# Manage policies

This guide walks you through creating, modifying, and deleting transaction policies in the Wallet-as-a-Service (Palisade) console.

## Before you begin

Complete these prerequisites before creating policies:

| Requirement | Description |
|  --- | --- |
| **Vault created** | You need an existing vault. See [Create your first vault](/products/wallet/getting-started/create-your-first-vault). |
| **Wallet created** | You need an existing wallet within the vault. See [Create your first wallet](/products/wallet/getting-started/create-your-first-wallet). |
| **Console access** | You need access to the Wallet-as-a-Service (Palisade) console with permission to view the wallet. |
| **API credentials (for API usage)** | Credentials with `keylimit:create` scope to create policies, `keylimit:read` to list them, and `keylimit:delete` to remove them. |


Wallets are deposit-only by default
You must create a policy for an asset before you can send outgoing transactions with that asset.

## Create a policy via the UI

To create a policy in the console:

1. Navigate to your wallet in the Wallet-as-a-Service (Palisade) console.
2. Select the **Policies** tab.
3. Click **Add Policy**.
4. **Select the asset** – Choose which digital asset the policy governs. The form displays assets you currently hold. To create a policy for an asset not yet in your wallet, click **Switch to non-standard asset** and enter the contract address and symbol.
5. **Choose the policy type** – Select **per transaction**, **rolling duration**, or **max total value**. For rolling duration policies, select a preset time window or enter a custom duration. See [Policy reference](/products/wallet/user-interface/policies/policies-reference#limit-types) for details on each limit type.
6. **Set the value limit** – Enter the maximum amount in the asset's native units (for example, ETH, not wei).
7. **Configure destinations (optional)** – Choose which destinations the policy allows:
  - **All counterparties and wallets** – The policy applies to transactions to any destination
  - **Selected counterparties** – The policy only applies when sending to specific counterparties
  - **Selected addresses** – The policy only applies when sending to specific addresses from your address book
  - **Selected wallets** – The policy only applies when sending to specific wallets within your organization
8. **Add optional filters** – Narrow when the policy applies:
  - **Initiator** – Limit to transactions initiated by a specific user or API credential
  - **Sign for address** – Limit to transactions signing for a specific address (multi-signature scenarios)
  - **Transaction type** – Limit to specific transaction types (for example, withdrawals only)
9. Review your configuration and click **Add Policy**.


## After you create a policy

What happens next depends on your organization's approval configuration:

- **With approval groups configured:** The policy enters **Pending approval** status. Designated approvers receive a notification to review the policy. After the required number of approvers authorize it, the policy becomes active. If approvers do not respond within the timeout window, or if too many skip, the policy is rejected.
- **Without approval groups configured:** The policy **activates immediately** after creation. You can start using it right away.


Check your approval configuration
Navigate to **Controls > Approvals** to see if an approval group exists for Policy rules. See [Approvals](/products/wallet/user-interface/security-controls/approvals) to configure approval groups.

## View policy status

Each policy displays its current status in the Policies tab. Statuses include pending approval, active, rejected, pending deletion, and deleted. See [Policy reference](/products/wallet/user-interface/policies/policies-reference#policy-statuses) for the complete status reference.

## Modify a policy

Policies are immutable—you cannot edit an existing policy. To change a policy, create a new one with the updated values, wait for approval if required, then delete the old policy.

Avoid protection gaps
Create the new policy before deleting the old one. This ensures continuous protection with no window where no policy applies.

See [Policy concepts](/products/wallet/user-interface/policies/policies-concepts#policy-immutability) for why policies are immutable.

## Delete a policy via the UI

1. In the Policies tab, find the policy you want to remove.
2. Click the **actions menu** (three dots) on the policy row.
3. Select **Delete**.


**What happens after deletion:**

- **With approval groups:** The policy enters **Pending deletion** status. It continues enforcing transactions until approvers authorize the deletion.
- **Without approval groups:** The policy is deleted immediately and stops enforcing.


Cannot delete pending policies
You cannot delete a policy that is still pending creation approval. Wait for it to be approved or rejected first.

