This page provides a complete reference for policy configuration options, limit types, matchers, statuses, and error codes. For API operations (create, delete, list), see Manage policies.
| Limit type | API value | Duration required | Description |
|---|---|---|---|
| Per transaction | PER_TX | No | Maximum per single transaction |
| Rolling duration | ROLLING_DURATION | Yes | Maximum over a sliding time window |
| Max total value | CONSTANT | No | Lifetime cap on total withdrawals |
| Matcher | API value | Filters by |
|---|---|---|
| Transaction type | TRANSACTION_TYPE | Type of blockchain transaction |
| User | USER | User who initiated the transaction |
| API credential | API_CREDENTIAL | API credential that submitted the request |
| Address | ADDRESS_ID | Destination address (from address book) |
| Counterparty | COUNTERPARTY_ID | Counterparty receiving funds |
| Wallet | WALLET_ID | Related wallet reference |
| Sign for | SIGN_FOR | Address being signed for (multi-sig) |
| Duration | Value | Notes |
|---|---|---|
| 1 hour | "3600s" | 60 × 60 seconds |
| 4 hours | "14400s" | 60 × 60 × 4 seconds |
| 24 hours | "86400s" | 60 × 60 × 24 seconds |
| 7 days | "604800s" | 60 × 60 × 24 × 7 seconds |
| 30 days | "2592000s" | 60 × 60 × 24 × 30 seconds |
Limits the maximum amount for any single transaction.
| Field | Value |
|---|---|
limitType | "PER_TX" |
duration | Not used (returns "0s") |
Example: Limit single ETH transactions to 10 ETH maximum.
{
"limitType": "PER_TX",
"symbol": "ETH",
"limitQty": "10"
}Limits the cumulative amount over a sliding time window.
| Field | Value |
|---|---|
limitType | "ROLLING_DURATION" |
duration | Required. Window size in seconds |
Common duration values:
| Duration | Value |
|---|---|
| 1 hour | "3600s" |
| 24 hours | "86400s" |
| 7 days | "604800s" |
| 30 days | "2592000s" |
Example: Limit ETH withdrawals to 100 ETH per 24 hours.
{
"limitType": "ROLLING_DURATION",
"symbol": "ETH",
"limitQty": "100",
"duration": "86400s"
}Sets a lifetime cap on total withdrawals. Once reached, no further withdrawals are permitted.
| Field | Value |
|---|---|
limitType | "CONSTANT" |
duration | Not used (returns "0s") |
Example: Limit total ETH withdrawals to 1,000 ETH ever.
{
"limitType": "CONSTANT",
"symbol": "ETH",
"limitQty": "1000"
}Matchers filter which transactions a policy applies to. Add matchers to create policies that target specific scenarios.
| Type | Description | Value format |
|---|---|---|
TRANSACTION_TYPE | Filter by transaction type | Transaction type string |
USER | Filter by initiating user | User UUID |
API_CREDENTIAL | Filter by API credential used | Credential UUID |
ADDRESS_ID | Filter by destination address | Address book entry UUID |
COUNTERPARTY_ID | Filter by counterparty | Counterparty UUID |
WALLET_ID | Filter by related wallet | Wallet UUID |
SIGN_FOR | Filter by address being signed for | Blockchain address |
Applies the policy only to transactions of a specific type.
Values by blockchain:
| Blockchain | Transaction types |
|---|---|
| Ethereum/EVM | WITHDRAWAL, TRANSFER |
| XRP Ledger | Payment, OfferCreate, OfferCancel, TrustSet, EscrowCreate, EscrowFinish, AMMCreate, AMMDeposit, AMMWithdraw |
| Bitcoin | WITHDRAWAL |
XRP Ledger transaction type values are case-sensitive and use PascalCase (for example, OfferCreate, not OFFER_CREATE). EVM and Bitcoin types use uppercase (for example, WITHDRAWAL).
AMMCreate and AMMDeposit transactions withdraw multiple assets from the wallet. The policy engine requires policies for each affected asset. For issued assets (such as RLUSD or USD), the policy must include the issuer. See the AMM APIs changelog for details.
{
"limitType": "PER_TX",
"symbol": "XRP",
"limitQty": "1000",
"matchers": [
{
"type": "TRANSACTION_TYPE",
"value": "Payment"
}
]
}Applies the policy only when a specific user initiates the transaction.
{
"matchers": [
{
"type": "USER",
"value": "8617b5b5-dfcf-4ffc-9f46-f7cec35a88bd"
}
]
}Applies the policy only when a specific API credential submits the transaction.
{
"matchers": [
{
"type": "API_CREDENTIAL",
"value": "cred-uuid-here"
}
]
}Applies the policy only when sending to a specific address from your address book.
{
"matchers": [
{
"type": "ADDRESS_ID",
"value": "019d1b00-c1f5-77a0-bda7-0a3d09c668b9"
}
]
}Applies the policy only when sending to a specific counterparty.
{
"matchers": [
{
"type": "COUNTERPARTY_ID",
"value": "019d1b00-c1f5-77a0-bda7-0a3d09c668b9"
}
]
}Applies the policy only when signing for a specific address. Use this matcher for multi-signature scenarios where your wallet signs on behalf of another address.
{
"matchers": [
{
"type": "SIGN_FOR",
"value": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh"
}
]
}If you delete a counterparty, address, or user that is referenced by a policy's matcher, the policy continues to exist with the now-invalid reference. No transaction will match the deleted entity, so the policy becomes effectively unmatchable. If it is the only policy for that asset, this silently blocks all matching transactions. Always check for policies referencing an entity before deleting it.
You can add multiple matchers to a single policy. The transaction must match all matchers for the policy to apply.
Example: Limit a specific user to 50 ETH per transaction when sending to a specific counterparty.
{
"limitType": "PER_TX",
"symbol": "ETH",
"limitQty": "50",
"matchers": [
{
"type": "USER",
"value": "user-uuid-here"
},
{
"type": "COUNTERPARTY_ID",
"value": "counterparty-uuid-here"
}
]
}For ERC-20 tokens, include the contract field with the token's contract address.
{
"limitType": "PER_TX",
"symbol": "USDC",
"limitQty": "10000",
"contract": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
}If you omit the contract field for an ERC-20 token, the API may accept the request but the policy will not match any transactions. Always include the contract address for ERC-20 policies.
| Status | Active | Can delete | Description |
|---|---|---|---|
LIMIT_CREATION_APPROVAL_PENDING | No | No | Waiting for creation approval |
LIMIT_ENABLED | Yes | Yes | Active and enforcing |
LIMIT_REJECTED | No | No | Creation rejected; terminal state |
LIMIT_DELETION_APPROVAL_PENDING | Yes | No | Waiting for deletion approval; still enforcing |
LIMIT_DELETED | No | No | Deleted; terminal state |
| Code | Reason | Message | When it occurs |
|---|---|---|---|
PAL006.023 | Conflict | "limit policy already exists" | Creating a policy with the same wallet, limit type, symbol, and matchers as an existing policy (including rejected policies) |
PAL006.016 | Forbidden | "action not allowed" | Deleting a policy that is still pending approval |
PAL000.002 | Unauthorized | "unauthorized request" | Missing required API scope or accessing a vault you don't have permission for |
- Policy concepts – Understand scope, lifecycle, and evaluation
- Manage policies – Step-by-step guide and API operations
- Policy best practices – Recommended patterns and troubleshooting