> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get the WAAS policy for an environment

> Returns the WaaS policy for the specified environment.



## OpenAPI

````yaml https://app.dynamic.xyz/api-docs/public-api.yaml get /environments/{environmentId}/waas/policies
openapi: 3.0.1
info:
  title: Dashboard API
  description: Dashboard API documentation
  version: 1.0.0
servers:
  - url: https://app.dynamicauth.com/api/v0
  - url: https://app.dynamic.xyz/api/v0
  - url: http://localhost:3333/api/v0
security: []
tags:
  - name: Analytics
    description: Query usage analytics and event counts for your environment.
  - name: SDK
    description: SDK-facing endpoints consumed by embedded Dynamic clients.
  - name: Organizations
    description: >-
      Manage organizations — the top-level container for all environments and
      projects.
  - name: Projects
    description: Manage projects that group related environments under an organization.
  - name: Environments
    description: >-
      Manage environments (live and sandbox) where your authentication
      configuration lives.
  - name: Users
    description: List, search, and manage authenticated users within an environment.
  - name: Invites
    description: >-
      Manage invitation links that grant specific external users access to your
      environment.
  - name: Tokens
    description: >-
      Create and manage API tokens used to authenticate requests to the Dynamic
      API.
  - name: Origins
    description: >-
      Configure allowed origins (CORS) for SDK and API access to your
      environment.
  - name: Allowlists
    description: >-
      Manage allowlists to control which wallet addresses or email addresses can
      access your environment.
  - name: Wallets
    description: View and manage wallets linked to users in your environment.
  - name: Members
    description: Manage team members and their roles within an organization.
  - name: Sessions
    description: View and revoke active user sessions within an environment.
  - name: Settings
    description: Read and update environment-level configuration settings.
  - name: Exchanges
    description: >-
      Configure exchange integrations (Coinbase, Binance, etc.) for fiat on-ramp
      within your environment.
  - name: Providers
    description: >-
      List, enable, disable, and configure authentication providers (OAuth,
      email, wallet, SMS, etc.) for your environment.
  - name: Captcha
    description: >-
      Configure captcha verification (provider, site key, secret key) for your
      environment.
  - name: Gates
    description: >-
      Define access gates that restrict environment entry to users who meet
      specific criteria.
  - name: Chains
    description: >-
      Manage the blockchain networks available for wallet connection in your
      environment.
  - name: Exports
    description: Export user and wallet data from your environment as downloadable files.
  - name: Events
    description: Browse the event log of actions performed within your environment.
  - name: Webhooks
    description: >-
      Create and manage webhooks to receive real-time events (user.created,
      wallet.linked, etc.) at your endpoint.
  - name: Custom Fields
    description: >-
      Define and manage custom metadata fields collected from users at sign-up
      or login.
  - name: MfaSettings
    description: >-
      Configure multi-factor authentication (MFA) policies for your
      organization.
  - name: Mfa
    description: Manage MFA enrollment and verification for individual users.
  - name: CustomHostnames
    description: >-
      Configure custom hostnames for white-labeling the Dynamic authentication
      experience.
  - name: TestAccount
    description: >-
      Manage test accounts used for automated testing and QA within an
      environment.
  - name: NameServices
    description: >-
      Configure name service integrations (ENS, Unstoppable Domains, etc.) for
      human-readable wallet addresses.
  - name: GlobalWallets
    description: >-
      Manage global wallets shared across multiple environments in an
      organization.
  - name: GlobalWalletConnections
    description: Configure which environments can access and use global wallets.
  - name: GlobalWalletAccessControl
    description: Control which users and roles can access and operate global wallets.
  - name: UserApiTokens
    description: >-
      Create and manage user-scoped API tokens for programmatic access on behalf
      of a user.
  - name: Waas
    description: Wallet-as-a-Service endpoints for creating and managing embedded wallets.
  - name: WalletConnect
    description: Configure WalletConnect integration settings for your environment.
  - name: Checkout
    description: >-
      Accept crypto payments and deposits from any wallet. Settle in any token
      you choose.
  - name: Flow
    description: >-
      Accept crypto payments, deposits, and withdrawals. Amount and destination
      are fixed server-side at create; the post-create lifecycle is driven with
      a capability session token.
  - name: FlowAnalytics
    description: >-
      Query aggregated analytics and paginated transaction lists for the Flow
      product.
  - name: Custom Networks
    description: >-
      Add and manage custom EVM-compatible networks beyond the built-in chain
      list.
  - name: Chainalysis
    description: >-
      Configure Chainalysis integration for blockchain address screening and
      risk assessment.
  - name: Visits
    description: Track and query user visit activity within your environment.
  - name: ExternalJwt
    description: >-
      Configure external JWT providers so existing auth tokens can be used with
      Dynamic.
  - name: SDK Views
    description: >-
      Manage SDK view configurations that customize the appearance of Dynamic
      modals and flows.
  - name: DeeplinkUrls
    description: Configure deep link URLs for mobile app integration with the Dynamic SDK.
  - name: OrganizationSettings
    description: >-
      Read and update organization-level settings such as approval workflow
      configuration.
  - name: AdminActions
    description: >-
      Manage admin action requests that require approval from another
      administrator.
