> For the complete documentation index, see [llms.txt](https://help.tpwallet.io/en/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.tpwallet.io/en/wallet-operation/protocol/what-is-7702-smart-authorization.md). # What is 7702 Smart Authorization ## 7702 Smart Authorization Mechanism 7702 Smart Authorization is an important application of upgraded wallet account capabilities. It allows users to define more flexible permission rules for DApps, including assets, spending limits, time ranges, and usage methods, after explicit user confirmation. In traditional wallet interactions, users usually need to manually confirm and sign each on-chain operation. This model is straightforward, but it can become inefficient in scenarios such as subscriptions, recurring investments, blockchain games, DeFi automation strategies, and AI Agents, where repeated or continuous interactions are required. The core value of 7702 Smart Authorization is to shift wallet interactions from “manually confirming every operation” to “predefining rules and allowing DApps to operate within those rules.” It is important to note that Smart Authorization does not mean giving full control of the wallet to a DApp. It also does not mean granting unlimited permissions. Instead, its purpose is to create clear permission boundaries: users confirm the authorization rules first, and the DApp can only operate within the approved scope. *** ### 1. What Is 7702 Smart Authorization? 7702 Smart Authorization can be understood as an authorization mechanism enabled by upgraded wallet account capabilities. After the user confirms an authorization, the wallet can create a restricted set of permission rules for a specific DApp. These rules clearly define: * Who the authorized party is; * Which assets can be used; * The maximum amount that can be used; * When the authorization becomes active; * When the authorization expires; * Whether the allowance is used once, refreshed periodically, or released over time; * Under what conditions the DApp may automatically execute operations. During the authorization period, the DApp can only operate according to these rules. If an operation exceeds the authorized party, asset scope, spending limit, or time range, the authorization cannot be used to continue that operation. Therefore, 7702 Smart Authorization is not about “opening up permissions.” It is about rule-based authorization. It upgrades traditional authorization into a more configurable, limited, and manageable permission system. *** ### 2. Why Do Wallets Need Smart Authorization? As on-chain applications evolve, the way users interact with DApps is changing. In the past, most wallet operations were one-time actions. For example, users could complete a transfer, swap, or token approval by confirming a single transaction. However, more applications now require continuous or automated interaction capabilities. Common scenarios include: * Recurring investment: automatically buying assets at fixed times and amounts; * Subscription payments: paying service fees monthly or periodically; * Blockchain games: automatically purchasing items or claiming rewards within a spending limit; * DeFi strategies: automatically compounding, rebalancing, or executing strategies under predefined conditions; * AI Agents: completing tasks automatically within a user-authorized budget; * Continuous services: services such as API access, computing power, storage, or bandwidth billed by time or usage. These scenarios share one key requirement: users want to reduce repetitive confirmations without losing control over their assets. If the traditional interaction model is still used, users may need to repeatedly open their wallet, confirm transactions, and sign operations. This creates friction. On the other hand, granting a DApp excessive or unlimited permissions may introduce significant asset risks. Smart Authorization offers a balanced approach. Users can set clear rules in advance, allowing DApps to operate automatically within those rules while avoiding unrestricted asset access. *** ### 3. How Is Smart Authorization Different from Traditional Authorization? Traditional authorization mainly focuses on whether a contract is allowed to use a certain asset. Smart Authorization goes further by adding restrictions such as time, amount, frequency, and execution conditions. | Item | Traditional Authorization | 7702 Smart Authorization | | -------------------- | --------------------------------------------- | --------------------------------------------------------------------------------------- | | Authorization method | Usually authorizes a contract or asset | Can authorize by party, asset, amount, time, and rule | | User experience | Most operations require separate confirmation | Operations can be executed automatically within user-defined rules | | Permission scope | May involve large or long-term approvals | Supports more precise permission boundaries | | Time control | Usually limited or unclear | Supports start time, expiry time, cycles, and release rules | | Use cases | One-time transfers, swaps, token approvals | Subscriptions, recurring investments, blockchain