search

๐Ÿ’ณPre Authorization

// PDA Seeds: ['pre-authorization', token_account, debit_authority]
pub struct PreAuthorization {
    pub bump: u8, // The canocial bump in the PDA seed
    pub paused: bool, // Set to true if the pre-authorization is paused
    pub token_account: Pubkey, // The account from which funds can be debited
    pub variant: PreAuthorizationVariant, // Recurring or One-Time variant (see below)
    pub debit_authority: Pubkey, // The authority that needs to sign to debit via the pre-auth
    pub activation_unix_timestamp: i64, // The timestamp at which this pre-auth becomes debitable
}

pub enum PreAuthorizationVariant {
    OneTime {
        amount_authorized: u64, // Total amount that can be debited via this pre-auth
        expiry_unix_timestamp: i64, // Any debits should occur before this timestamp
        amount_debited: u64, // Tracks total debited so far via this pre-auth
    },
    Recurring {
        repeat_frequency_seconds: u64, // The time period between cycles
        recurring_amount_authorized: u64, // Total amount that can be debited via this pre-auth in each cycle
        amount_debited_last_cycle: u64, // Tracks amount debited in the "last_debited_cycle" (see below) 
        amount_debited_total: u64, // Tracks total amount debited via this pre-auth
        last_debited_cycle: u64, // Tracks the cycle in which the last debit occured via this pre-auth
        // None: infinite recurring
        // Some(n): approved for n cycles from activation,
        num_cycles: Option<u64>, // Set this to limit duration of the recurring pre-auth
        // true: amount authorized is reset to "recurring_amount_authorized" each cycle
        // false: unused amounts from prev. cycles carries forward to new cycles
        reset_every_cycle: bool, // WARNING: setting this to false will cause the "recurring_amount_authorized" to accumulate across cycles
    },
}

The Pre Authorization account (githubarrow-up-right) is the on-chain representation of a pre-authorization created for a token account by its owner and is debitable by a specific debit authority. Note that this entity is tied to a token account and NOT it's owner. This means that if you (as a token account owner) create a pre-authorization and then transfer the token account itself to someone else, this pre-authorization WILL be propagated also BUT it will not be active due to thisarrow-up-right mechanismarrow-up-right where the delegate is unset by the SPL Token program. Hence, the new owner has to set the delegate to the smart-delegate once again to re-activate all the pre-authorizations and so the funds are not at risk in the interim.

This account let's the token account owner express 2 types of pre-authorizations:

  1. One-time

  2. Recurring

One-time pre-auths allow the debit authority to debit the authorized amount in the given window between activation and expiry (can be done in one IX or in batches).

Recurring pre-auths allow the debit authority to debit the authorized amount in each cycle. If the reset_every_cycle flag is set to false, the unused authorized amount will accrue across cycles until expiry (i.e. num_cycles). Note that if there is no cycle limit and this flag is set to false, the amount available to the debit authority will increase forever, so proceed with caution if you decide to configure it with those parameters.

A pre-authorization can be created by the init_pre_authorization instruction and it can be deactivated simply by closing it via the close_pre_authorization instruction.

Multiple pre-authorizations for the same signer can be created by leveraging seeded accountsarrow-up-right created from the master signer as unique derived debit authorities. Our SDK (WIP) will expose helper methods to do so.

PreviousSmart DelegateNextInstructions

Last updated