Introducing Delegated Actions
An easier way to automate user actions on their behalf
Henri Stern
|Nov 5, 2024
Much of our work at Privy focuses on improving the UX of self-custody: unlocking digital ownership for everyone without requiring them to become technical experts or deal with contrived product experiences.
Unlocking these better experiences with secure, self-custodial systems is hard work. We’ve written about this at length (also see here and here) because we believe this is essential: better self-custody makes distributed systems usable, unlocking straightforward, secure asset ownership on the web.
Today, we are excited to share an important release in our exploration of this design space: delegated actions.
Introducing delegated actions
Delegated actions let users give an app the ability to perform specific onchain actions on their behalf, even when they are not around. Using delegated actions, a developer can request appropriate permissions from a user. If these permissions are granted, the developer can make server-side calls to generate signatures on behalf of the user.
By default, Privy embedded wallets can only be used with the user online and active in your app. Delegated actions extend this model to enable certain automated workflows, for instance:
executing limit orders or stop losses,
buying a collectible when it becomes available on an open marketplace,
triggering recurring onchain transactions for subscriptions,
easing embedded wallet functionality using simple curl commands
and taking other such preconfigured actions based on changing state when the user is offline.
Delegated actions give app developers a new tool to craft memorable, intuitive experiences, while keeping users in the driver’s seat:
Delegation always starts with the user granting the app explicit consent.
That consent can always be revoked by the user at any time.
Privy itself cannot delegate a permission on behalf of the user. The user must be the one to trigger delegation from a provisioned device.
This is a much wider design space with exciting possibilities also unlocked by smart contract interactions, account abstraction and session keys. This work complements these primitives as a powerful option in the developer toolkit.
How it works
The system works by combining Privy’s key splitting cryptosystem with Trusted Execution Environments (TEEs or secure enclaves). When the user delegates certain permissions to the app, they essentially provision their wallet on a new device: the secure enclave. The server-side enclave will secure a Shamir Secret Sharing key share, which can then be used to reconstitute the user key in real time when an appropriately permissioned developer request is made. You can read more about this architecture here.
As always with Privy, the key itself is never stored anywhere, and neither Privy nor the developer have any access to keys. In this instance, the key is simply reconstituted in an enclave in order to generate a signature for the user.
What’s next
We built this feature working with our customers, users, counsel and partners to ensure it offers appropriate flexibility, all while keeping all onchain interactions rooted in user consent. We believe delegated actions are a powerful new tool to craft great products and we can’t wait for you to try it out.
Head over to our docs and get started today. As always, we would love your feedback.
Excited to build with you!
