Permission groups - Anchorage Digital

What are permission groups

Permission groups are reusable rule sets that define what actions an API key can perform, scoped to a single vault or across multiple vaults. By default, Anchorage Digital vaults do not allow API access. To enable API access, admins will need to either:

Create a permission group with the desired permissions for each vault, or
Create an API key using the existing default read-only permission group

Here are some key permission group features:

Quorum-enforced

Any activity related to permission groups require quorum approval. Maximum security controlled by your trusted admins.

Maximum flexibility

Setup multiple permission groups, create as many API keys as you wish under each group.

Inheritance

Updates to existing permission groups will propagate to all included API keys, deletion of permission groups invalidates API keys within the group.

Read-only by default

Each organization starts off with a default permission group that is read-only, the default group can be modified at any time.

Permission group segregationMost clients will create permission groups by end user group or team. For example, a client might create 3 permission groups, and one key for each.

Admin permission group = Full permissions
Operations = Limited to read balances and internal transfer
Accounting = Read only

How to create permission groups

Access the API section

From the homepage, click Developers > API 2.0 to access Anchorage Digital APIs, then click Create new group.

Configure the group

Give the permission group a name and select the appropriate global and vault-level permissions.

Endorse and approve

Optionally add a comment, click Endorse to create the group, and complete biometric authentication via the mobile app. After quorum is met, Anchorage Digital will review for approval.

To edit or delete a permission group, click the three-dot menu next to the group details.

Trading API key management