Delegations
Grant another organization controlled access to your wallet with scoped permissions.
Overview
Delegations let your organization grant another organization access to one of your wallets. The grantee can then operate on that wallet — within the permissions you specify — using their own API keys.
This is distinct from API keys, which operate within a single organization. Delegations are cross-organization: you own a wallet, and you authorize a separate org to act on it.
Common use cases:
- Agency model: a marketing agency's AI agents spend from your wallet on your behalf
- Multi-org setups: a parent org delegates spending authority to subsidiary orgs
- Freelancer model: a contractor's agent receives payment access to a client wallet for the duration of a project
- Revenue sharing: a partner org deposits earnings directly into your wallet
Creating a Delegation
POST /v1/delegationsRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
walletId | string | Yes | Your wallet to delegate access to |
granteeOrgId | string | Yes | The organization receiving the delegation |
permissions | string[] | Yes | Permissions the grantee receives (at least one) |
expiresAt | string | No | ISO 8601 expiry; delegation auto-revokes at this time |
import Wallgent from '@wallgent/sdk'
const wg = new Wallgent({ apiKey: process.env.WALLGENT_API_KEY })
const delegation = await wg.delegations.create({
walletId: 'wal_01J...',
delegateApiKeyId: 'del_01J...',
permissions: ['payments:write', 'wallets:read'],
expiresAt: '2026-06-01T00:00:00Z',
})
console.log('Delegation ID:', delegation.id)Available Permissions for Delegation
You can delegate any subset of permissions from your own key's permission set. You cannot grant more permissions than you hold.
| Permission | What the Grantee Can Do |
|---|---|
wallets:read | View wallet balance and details |
wallets:write | Update wallet metadata, freeze/unfreeze |
payments:read | List and view payments from the wallet |
payments:write | Send payments from the wallet |
policies:read | View policies attached to the wallet |
policies:write | Create and update policies on the wallet |
invoices:read | View invoices associated with the wallet |
invoices:write | Create and manage invoices for the wallet |
Listing Delegations
GET /v1/delegationsReturns all delegations your organization has created (delegations you have granted to others).
const { data } = await wg.delegations.list()
for (const d of data) {
console.log(`Wallet ${d.walletId} → permissions: ${d.permissions.join(', ')} (expires: ${d.expiresAt ?? 'never'})`)
}Filter Parameters
| Parameter | Type | Description |
|---|---|---|
walletId | string | Filter by wallet |
limit | number | Max results per page |
cursor | string | Pagination cursor |
Revoking a Delegation
DELETE /v1/delegations/:idRevocation is immediate. After revocation, the grantee's API keys lose access to the delegated wallet instantly.
await wg.delegations.delete('del_01J...')Delegations vs API Keys
| API Keys | Delegations | |
|---|---|---|
| Scope | Within your organization | Cross-organization |
| Who holds it | Your own services | Another org's services |
| Wallet restriction | Optional (walletIds on key) | Required (one wallet per delegation) |
| Use case | Internal agent access control | Partner/agency access |
| Revocation | Revoke the key | Revoke the delegation |
API Endpoints
| Method | Path | Description |
|---|---|---|
POST | /v1/delegations | Grant a delegation |
GET | /v1/delegations | List delegations you have created |
DELETE | /v1/delegations/:id | Revoke a delegation |
Permissions
| Permission | Required For |
|---|---|
delegations:write | Create and revoke delegations |
delegations:read | List delegations |