games, AI Agents, automated strategies | | Risk control | Depends on users reviewing each action | Depends on reasonable authorization rule settings | From the user’s perspective, Smart Authorization is not simply about reducing the number of signatures. It changes the focus from confirming each individual action to confirming a set of rules. The key question becomes: are these authorization rules reasonable and aligned with the user’s intention? *** ### 4. What Does Smart Authorization Usually Include? A complete Smart Authorization usually includes several types of information: | Authorization Item | Description | | -------------------- | --------------------------------------------------------------------------------- | | Authorized party | The DApp, contract, or service being authorized | | Authorized asset | The token or asset type the DApp can use | | Authorized amount | The maximum amount the DApp can use | | Start time | When the authorization becomes available | | Expiry time | When the authorization ends | | Usage method | Whether the allowance is used once, refreshed periodically, or released over time | | Execution conditions | The rules that must be met before the DApp can execute operations | Together, these fields define the scope within which a DApp can use the authorization. For example, an authorization rule may state: A certain DApp can use up to 10 USDT per day over the next 7 days to execute user-approved automated tasks. In this example, the authorized party, asset, amount, cycle, and validity period are all clearly limited. The DApp cannot use other assets, exceed 10 USDT per day, or continue using the authorization after 7 days. *** ### 5. Why Are Time Settings Important? Time settings are a key part of permission control in Smart Authorization. This is because automated authorization does not only answer “whether an asset can be used.” It also answers “when it can be used” and “how long it can continue to be used.” Without time limits, an authorization may remain valid for a long period. Even if the single-use amount is not high, a long duration may create a larger cumulative risk. Therefore, reasonable time settings help users control the authorization scope and reduce uncertainty caused by long-term permissions. Common time settings include: * Start time: when the authorization begins; * Expiry time: when the authorization ends; * Cycle rules: whether the allowance refreshes hourly, daily, weekly, or monthly; * Release rate: whether the allowance is released gradually over time; * Total cap: the maximum amount that can be used during the entire authorization period. For users, understanding these time rules is important. They determine how long, how fast, and how much asset a DApp may use. *** ### 6. What Is Periodic Authorization? Periodic Authorization is a common time-based rule in Smart Authorization. It means that a DApp can only use a user-defined amount within each fixed cycle. When a new cycle begins, the allowance is recalculated according to the rule. For example: A user authorizes a DApp to use up to 10 USDT per day, valid for 30 days. This means: * The DApp can use no more than 10 USDT per day; * Unused allowance from one day may not necessarily roll over to future cycles, depending on the authorization rule; * The DApp cannot use future days’ allowance in advance; * Once the authorization expires, the DApp can no longer use it. Periodic Authorization is suitable for scenarios with fixed frequency and fixed budgets, such as: * Daily recurring investment; * Weekly automated strategy execution; * Monthly subscription payments; * Daily spending budgets for blockchain games; * Small automated tasks completed on a recurring schedule. When signing a Periodic Authorization, users should pay attention to three key points: 1. Cycle length\ Whether the allowance refreshes hourly, daily, weekly, or monthly. The shorter the cycle, the more frequently the allowance refreshes. 2. Allowance per cycle\ 10 USDT per day and 1,000 USDT per day represent very different levels of asset risk. 3. Authorization duration\ Even if the allowance per cycle is low, a long authorization period may result in a high cumulative amount. For example, 10 USDT per day may look small, but if the authorization is valid for 365 days, the theoretical cumulative amount may reach 3,650 USDT. Therefore, users should not only check the single-cycle allowance. They should also evaluate the cycle length and validity period together. *** ### 7. What Is Streaming Authorization? Streaming Authorization is another important time-based rule. It means that the authorized allowance is not made fully available at once. Instead, it is gradually released over time at a predefined rate until it reaches the total cap. For example: A user authorizes a DApp to use up to 100 USDT, with 1 USDT released every hour. This means: * The DApp cannot immediately use the full 100 USDT at the beginning; * The available allowance increases gradually over time; * Once the accumulated released allowance reaches 100 USDT, no additional allowance will be released; * If the DApp’s usage exceeds the release rate, it cannot continue using more allowance. Streaming Authorization is suitable for continuous services, time-based billing, or gradually executed tasks, such as: * API access, computing power, storage, bandwidth, and other continuous services; * AI Agents executing tasks gradually within a budget; * Automated subscriptions or long-term services; * Rewards, salaries, or subsidies released over time; * Long-term strategies that use funds in phases. When signing a Streaming Authorization, users should pay attention to four key points: 1. Initial allowance\ Some Streaming Authorizations may provide an initial available amount when the authorization begins. 