Token Auth Rules

Design custom authorization rules for your NFTs.



Token Authorization Rules (aka Token Auth Rules) is an advanced metaprogramming tool meant to evaluate permissions of an instruction occurring on an SPL Token. The program itself can be used to create and update Rule Sets, which are collections of Rules which represent specific criteria.


When a token operation is performed, the program can be called with instruction details (e.g. destination address for a token transfer), and those details are validated against the Rule Set. If the Rules are evaluated to be invalid, the instruction will fail and the whole transaction will be reverted. This enables whole transactions to be built that couple token operations with the Token Auth Rules program so any transactions, and therefore the contained token operation, will be reverted if the Rules in the associated Rule Set are violated.


Create or Update Rule Sets - An instruction used to both initialize and update Rule Set contents.

Rule Set Buffers - How large Rule Sets are handled.

Validate Rule Sets - How a Rule Set is validated.

Rule Types

Authorization rules are variants of a Rule enum that implements a validate() method.

There are Primitive Rules and Composite Rules that are created by combining of one or more primitive rules.

Primitive Rules store any accounts or data needed for evaluation, and at runtime will produce a true or false output based on accounts and a well-defined Payload that are passed into the validate() function.

Composite Rules return a true or false based on whether any or all of the primitive rules return true. Composite rules can then be combined into higher-level composite rules that implement more complex boolean logic. Because of the recursive definition of the Rule enum, calling validate() on a top-level composite rule will start at the top and validate at every level, down to the component primitive rules.


A Rule Set is built upon the HashMap data structure and is meant to store various sets of rules for different instruction types that could be used with a token (e.g. transfer, delegate, burn, etc.). Token Auth Rules uses the term Operation for these various instructions and Operations are used as keys in the HashMap data structure. Each Operation can have a different set of associated rules.


Scenarios are an optional addition to Operations and are used to handle more specific circumstances under which an instruction can be called. From a data format perspective, an Operation and Scenario combination is just two strings separated by a colon <Operation>:<Scenario>. For example, Token Metadata uses the authority type as a Scenario for calls to Token Auth Rules from Token Metadata. A Transfer Operation may be triggered on a token by either the token's owner or delegate, and the Rule Set manager may want these different scenarios to be governed by different rules. To handle this specific use case a Scenario can be used to manage the distinction. The the two HashMap keys used for the prior example would be Transfer:Owner and Transfer:Delegate.

Please see the Namespace for how to manage identical rules across multiple scenarios.


The Token Auth Rules program relies on payload data received from the program requesting evaluation from a Rule Set. The underlying data structure of the Payload is a HashMap, with Payload fields being represented as HashMap keys. Most Rules store a pre-defined Payload field so a lookup can be performed at validation time.

See the Validate instruction for more details on how Payload is used.