Concepts

Permits

Permits are scoped authorizations that grant the minimum rights needed for one class of actions within a short validity window.

Core permit fields

scope, constrains what operation can run, such as `swap.execute`.
ttl, limits validity to a short time window.
nonce, uniquely identifies one authorization event.
domain separation, binds the permit to one environment and signer context.

Example permit JSON

{
  "permitId": "prm_01JXATF0ABC",
  "policyId": "pol_live_treasury_v1",
  "scope": "swap.execute",
  "subject": "agent:rebalance-bot",
  "ttl": {
    "issuedAt": 1766202000,
    "expiresAt": 1766202060
  },
  "nonce": "f31f2f8d-bd7b-4c56-bf0b-9912e7b7d302",
  "domain": {
    "chainId": "solana-mainnet",
    "environment": "prod",
    "verifier": "atf-gateway-v1"
  },
  "signature": "0xabc123..."
}

Replay protection

Replay protection combines short TTL, single-use nonce tracking, and domain separation checks. If a permit is reused, expired, or presented in the wrong environment, validation fails and execution is denied.

API auth and quotas

Permit validation examples in this docs section use /api/simulate. For partner traffic, include x-api-key: YOUR_API_KEY on each request.

Partner Sandbox quota, 120 requests per minute per key.
Public quota without key, 30 requests per minute per IP.
Inspect headers for live usage, X-RateLimit-Limit,X-RateLimit-Remaining, andX-RateLimit-Reset.