Permission Tokens
Permission Tokens enable seamless, pre-approved transaction flows. A user or agent grants a scoped token—bound by spend limit, allowed addresses, chain, and expiration—and subsequent qualifying transactions are signed automatically without additional prompts.
How It Works
- Request — The app or agent requests a Permission Token with specific constraints
- Approval — The user approves the scope (spend limit, addresses, chain, expiry)
- Auto-sign — Qualifying transactions are signed without additional prompts
- Expiry — The token expires after the time limit or spend cap is reached
Constraints
| Parameter | Description |
|---|---|
allowedAddresses | Array of addresses this token can send to. Empty array [] allows any recipient (riskier). |
chainId | The EVM chain ID where this token applies |
requestedAmountUsd | Cumulative USD value limit for all transactions under this token |
requestedExpirySeconds | How long the token remains valid |
In Apps (SDK)
Request a Permission Token via window.waap.requestPermissionToken(), then send transactions with withPT: true to use the pre-approved scope. Transactions return immediately with a pendingTxId using the async transaction flow.
For full SDK implementation details, code examples, and the useWaapTransaction hook integration, see the Permission Tokens SDK guide.
In Agents (CLI)
Pass --permission-token <encoded-token> to any signing or transaction command to bypass 2FA for approved scopes:
waap-cli sign-message --message "Hello" --permission-token <encoded-token>
waap-cli send-tx --to 0xRecipient --value 0.01 --chain-id 1 --permission-token <encoded-token>Related
- Permission Tokens SDK guide — Full implementation with code examples
- Async Transactions — Non-blocking transaction flow
- CLI Commands — CLI command reference