This guide walks you through creating, modifying, and deleting transaction policies in the Wallet-as-a-Service (Palisade) console.
Complete these prerequisites before creating policies:
| Requirement | Description |
|---|---|
| Vault created | You need an existing vault. See Create your first vault. |
| Wallet created | You need an existing wallet within the vault. See Create your first wallet. |
| Console access | You need access to the Wallet-as-a-Service (Palisade) console with permission to view the wallet. |
| API credentials (for API usage) | Credentials with keylimit:create scope to create policies, keylimit:read to list them, and keylimit:delete to remove them. |
You must create a policy for an asset before you can send outgoing transactions with that asset.
To create a policy in the console:
- Navigate to your wallet in the Wallet-as-a-Service (Palisade) console.
- Select the Policies tab.
- Click Add Policy.
- Select the asset – Choose which digital asset the policy governs. The form displays assets you currently hold. To create a policy for an asset not yet in your wallet, click Switch to non-standard asset and enter the contract address and symbol.
- Choose the policy type – Select per transaction, rolling duration, or max total value. For rolling duration policies, select a preset time window or enter a custom duration. See Policy reference for details on each limit type.
- Set the value limit – Enter the maximum amount in the asset's native units (for example, ETH, not wei).
- Configure destinations (optional) – Choose which destinations the policy allows:
- All counterparties and wallets – The policy applies to transactions to any destination
- Selected counterparties – The policy only applies when sending to specific counterparties
- Selected addresses – The policy only applies when sending to specific addresses from your address book
- Selected wallets – The policy only applies when sending to specific wallets within your organization
- Add optional filters – Narrow when the policy applies:
- Initiator – Limit to transactions initiated by a specific user or API credential
- Sign for address – Limit to transactions signing for a specific address (multi-signature scenarios)
- Transaction type – Limit to specific transaction types (for example, withdrawals only)
- Review your configuration and click Add Policy.
What happens next depends on your organization's approval configuration:
- With approval groups configured: The policy enters Pending approval status. Designated approvers receive a notification to review the policy. After the required number of approvers authorize it, the policy becomes active. If approvers do not respond within the timeout window, or if too many skip, the policy is rejected.
- Without approval groups configured: The policy activates immediately after creation. You can start using it right away.
Navigate to Controls > Approvals to see if an approval group exists for Policy rules. See Approvals to configure approval groups.
Each policy displays its current status in the Policies tab. Statuses include pending approval, active, rejected, pending deletion, and deleted. See Policy reference for the complete status reference.
Policies are immutable—you cannot edit an existing policy. To change a policy, create a new one with the updated values, wait for approval if required, then delete the old policy.
Create the new policy before deleting the old one. This ensures continuous protection with no window where no policy applies.
See Policy concepts for why policies are immutable.
- In the Policies tab, find the policy you want to remove.
- Click the actions menu (three dots) on the policy row.
- Select Delete.
What happens after deletion:
- With approval groups: The policy enters Pending deletion status. It continues enforcing transactions until approvers authorize the deletion.
- Without approval groups: The policy is deleted immediately and stops enforcing.
You cannot delete a policy that is still pending creation approval. Wait for it to be approved or rejected first.
All policy operations use the wallet-level endpoint:
/v2/vaults/{vaultId}/wallets/{walletId}/policy-rules/limits| Operation | Method | Endpoint | Required scope |
|---|---|---|---|
| List policies | GET | /policy-rules/limits | keylimit:read |
| Create policy | PUT | /policy-rules/limits | keylimit:create |
| Delete policy | DELETE | /policy-rules/limits/{limitId} | keylimit:delete |
The API does not support updating existing policies. To modify a policy, delete the existing one and create a new policy with the updated values.
Send a PUT request to create a new policy.
Request body:
{
"limitType": "PER_TX",
"symbol": "ETH",
"limitQty": "10",
"duration": "86400s",
"contract": "0x...",
"matchers": [
{
"type": "TRANSACTION_TYPE",
"value": "WITHDRAWAL"
}
]
}Field reference:
| Field | Type | Required | Description |
|---|---|---|---|
limitType | string | Yes | One of PER_TX, ROLLING_DURATION, or CONSTANT |
symbol | string | Yes | Asset symbol (for example, ETH, BTC, USDC) |
limitQty | string | Yes | Maximum amount as a decimal string in the asset's native units (for example, "10", "0.5"). Supports up to 18 decimal places. |
duration | string | Conditional | Required for ROLLING_DURATION. Time window in seconds (for example, "86400s" for 24 hours) |
contract | string | Conditional | Required for ERC-20 tokens. The token contract address |
matchers | array | No | Optional filters to narrow which transactions the policy applies to |
See Policy reference for complete limit type and matcher documentation.
Response:
A successful request returns the created policy object:
{
"id": "f1dc7bc7-107c-40df-b254-50f2e041e575",
"walletId": "019bec51-ab18-7284-907a-dd7747277116",
"vaultId": "019be892-2834-7435-be18-bc13ac4c73ce",
"organizationId": "a9a1de05-0b19-4fca-8597-1199353bd569",
"limitType": "PER_TX",
"limitQty": "10",
"duration": "0s",
"asset": {
"symbol": "ETH",
"blockchain": "ETHEREUM"
},
"matchers": [],
"status": "LIMIT_CREATION_APPROVAL_PENDING",
"active": false,
"createdAt": "2026-03-23T17:07:04.365103Z",
"createdBy": "8617b5b5-dfcf-4ffc-9f46-f7cec35a88bd"
}Send a DELETE request to remove a policy.
DELETE /v2/vaults/{vaultId}/wallets/{walletId}/policy-rules/limits/{limitId}The deletion follows the same approval workflow as creation. If approval groups are configured, the policy enters LIMIT_DELETION_APPROVAL_PENDING status and continues enforcing until approvers authorize the deletion.
You cannot delete a policy that is still in LIMIT_CREATION_APPROVAL_PENDING status. Wait for it to be approved or rejected first.
You can create multiple policies for the same asset when:
- The policies have different limit types (for example, one PER_TX and one ROLLING_DURATION)
- The policies have different filters (for example, one for all transactions and one for a specific user)
When you submit a transaction, the system checks all matching policies. The transaction must pass every applicable policy to proceed.
A policy matches a transaction if the wallet, asset, and all configured filters align with the transaction details. See Policy concepts for how policy evaluation works.
- Policy concepts - Understand scope, lifecycle, and evaluation
- Policy reference - Complete reference for limit types, matchers, and statuses
- Policy best practices - Recommended patterns and troubleshooting