## Create a policy via the API

All policy operations use the wallet-level endpoint:


```
/v2/vaults/{vaultId}/wallets/{walletId}/policy-rules/limits
```

| Operation | Method | Endpoint | Required scope |
|  --- | --- | --- | --- |
| List policies | `GET` | `/policy-rules/limits` | `keylimit:read` |
| Create policy | `PUT` | `/policy-rules/limits` | `keylimit:create` |
| Delete policy | `DELETE` | `/policy-rules/limits/{limitId}` | `keylimit:delete` |


No update operation
The API does not support updating existing policies. To modify a policy, delete the existing one and create a new policy with the updated values.

Send a `PUT` request to create a new policy.

**Request body:**


```json
{
  "limitType": "PER_TX",
  "symbol": "ETH",
  "limitQty": "10",
  "duration": "86400s",
  "contract": "0x...",
  "matchers": [
    {
      "type": "TRANSACTION_TYPE",
      "value": "WITHDRAWAL"
    }
  ]
}
```

**Field reference:**

| Field | Type | Required | Description |
|  --- | --- | --- | --- |
| `limitType` | string | Yes | One of `PER_TX`, `ROLLING_DURATION`, or `CONSTANT` |
| `symbol` | string | Yes | Asset symbol (for example, `ETH`, `BTC`, `USDC`) |
| `limitQty` | string | Yes | Maximum amount as a decimal string in the asset's native units (for example, `"10"`, `"0.5"`). Supports up to 18 decimal places. |
| `duration` | string | Conditional | Required for `ROLLING_DURATION`. Time window in seconds (for example, `"86400s"` for 24 hours) |
| `contract` | string | Conditional | Required for ERC-20 tokens. The token contract address |
| `matchers` | array | No | Optional filters to narrow which transactions the policy applies to |


See [Policy reference](/products/wallet/user-interface/policies/policies-reference#limit-types) for complete limit type and matcher documentation.

**Response:**

A successful request returns the created policy object:


```json
{
  "id": "f1dc7bc7-107c-40df-b254-50f2e041e575",
  "walletId": "019bec51-ab18-7284-907a-dd7747277116",
  "vaultId": "019be892-2834-7435-be18-bc13ac4c73ce",
  "organizationId": "a9a1de05-0b19-4fca-8597-1199353bd569",
  "limitType": "PER_TX",
  "limitQty": "10",
  "duration": "0s",
  "asset": {
    "symbol": "ETH",
    "blockchain": "ETHEREUM"
  },
  "matchers": [],
  "status": "LIMIT_CREATION_APPROVAL_PENDING",
  "active": false,
  "createdAt": "2026-03-23T17:07:04.365103Z",
  "createdBy": "8617b5b5-dfcf-4ffc-9f46-f7cec35a88bd"
}
```

## Delete a policy via the API

Send a `DELETE` request to remove a policy.


```bash
DELETE /v2/vaults/{vaultId}/wallets/{walletId}/policy-rules/limits/{limitId}
```

The deletion follows the same approval workflow as creation. If approval groups are configured, the policy enters `LIMIT_DELETION_APPROVAL_PENDING` status and continues enforcing until approvers authorize the deletion.

Cannot delete pending policies
You cannot delete a policy that is still in `LIMIT_CREATION_APPROVAL_PENDING` status. Wait for it to be approved or rejected first.

## Multiple policies for the same asset

You can create multiple policies for the same asset when:

- The policies have **different limit types** (for example, one PER_TX and one ROLLING_DURATION)
- The policies have **different filters** (for example, one for all transactions and one for a specific user)


When you submit a transaction, the system checks **all matching policies**. The transaction must pass every applicable policy to proceed.

Policy matching
A policy matches a transaction if the wallet, asset, and all configured filters align with the transaction details. See [Policy concepts](/products/wallet/user-interface/policies/policies-concepts) for how policy evaluation works.

## Related documentation

- [Policy concepts](/products/wallet/user-interface/policies/policies-concepts) - Understand scope, lifecycle, and evaluation
- [Policy reference](/products/wallet/user-interface/policies/policies-reference) - Complete reference for limit types, matchers, and statuses
- [Policy best practices](/products/wallet/user-interface/policies/policies-best-practices) - Recommended patterns and troubleshooting