# Permissions

Developer Preview Software

Snaps is pre-release software. To try Snaps, install MetaMask Flask (opens new window).

Feature Requests

Do you have feature requests? Other ideas? We'd love to hear about them! Click here (opens new window) to join the discussion.

To access certain powerful JavaScript globals or JSON-RPC methods, your snap will need to ask the user for permission. Snaps follow the EIP-2255 wallet permissions specification (opens new window), and your snap's required permissions must be specified in the initialPermissions field of your snap.manifest.json file.

# Table of Contents

# Endowments

# endowment:rpc

For snaps that need to handle arbitrary JSON-RPC requests, the rpc endowment is required. This permission grants a snap access to JSON-RPC requests sent to the snap, using the onRpcRequest method. See Exports for more information.

This permission requires an object with a snaps or dapps property (or both), to signal if the snap can receive JSON-RPC requests from other snaps, or dapps, respectively. Both values default to false.

{
  "initialPermissions": {
    "endowment:rpc": {
      "dapps": true,
      "snaps": false
    }
  }
}

# endowment:long-running

For snaps that are computationally heavy and can't finish execution within the snap lifecycle requirements, the snap can request the endowment:long-running permission. This permission will effectively allow snaps to run indefinitely while processing RPC requests.

# endowment:network-access

For snaps that need to access the internet, the snap can request the endowment:network-access permission. This permission will expose the global networking APIs fetch and WebSocket to the snap execution environment. Without this permission, these globals will not be available.

Avoid XMLHttpRequest

XMLHttpRequest is never available in snaps, and you should replace it with fetch. If your dependencies are using XMLHttpRequest, you can learn how to patch it away here.

# endowment:transaction-insight

For snaps that provide transaction insights, the snap can request the endowment:transaction-insight permission. This permission grants a snap read-only access to raw transaction payloads, before they are accepted for signing by the user, by exporting the onTransaction method. See Exports for more information.

This permission requires an object with an allowTransactionOrigin property to signal if the snap should pass the transactionOrigin property as part of the onTransaction parameters. This property represents the transaction initiator origin. Default to false.

{
  "endowment:transaction-insight": {
    "allowTransactionOrigin": true
  }
}

# endowment:cronjob

For snaps that wants to run periodic actions for the user, the snap can request the endowment:cronjob permission. This permission allows a snap to specify periodic requests that will trigger the exported onCronjob method. see Exports.

Cronjobs are specified as follows:

{
  "initialPermissions": {
    "endowment:cronjob": {
      "jobs": [
        {
          "expression": {
            "minute": "*",
            "hour": "*",
            "dayOfMonth": "*",
            "month": "*",
            "dayOfWeek": "*"
          },
          "request": {
            "method": "exampleMethodOne",
            "params": {
              "param1": "foo"
            }
          }
        },
        {
          "expression": "* * * * *",
          "request": {
            "method": "exampleMethodTwo",
            "params": {
              "param1": "bar"
            }
          }
        }
      ]
    }
  }
}

# endowment:ethereum-provider

For snaps that wish to communicate with a node via MetaMask, the snap can request the endowment:ethereum-provider permission. This permission will expose the global API ethereum to the snap execution environment. Without this permission, this global will not be available. This global is a EIP-1193 provider.

# RPC Permissions

To use any restricted RPC method, a snap will need to request permissions to access that method. For a list of available RPC methods and thus valid RPC permissions see JSON-RPC API.