New fine-grained permissions for transactions allow for tighter control over what is asked of users and reinforces security.
With the Uphold API, you are able to tap into Uphold’s network to add and withdraw funds, transfer between a member’s cards, and transfer to other members. To do so, your application must ask members for permission to perform transactions on their behalf.
One permission for all these different types of transactions is too generic, and does not lead to security best practices. For instance, if you’re developing an app for converting users’ money into different currencies, they might hesitate in accepting a permission that would also be able to send their money to other people.
So today we’re announcing new application permissions for transactions. With these permissions, you get a more fine-grained control over what to ask your users.
These are the new API permissions you can start using today:
- transactions:deposit - create deposit transactions
- transactions:withdraw - create withdrawal transactions
- transactions:transfer:self - transfer value between a user’s cards
- transactions:transfer:application - transfer value to the application owner
- transactions:transfer:others - transfer value to anyone else
Here’s the new screen your users will see when you enable these permissions:
The old, more generic transactions:write permission is now deprecated, and will be removed March 30th. We recommend all developers to switch to the new scopes to ensure the continued functioning of their applications.
These changes are documented in our API docs.