Snaps permissions
Your Snap can request the following permissions.
RPC API permissions
You must request permission to use any restricted JSON-RPC API methods.
For example, to request to use snap_dialog
, add the following to the
manifest file:
"initialPermissions": {
"snap_dialog": {}
},
Endowments
endowment:cronjob
To run periodic actions for the user (cron jobs), a Snap must request the endowment:cronjob
permission.
This permission allows the Snap to specify cron jobs that trigger the exported
onCronjob
method.
Specify this permission in the manifest file as follows:
{
"initialPermissions": {
"endowment:cronjob": {
"jobs": [
{
"expression": {
"minute": "*",
"hour": "*",
"dayOfMonth": "*",
"month": "*",
"dayOfWeek": "*"
},
"request": {
"method": "exampleMethodOne",
"params": {
"param1": "foo"
}
}
},
{
"expression": "* * * * *",
"request": {
"method": "exampleMethodTwo",
"params": {
"param1": "bar"
}
}
}
]
}
}
}
endowment:ethereum-provider
To communicate with a node using MetaMask, a Snap must request the endowment:ethereum-provider
permission.
This permission exposes the global API ethereum
to the Snap execution environment.
This global is an EIP-1193 provider.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:ethereum-provider": {}
},
The global ethereum
API in Snaps has fewer capabilities than window.ethereum
for dapps.
You can only use it to make read requests from the RPC provider, not to write to the blockchain or initiate transactions.
You can also use it to connect to Ethereum accounts with eth_requestAccounts
and then use personal_sign
with
those connected accounts.
endowment:network-access
To access the internet, a Snap must request the endowment:network-access
permission.
This permission exposes the global fetch
API to the Snaps execution environment.
XMLHttpRequest
isn't available in Snaps, and you should replace it with fetch
.
If your dependencies use XMLHttpRequest
, you can
patch it away.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:network-access": {}
},
Same-origin policy and CORS
fetch()
requests in a Snap are bound by the browser's same-origin policy.
Since Snap code is executed in an iframe with the sandbox
property, the browser sends an Origin
header with the value null
with outgoing requests.
For the Snap to be able to read the response, the server must send an
Access-Control-Allow-Origin
CORS header
with the value *
or null
in the response.
endowment:rpc
To handle arbitrary JSON-RPC requests, a Snap must request the endowment:rpc
permission.
This permission grants a Snap access to JSON-RPC requests sent to the Snap, using the exported
onRpcRequest
method.
This permission requires an object with a snaps
or dapps
property (or both), to signal if the
snap can receive JSON-RPC requests from other Snaps, or dapps, respectively.
The default for both properties is false
.
Specify this permission in the manifest file as follows:
{
"initialPermissions": {
"endowment:rpc": {
"dapps": true,
"snaps": false
}
}
}
endowment:transaction-insight
To provide transaction insights, a Snap must request the endowment:transaction-insight
permission.
This permission grants a Snap read-only access to raw transaction payloads, before they're accepted
for signing by the user, by exporting the onTransaction
method.
This permission requires an object with an allowTransactionOrigin
property to signal if the Snap
should pass the transactionOrigin
property as part of the onTransaction
parameters.
This property represents the transaction initiator origin.
The default is false
.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:transaction-insight": {
"allowTransactionOrigin": true
}
},
endowment:webassembly
To use WebAssembly, a Snap must request the endowment:webassembly
permission.
This permission exposes the global WebAssembly
API to the Snap execution environment.
Specify this permission in the manifest file as follows:
"initialPermissions": {
"endowment:webassembly": {}
},
Dynamic permissions
Dynamic permissions are not requested in the manifest file. Instead, your Snap can acquire dynamic permissions during its lifecycle.
eth_accounts
A Snap can request permission to call the Ethereum provider's eth_accounts
RPC method by calling the provider's eth_requestAccounts
RPC method.
Calling eth_requestAccounts
requires the ethereum-provider
endowment.
You can check the presence of the permission by calling wallet_getPermissions
.
If the permission is present, the result contains a permission with a parentCapability
of eth_accounts
.
It comes with a caveat of restrictReturnedAccounts
, an array of all the accounts the user allows for this Snap.
The following is an example eth_accounts
permission:
{
"id": "47vm2UUi1pccNAeYKGmwF", // example
"parentCapability": "eth_accounts",
"invoker": "npm:SNAP_ID",
"caveats": [
{
"type": "restrictReturnedAccounts",
"value": [
"0xc403b37bf1e700cb214ea1be9de066824b420de6" // example connected account #1
]
}
],
"date": 1692616452846
}
The user can revoke this permission by going to the Snap's settings under Snap permissions.