# Authorize an MPT holder

Manage holder authorization for MPTs that require issuer approval.

## How authorization works

When an MPT is created with `lsfMPTRequireAuth`, holders cannot receive tokens until the issuer explicitly authorizes them. This enables controlled distribution and compliance workflows.

Authorization is a two-step process:

1. **Holder opt-in** — The holder submits `MPTokenAuthorize` to express interest in the MPT.
2. **Issuer approval** — The issuer submits `MPTokenAuthorize` with the holder's address to grant permission.


If `lsfMPTRequireAuth` is not set, holders can receive tokens after their own opt-in without issuer approval.

## Prerequisites

- You are the issuer of the MPT
- The MPT has `lsfMPTRequireAuth` enabled
- The holder has already submitted their opt-in `MPTokenAuthorize`


## Authorize a holder

To authorize a holder to receive your MPT, submit an `MPTokenAuthorize` transaction:


```json
{
  "payload": {
    "id": "{{intent_id}}",
    "accountId": "{{issuer_account_id}}",
    "parameters": {
      "type": "XRPL",
      "feeStrategy": {
        "priority": "Medium",
        "type": "Priority"
      },
      "operation": {
        "type": "MPTokenAuthorize",
        "tokenIdentifier": {
          "issuanceId": "000004C463C52827307480341125DA0577AFFC21D4B2D0831E",
          "type": "MPTokenIssuanceId"
        },
        "holder": {
          "address": "rHolderAddress...",
          "type": "Address"
        },
        "flags": []
      }
    },
    "customProperties": {},
    "type": "v0_CreateTransactionOrder"
  }
}
```

## Parameters

| Field | Type | Required | Description |
|  --- | --- | --- | --- |
| `tokenIdentifier.issuanceId` | string | Yes | The 192-bit MPT issuance ID. |
| `tokenIdentifier.type` | string | Yes | Must be `MPTokenIssuanceId`. |
| `holder` | object | Yes | The holder to authorize. |
| `holder.type` | string | Yes | One of: `Account` (internal account UUID), `Address` (XRPL address), or `Endpoint` (endpoint UUID). |
| `holder.address` | string | Conditional | The holder's XRPL address to authorize. Required when `holder.type` is `Address`. |
| `holder.accountId` | string | Conditional | Internal account UUID. Required when `holder.type` is `Account`. |
| `holder.endpointId` | string | Conditional | Endpoint UUID. Required when `holder.type` is `Endpoint`. |
| `flags` | array | Yes | Empty array `[]` for authorization. |


## Revoke authorization

To revoke a holder's authorization, include the `tfMPTUnauthorize` flag:


```json
{
  "operation": {
    "type": "MPTokenAuthorize",
    "tokenIdentifier": {
      "issuanceId": "000004C463C52827307480341125DA0577AFFC21D4B2D0831E",
      "type": "MPTokenIssuanceId"
    },
    "holder": {
      "address": "rHolderAddress...",
      "type": "Address"
    },
    "flags": ["tfMPTUnauthorize"]
  }
}
```

Revoking authorization does not remove the holder's tokens. Use [clawback](/products/custody/v1.36/accounts-and-assets/tokenization/xrpl-mpts/issuer/clawback) to recover tokens before revoking if needed.

## Response

A successful request returns the transaction order with status `Pending`. After confirmation, the holder can receive tokens from the issuer or other authorized holders.

## Authorization workflow


```mermaid
sequenceDiagram
    participant H as Holder
    participant I as Issuer
    participant L as XRPL

    H->>L: MPTokenAuthorize (opt-in)
    I->>L: MPTokenAuthorize (approve holder)
    I->>L: Payment (mint to holder)
    L->>H: Tokens credited
```

## Related topics

- [Multi-purpose tokens](/products/custody/v1.36/accounts-and-assets/tokenization/xrpl-mpts#supported-operations) — Overview of MPT operations.
- [Authorize MPT (holder)](/products/custody/v1.36/accounts-and-assets/tokenization/xrpl-mpts/holder/authorize) — Holder-side authorization.
- [Mint tokens](/products/custody/v1.36/accounts-and-assets/tokenization/xrpl-mpts/issuer/mint) — Issue tokens to authorized holders.
- MPTokenAuthorize — XRPL transaction reference.