Wallaby
  • Introduction
    • Welcome
    • Getting Started
    • Key Architecture Overview
    • SDK vs API
    • Authentication Overview
    • Security Overview
      • Wallaby System Security
      • Securing User Access Token
      • Securing API keys
      • Securing Device Auth Key
      • Securing the Seed Phrase
        • API only: Choosing encryption factors for the seed phrase
  • Capabilities
    • Core Wallet
      • Wallet Creation
      • Wallet Recovery
      • Wallet Export
      • Wallet Import
      • Seed Phrase Recovery (Beta)
    • Wallet Services
      • Asset Listings By Wallet Holders
      • Transfers
      • Spending Authorization
    • Wallet Data
      • View Assets, Addresses, & Balances
      • Transaction History & Status
      • Service Availability
  • Consumer Application SDK
    • SDK Quick Start
    • Authentication with the SDK
      • Account Creation
      • Login
      • Refresh Access
      • Update Client Public Key
    • Core Wallet SDK
      • Creating a wallet with the SDK
      • Recovering a wallet with the SDK
      • Exporting a wallet with the SDK
      • Importing a wallet with the SDK
    • Wallet Services SDK
      • Spending Authorization (Allowance) with the SDK
      • Transfers with the SDK
        • Use Case: Preparing a Transfer
    • Wallet Data SDK
      • Assets, Addresses, & Balance Fetching with the SDK
      • Transaction History with the SDK
      • Transaction Status with the SDK
      • Service Availability with the SDK
  • Consumer Application APIs
    • API Quick Start
    • API Authentication
      • Sign Up
      • Sign In
    • Core Wallet APIs
      • Creating a wallet with APIs
      • Recovering a wallet with APIs
      • Export a wallet with APIs
      • Import a wallet with APIs
    • Wallet Data APIs
      • Assets, Addresses, & Balance Fetching APIs
      • Transaction History APIs
      • Transaction Status APIs
    • Wallet Services APIs
      • Asset Listings By Wallet Holders API
      • Transfer API
      • Spending Authorization (Allowance) API
      • Algorand Opt In
    • Blockchain Specific APIs
      • Algorand Only APIs
      • EVM Only APIs
    • Error Codes
  • Wallet Administration
    • Admin Applications
      • Admin Authentication
      • Admin Security
      • Programmatically Listing Assets with the SDK
      • Programmatically Listing Assets as a Business
    • Admin Portal
      • Asset Listings By Your Business
        • Manually List Assets
        • Automate Listing Assets
Powered by GitBook
On this page
  • What is a spending authorization?
  • Use Case Examples
  • How to grant a spending authorization
  1. Capabilities
  2. Wallet Services

Spending Authorization

What is a spending authorization?

A spending authorization is used in cases where you or a vendor need to move funds from a user's wallet at a future point in time. Because the wallet is self-custodied, you typically cannot move funds on behalf of a wallet holder without their involvement at the moment of the transaction.

However, for some assets and blockchains, they can authorize another wallet holder to move funds on their behalf in form of an "allowance transaction." Once the allowance is granted to another wallet holder, that wallet holder has authorization to move funds up to the amount specified.

This authorization happens per asset and can be reversed with a second authorization. Please note: Because this is a blockchain transaction, there is a fee associated with this.

Use Case Examples

Many vendors in defi require allowances to utilize their services. The most common example of this are exchanges. Since the exchange of one asset for another can only be complete when a match is found, exchanges utilize the allowance to move funds directly between sellers and buyers.

{wires for secondaries}

Allowances transactions may also be used for other purposes that require third party spending. Example: granting a peer spending authorization or setting a future purchase order based on some off-chain event.

{wires for price based purchase}

Because you are authorizing a third party to spend funds on behalf of a wallet holder, consideration should be given on...

  • how to inform the wallet holder of the consequences of that action

  • how to minimize the authorized amount

  • whether the addresses of authorized spenders should be restricted to avoid scams

  • how to give the capability to undo that action at the discretion of the wallet holder.

{wires for an authorization center}

How to grant a spending authorization

With our SDK, you can simply use the transfer function as described in Spending Authorization (Allowance) with the SDK to execute a transfer. Before doing so you should confirm that the encrypted seed is available in the expected storage location. If the keys are as expected, then the SDK will take care of auth, decryption, encryption/transport, and calling the transfer API for you.

Although the SDK, wraps up the complexity described below into streamlined functions, the SDK may not be the right fit depending on your use case. If that's the case, you can still utilize the APIs to grant spending authorizations to other wallets.

Flow of Operations

1. Preliminary Actions

Before you attempt to grant a spending authorization, we recommend that you avoid error scenarios by checking...

  1. that the encrypted seed is in the expected storage location

  2. that the wallet holder has enough balance to send the desired amount (using our balance API)

  3. that the wallet holder has enough balance to pay fees (using our balance API)

  4. that wallet holder is informed about the fee (using our fee API)

  5. that any restrictions on the third party spender's address or allowed amount are enforced

2. Wallaby Authentication

Wallaby requires both an API key and an access token in order to utilize our APIs. With both those requirements, we are able to authenticate your system to utilize the Wallaby APIs. However, we still need to authenticate the user themselves. Wallaby's authentication system for end users utilizes SRP protocol. Read more about it in . For more implementation information, go to .

3. Seed Phrase Decryption

When authentication is complete, you will need to fetch the encrypted seed phrase from the designated storage location. In order to display the seed phrase to the wallet holder for storage, you will need to decrypt it using the client auth private key. Read more about this in

4. Seed Phrase Encryption/Transport

To keep the the user's seed phrase secure, you will need to encrypt it first. In order to do this, you should utilize the Wallaby auth public key you retrieved in the authentication process. Read more about this in . After the seed phrase is encrypted, you can send it to wallaby as part of the spending authorization.

5. Grant the Spending Authorization

To authorize spending in one wallet by another, you will simply need to call the allowance API assuming all preliminary criteria are met and the seed phrase is ready for transport. The information required includes the third party spender address and the authorized spend amount. All information about APIs related to spending authorizations including the balance and fee checks can be found in Spending Authorization (Allowance) API

PreviousTransfersNextWallet Data

Last updated 1 year ago

Page cover image