF_WHITELIST>" export ITEM="<ADDRESS_TO_WHITELIST>" curl -X POST \ "https://app.bitgo-test.com/api/v2/$COIN/wallet/$WALLET_ID/policy/rule" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -d '{ "coin": "'"$COIN"'", "id": "'"$ID"'", "type": "advancedWhitelist", "condition": { "add": { "type": "address", "item": "'"$ITEM"'" } }, "action": { "type": "deny" # this configures what happens to transactions to non-whitelisted addresses } }'
Step Result
If creating the whitelist doesn't require approval, it's now in effect.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88{ "id": "66e9f4bb549f6c3957f8977fe3ed6ab4", "users": [ { "user": "62ab90e06dfda30007974f0a52a12995", "permissions": ["admin", "spend", "view"] } ], "coin": "tbtc4", "label": "Policy Wallet 2", "m": 2, "n": 3, "keys": [ "66e9f4ac6bfc0956265268311208afd7", "66e9f4ac9231837dc9c945a6c4a725d0", "66e9f4adbfe06bac12b54a93d22b6dfc" ], "keySignatures": {}, "enterprise": "62c5ae8174ac860007aff138a2d74df7", "bitgoOrg": "BitGo Trust", "tags": [ "66e9f4bb549f6c3957f8977fe3ed6ab4", "62c5ae8174ac860007aff138a2d74df7" ], "disableTransactionNotifications": false, "freeze": {}, "deleted": false, "approvalsRequired": 1, "isCold": false, "coinSpecific": {}, "admin": { "policy": { "date": "2024-09-18T22:05:21.220Z", "id": "66e9f4bb549f6c3957f897824915d45f", "label": "default", "rules": [ { "id": "My First Wallet Policy for a Whitelist", "lockDate": "2025-09-18T22:05:21.219Z", "coin": "tbtc4", "type": "advancedWhitelist", "action": { "type": "deny", "userIds": [] }, "condition": { "entries": [ { "item": "2N6CWMMYXdufJyBa16KNorHs8AakXcqyHhf", "type": "address" } ] } } ], "version": 5, "latest": true } }, "clientFlags": [], "walletFlags": [], "allowBackupKeySigning": false, "recoverable": true, "startDate": "2024-09-17T21:29:31.000Z", "type": "hot", "buildDefaults": {}, "customChangeKeySignatures": {}, "hasLargeNumberOfAddresses": false, "multisigType": "onchain", "hasReceiveTransferPolicy": false, "config": {}, "balance": 0, "balanceString": "0", "rbfBalance": 0, "rbfBalanceString": "0", "confirmedBalance": 0, "confirmedBalanceString": "0", "spendableBalance": 0, "spendableBalanceString": "0", "unspentCount": 0, "receiveAddress": { "id": "66e9f4bc549f6c3957f897a441904bff", "address": "tb1pv2jfqgu2py8unuwrgraegqqw3ds022lvx2f29hg2av504l4rtjhqld35ns", "chain": 40, "index": 1, "coin": "tbtc4", "wallet": "66e9f4bb549f6c3957f8977fe3ed6ab4", "coinSpecific": {} }, "pendingApprovals": [] }
2. Approve Whitelist (Optional)
Note: If your new wallet policy requires approval, another admin must approve it.
Endpoint: Update Pending Approval
1 2 3 4 5 6 7 8 9 10 11 12export APPROVAL_ID="<APPROVAL_ID>" export ACCESS_TOKEN="<YOUR_ACCESS_TOKEN>" export OTP="<YOUR_OTP>" curl -X PUT \ https://app.bitgo-test.com/api/v2/pendingApprovals/$APPROVAL_ID \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -d '{ "state": "approved", "otp": "'"$OTP"'" }'
Step Result
Your wallet policy is approved and your whitelist is now in effect.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48{ "id": "66edb22fbef3fef723292c7b14ae01f3", "coin": "tbtc4", "wallet": "66e9aba320e050e4334b23285bfe3b2e", "wallets": [], "enterprise": "62c5ae8174ac860007aff138a2d74df7", "bitgoOrg": "BitGo Trust", "creator": "62ab90e06dfda30007974f0a52a12995", "createDate": "2024-09-20T17:34:39.157Z", "approvedDate": "2024-09-20T17:37:57.246Z", "info": { "type": "policyRuleRequest", "policyRuleRequest": { "action": "create", "update": { "id": "My First Wallet Policy for a Whitelist", "type": "advancedWhitelist", "action": { "type": "deny", "userIds": [] }, "condition": { "add": { "type": "address", "item": "2N6CWMMYXdufJyBa16KNorHs8AakXcqyHhf" } }, "coin": "tbtc4" } } }, "approvers": [], "state": "approved", "scope": "wallet", "userIds": [ "62ab90e06dfda30007974f0a52a12995", "627ff9325a5c1b0007c05a40d15e1522" ], "approvalsRequired": 1, "singleRunResults": [], "resolvers": [ { "user": "627ff9325a5c1b0007c05a40d15e1522", "date": "2024-09-20T17:37:55.612Z", "resolutionType": "pending", "resolutionAction": "approve" } ], "actions": [], "resolutionOrder": [] }
Next
You can view whitelists and wallet policies using the Get Wallet endpoint.