Creating rules using the TAP Editor

To create rules using the TAP Editor, complete the following steps:

1. On the right side of the table's header, select +. The Add Rule window opens.
   
2. On the Add Rule window, complete the following fields. Note that the fields available for each operation may differ but their functionality remains the same.
   

   Note

   If you intend to create policy rules related to DeFi, first complete these steps:

   1. Read this article about TAP for DeFi operations before creating your rules.
   2. If you don't already have DeFi access, contact Fireblocks Support to activate it. After Support activates it, the Web3 Access tab will appear on the left side of your Console.

   

   The types of rule parameters you can set are described below. You can find more detailed explanations of each parameter in the rule parameters article.

   1. Select operation: Select the badge for the type of transaction to which you want the rule to apply. The options are:
      • Transfer: The transaction transfers funds from one account to another.
      • Contract Call: The transaction calls a smart contract, mainly for DeFi.
      • RAW Transaction: This value refers to two types of off-chain messages:
        • Typed Message: This type of off-chain message follows a predefined format.
        • RAW Signing: This type does not follow a predefined format. You can use it to sign any message with your private key. It is typically used through API.
      • Mint: The transaction mints tokens, creating supply of a tokenized asset. When you create mint rules, you must choose a specific vault as your source. Your destination can be any vault.
      • Burn: The transaction burns tokens, reducing the supply of a tokenized asset.
      • Supply: The transaction supplies an asset to a Compound liquidity pool.
      • Redeem: The transaction redeems assets from Compound liquidity pools.
      • Approve: The transaction authorizes a specific smart contract to withdraw funds from a designated wallet on your behalf.
   2. Source (From):  Select Any to apply the rule to any sources in your workspace. Or select Groups and accounts, then select from the list that appears.
   3. Destination (To):  Select Any to apply the rule to any type of destination. Or, select Groups and accounts, then select from the list that appears.
      • Any, Whitelisted only, One time only: Select one of these options.
        • The Any option allows you to transfer to whitelisted and one-time addresses.
        • The Whitelisted only option allows you to transfer to whitelisted addresses only.
        • The One time only option allows you to transfer only to one-time addresses.
   4. Initiated by:  Select Any to apply the rule to all users who can initiate transfers. Or select Specific initiators or groups, then select from the list that appears.

   5. Designated signer: This field defaults to Initiator, meaning the transaction initiator is also the signer. However, if you want another user to sign transactions that match this rule, select them from the drop-down menu. This field is mandatory if the rule is for initiator roles that do not have signing privileges, such as Editor or non-signing Admin. Unless you are participating in the beta described below, you are only able to select one designated signer.

      Note

      Fireblocks has a beta feature that allows you to assign multiple designated signers when using API Co-Signers. To learn more, read using multiple API Co-Signers to authorize transactions. Contact your Customer Success Manager or email csm@fireblocks.com to join the beta.

      Expand for more about using multiple designated signers.

      The multiple designated signers beta feature is only applicable for TAP rules which match specific parameters. The limitations of this feature are summarized below. The rule(s) must:

      1. All signers must be API users that are part of your API co-signer. You can select individual API users, groups that contain at least 1 API signer, or both.
      2. Have one or more vault accounts as the Source parameter only. Using multiple designated signers for transactions with exchange accounts or fiat accounts as the Source is not supported yet.

      The following instructions are only relevant for multiple API Co-Signers beta participants.

      1. To choose multiple designated signers when creating a rule with TAP Editor, select Multiple Users from the Designated signer field in the Add rule window.
         
      2. Select users or groups in the next field. Be aware of the known limitations when using multiple designated signers listed above these steps.
         1. In the drop-down menu, each group shows how many members are API signers to the right.
         2. If only certain members are API signers, the number who are API signers shows in parentheses as “valid” to the right.
         3. Group members who are not API signers can not sign transactions that match this rule.
            
            Your selected authorized signers will show together under the Multiple users field that appears.
            
   6. Asset:  This field defaults to Any, meaning you can transact any asset. However, if you want to limit the rule to a specific asset, select it from the drop-down list. If you don’t see the asset you want to make a rule for, see how to automatically list new assets here.
   7. Of more than: Enter the base value a transaction must exceed to match the rule.
   8. Currency:  Choose the currency of the base value you set for this rule.
   9. Limitation:  Choose whether to apply the rule to a certain length of time (Time Period) or to a single transaction. For Time Period, more fields must be filled:
      • Hours: Enter the length of time in hours you want aggregation to occur.
      • Initiator: Select whether to limit the number of transactions of this type for each specified user or aggregate all transactions toward the limit.
      • Source:  Select whether to limit the number of transactions of this type for each specified source or have all transactions aggregate toward the limit.
      • Destination:  Select whether to limit the number of transactions of this type by destination or have all transactions aggregate toward the limit.
   10. Action: Select one of the following options:
       • Require approval: The transaction must be approved before it can be signed.
         • Number:  Enter the approval threshold, the number of users who must approve the transaction. This field becomes active after you specify one or more users or user groups in the Of field.
         • Of:  Select one or more users or groups who can approve the transaction. Make sure the users and groups you pick are authorized approvers. If you pick multiple users, whether individuals or groups, their approvals count toward the value in the Number field. To add another approval layer, select Add group.
         • Initiator will not count as authorizer / Initiator will automatically authorize:  If toggled off, the transaction's initiator cannot be an approver, whether they are picked individually or are part of a group. If toggled on, the initiator can approve their own transactions in both cases. Make sure the number of approvers is consistent with the group size. For example, if the initiator is 1 of only 2 members in a group, then if the rule requires a minimum of 2 approvers from that group, this option should be toggled on.
         • Add group: Select this to add an approval layer to the transaction. This means the specified number of users from each layer must approve for a transaction to be signed. To add or edit groups, contact Fireblocks Support.
       • Allow:  The transaction does not need approval. You will get a notification to sign it immediately, without requiring additional approvals.
       • Block: The transaction is blocked from being completed.
   11. Applies for Approve:  This toggle setting only appears for Contract Call operations. Set this toggle to on if you want a rule to apply to Approve transactions, which smart contracts use to withdraw funds on your behalf from your wallet. Learn more about Approve transactions.
   12. Applies for Typed message: This toggle setting only appears for Contract Call operations. When this setting is enabled, the rule applies to typed messages.
3. When you are finished, select Save. The new rule appears on the table.