2. Release rate\ Releasing allowance per second, per minute, or per hour can lead to very different risk levels. The faster the release rate, the faster the DApp’s usable allowance grows. 3. Total cap\ Even if the allowance is released gradually, users should confirm the maximum amount that can be used during the entire authorization period. 4. End time\ If there is no clear end time, or if the authorization lasts too long, users should review it carefully. The advantage of Streaming Authorization is that it avoids making the entire allowance available at once. However, this does not mean there is no risk. Users still need to pay close attention to the release rate, total cap, and validity period. *** ### 8. Difference Between Periodic Authorization and Streaming Authorization Both Periodic Authorization and Streaming Authorization are time-based Smart Authorization rules, but they control allowance in different ways. | Item | Periodic Authorization | Streaming Authorization | | ------------------ | --------------------------------------------------------------------------------- | --------------------------------------------------------- | | Core logic | Refreshes allowance by fixed cycle | Releases allowance gradually over time | | Key focus | Maximum amount available per cycle | Release rate and total cap | | Common expression | Up to 10 USDT per day | Release 1 USDT per hour, up to 100 USDT | | Suitable scenarios | Recurring investment, subscriptions, blockchain game budgets, periodic strategies | Continuous services, time-based billing, AI Agent budgets | | Risk assessment | Cycle length, allowance per cycle, validity period | Initial allowance, release rate, total cap, end time | In simple terms: Periodic Authorization is more suitable for tasks with fixed timing and fixed budgets. Streaming Authorization is more suitable for continuous services and gradually released budgets. *** ### 9. Is Smart Authorization Safe? Smart Authorization itself is a permission control capability. Its safety depends on whether the authorization rules confirmed by the user are reasonable and whether the DApp is trustworthy. From a mechanism perspective, Smart Authorization is not unlimited authorization. A DApp can only operate within the rules confirmed by the user. If an operation exceeds the authorized party, asset scope, amount limit, or time range, it cannot continue. However, from a practical usage perspective, users still need to carefully review the authorization content. Once an authorization is signed, the DApp may automatically execute operations within the authorized scope, without requiring confirmation for every single step. Therefore, before signing, users should not only check whether they are authorizing something. They should clearly understand what exactly they are authorizing. Users should confirm: * Whether the authorized party is trustworthy; * Whether the authorized asset is correct; * Whether the authorized amount is reasonable; * Whether the authorization duration is too long; * Whether the cycle rule matches expectations; * Whether the release rate is too fast; * Whether the total cap is acceptable; * Whether the authorization content is understandable. If the authorization content is unclear or does not match the current operation purpose, users are advised to reject the signature. *** ### 10. When Should Users Be Extra Cautious? When using Smart Authorization, users should be especially cautious in the following situations: * The authorized party is not the DApp currently being used; * The authorized asset is not the token expected for the current operation; * The authorized amount is significantly higher than the actual need; * The authorization validity period is too long; * The periodic allowance is high and refreshes frequently; * The release rate of Streaming Authorization is too fast; * The total cap is unusually high; * The authorization has no clear end time; * The user cannot understand the specific meaning of the authorization. Smart Authorization is designed to improve automation efficiency, but it should not be used casually when the DApp or authorization rules are unclear. For unfamiliar, rarely used, or untrusted DApps, users are advised to set a shorter authorization duration and a lower allowance, or reject the authorization directly. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://help.tpwallet.io/en/wallet-operation/protocol/what-is-7702-smart-authorization.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.