Approve Transactions Using the API

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

This guide describes how to use an API User to perform automated validations on Fordefi transactions.

In Fordefi, an API User's function is not limited to initiating transactions, like human users. They can also be part of a transaction rule approval quorum in your policies and perform automated verification tasks such as making sure that the recipient of a swap is not a malicious address.

Before you start

To run this setup you will need to:

• Create an API Users with Trader role and save its access tokens. Learn more.

  The example uses an API User named Validator Bot.

• Set up a modified webhook server that will receive events from Fordefi. Learn more.

  • This guide uses a modified server that is designed to analyze EVM transaction data from your Fordefi organization and parse call data/EIP-712 messages to make sure the recipient of a swap is always msg.sender.

  • When providing your server callback URL to Fordefi, make sure you select Transactions V2:

    

Workflow

1. Create a policy with a single-set approval quorum including Validator Bot:

   

   This quorum implements the following logic: Validator Bot only approves EVM transactions that pass our custom validation checks. If validation fails, it automatically aborts the transaction using the /transactions/{tx_id}/abort endpoint documented here.

   Note: More approver sets could be added, potentially adding human approvers to the quorum, but in the example here, things are designed to be as automated as possible.

2. Now, build the rest of the policy:

   

   The server must be able to scan every EVM transaction that is broadcast, so build the policy rule using Transaction type=Any, Recipient=Any and Origin will be a Vault group containing all our EVM vaults. (Learn more about setting up Vault groups.) The policy must also be ranked at the top of our policy rules, to ensure all EVM transactions will be evaluated.

   Fordefi's backend assumes that the initiator of the transaction always provides tacit approval, so it's very important that Validator Bot is never used to initiate transactions. This is why the example does not use Any initiator in the policy.

3. Create EVM transactions and monitor your server and policy matching. If all works well, any transaction that passes validation will be approved by both bots. Transactions that fail validation, however, will be automatically aborted by Validator Bot before they can be signed by the API Signer or its human initiator.