# Permissions
Developer Preview Software
Snaps is pre-release software. To try Snaps, install MetaMask Flask (opens new window).
Feature Requests
Do you have feature requests? Other ideas? We'd love to hear about them! Click here (opens new window) to join the discussion.
To access certain powerful JavaScript globals or JSON-RPC methods, your snap will need to ask the user for permission. Snaps follow the EIP-2255 wallet permissions specification (opens new window), and your snap's required permissions must be specified in the initialPermissions
field of your snap.manifest.json
file.
# Table of Contents
# Endowments
# endowment:rpc
For snaps that need to handle arbitrary JSON-RPC requests, the rpc
endowment is required. This permission grants a snap access to JSON-RPC requests sent to the snap, using the onRpcRequest
method. See Exports for more information.
This permission requires an object with a snaps
or dapps
property (or both), to signal if the snap can receive JSON-RPC requests from other snaps, or dapps, respectively. Both values default to false
.
{
"initialPermissions": {
"endowment:rpc": {
"dapps": true,
"snaps": false
}
}
}
# endowment:long-running
For snaps that are computationally heavy and can't finish execution within the snap lifecycle requirements, the snap can request the endowment:long-running
permission.
This permission will effectively allow snaps to run indefinitely while processing RPC requests.
# endowment:network-access
For snaps that need to access the internet, the snap can request the endowment:network-access
permission. This permission will expose the global networking APIs fetch
and WebSocket
to the snap execution environment. Without this permission, these globals will not be available.
Avoid XMLHttpRequest
XMLHttpRequest
is never available in snaps, and you should replace it with fetch
. If your dependencies are using XMLHttpRequest
, you can learn how to patch it away here.
# endowment:transaction-insight
For snaps that provide transaction insights, the snap can request the endowment:transaction-insight
permission. This permission grants a snap read-only access to raw transaction payloads, before they are accepted for signing by the user, by exporting the onTransaction
method. See Exports for more information.
This permission requires an object with an allowTransactionOrigin
property to signal if the snap should pass the transactionOrigin
property as part of the onTransaction
parameters. This property represents the transaction initiator origin. Default to false
.
{
"endowment:transaction-insight": {
"allowTransactionOrigin": true
}
}
# endowment:cronjob
For snaps that wants to run periodic actions for the user, the snap can request the endowment:cronjob
permission. This permission allows a snap to specify periodic requests that will trigger the exported onCronjob
method. see Exports.
Cronjobs are specified as follows:
{
"initialPermissions": {
"endowment:cronjob": {
"jobs": [
{
"expression": {
"minute": "*",
"hour": "*",
"dayOfMonth": "*",
"month": "*",
"dayOfWeek": "*"
},
"request": {
"method": "exampleMethodOne",
"params": {
"param1": "foo"
}
}
},
{
"expression": "* * * * *",
"request": {
"method": "exampleMethodTwo",
"params": {
"param1": "bar"
}
}
}
]
}
}
}
# endowment:ethereum-provider
For snaps that wish to communicate with a node via MetaMask, the snap can request the endowment:ethereum-provider
permission. This permission will expose the global API ethereum
to the snap execution environment. Without this permission, this global will not be available. This global is a EIP-1193 provider.
# RPC Permissions
To use any restricted RPC method, a snap will need to request permissions to access that method. For a list of available RPC methods and thus valid RPC permissions see JSON-RPC API.
← JSON-RPC API Exports →