  - name: ClientGrant
    description: |
      OAuth 2.0 Device Authorization Grant flow (RFC 8628) used by first-party
      Dynamic clients (CLI, MCP server, demo apps, IDE plugins) to obtain a
      revocable, 30-day client JWT without ever seeing the user's dashboard
      session token.
  - name: AuthorizedClients
    description: |
      Manage first-party clients (CLI / MCP / demo / IDE plugins) authorized
      to act as a dashboard user. Surfaced under Profile → Authorized Clients.
paths:
  /environments/{environmentId}/waas/policies:
    get:
      tags:
        - Waas
      summary: Get the WAAS policy for an environment
      description: Returns the WaaS policy for the specified environment.
      operationId: getWaasPolicy
      parameters:
        - $ref: '#/components/parameters/environmentId'
      responses:
        '200':
          description: WAAS policy fetched successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WaasPolicyResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    environmentId:
      in: path
      name: environmentId
      required: true
      description: ID of the environment
      schema:
        $ref: '#/components/schemas/uuid'
  schemas:
    WaasPolicyResponse:
      type: object
      required:
        - policyId
        - projectEnvironmentId
        - createdAt
        - updatedAt
        - policyContent
      properties:
        message:
          type: string
          description: Message describing the operation result
        policyId:
          description: Unique identifier for the wallet policy
          type: string
        projectEnvironmentId:
          $ref: '#/components/schemas/uuid'
        createdAt:
          description: ISO 8601 timestamp of when the policy was created
          type: string
          format: date-time
        updatedAt:
          description: ISO 8601 timestamp of when the policy was last updated
          type: string
          format: date-time
        policyContent:
          description: >-
            List of policy rule objects defining allowed or denied wallet
            operations
          type: array
          items:
            $ref: '#/components/schemas/WaasPolicyRule'
    uuid:
      type: string
      pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      minLength: 36
      maxLength: 36
      example: 95b11417-f18f-457f-8804-68e361f9164f
    WaasPolicyRule:
      type: object
      required:
        - name
        - ruleType
        - chain
      properties:
        ruleId:
          $ref: '#/components/schemas/uuid'
        name:
          type: string
          description: Human-readable name for the rule
        ruleType:
          $ref: '#/components/schemas/WaasPolicyRuleType'
        address:
          description: Target address EVM or SVM (legacy field)
          anyOf:
            - $ref: '#/components/schemas/WalletPublicKey'
            - $ref: '#/components/schemas/SolanaPublicKey'
          deprecated: true
        addresses:
          description: Target address(es) EVM or SVM
          type: array
          items:
            anyOf:
              - $ref: '#/components/schemas/WalletPublicKey'
              - $ref: '#/components/schemas/SolanaPublicKey'
        chain:
          $ref: '#/components/schemas/WaasChainEnum'
        chainId:
          type: number
          description: Chain ID for the policy rule (legacy field)
        chainIds:
          description: Chain IDs for the policy rule
          type: array
          items:
            type: number
        contractAbi:
          type: array
          description: Contract ABI interface
          items:
            type: object
        functionName:
          type: string
          description: Specific function name to permit/deny
        argumentConstraints:
          type: array
          items:
            $ref: '#/components/schemas/WaasPolicyArgumentConstraint'
          description: Validation rules for function arguments
        valueLimit:
          type: object
          description: Value limits for the policy rule
          properties:
            asset:
              description: >-
                Target asset address. If undefined, refers to native token
                (e.g., ETH)
              anyOf:
                - $ref: '#/components/schemas/WalletPublicKey'
                - $ref: '#/components/schemas/SolanaPublicKey'
            maxPerCall:
              type: string
              description: Maximum value per function call (as string to handle bigint)
              pattern: ^[0-9]+$
            totalLimit:
              type: string
              description: Cumulative value limit (as string to handle bigint)
              pattern: ^[0-9]+$
        operationRestrictions:
          type: object
          description: Operation-level restrictions for the wallet
          properties:
            blockExport:
              type: boolean
              description: Block private key export
            blockRevocation:
              type: boolean
              description: Block end-user revocation of delegated access
            blockClientSigning:
              type: boolean
              description: Block all end-user signing (not delegated)
        disableBlockaidSecurityChecks:
          type: boolean
          description: >-
            When true, disables Blockaid security enforcement for this rule.
            Blockaid simulation will still run for policy evaluation, but
            security verdicts (e.g., malicious transactions) will not block
            execution. Transaction approval will be determined solely by
            customer-defined policy rules. Use with caution as this bypasses
            automated security protections.
    Unauthorized:
      type: object
      properties:
        error:
          description: Human-readable error message describing the authentication failure
          type: string
          example: No jwt provided!
    Forbidden:
      type: object
      properties:
        error:
          description: Human-readable error message
          type: string
          example: Access Forbidden
    NotFound:
      type: object
      required:
        - error
        - code
      properties:
        error:
          description: Human-readable error message
          type: string
          example: Not Found
        code:
          description: Machine-readable error code
          type: string
          example: not_found
    InternalServerError:
      type: object
      properties:
        error:
          description: Human-readable error message
          type: string
          example: Internal Server Error
    WaasPolicyRuleType:
      type: string
      enum:
        - allow
        - deny
      description: Whether the rule permits or denies the specified action
    WalletPublicKey:
      type: string
      pattern: ^[A-Za-z0-9_-]{18,100}$
      description: >-
        Valid blockchain wallet address, must be an alphanumeric string
        (underscores allowed for chains like Midnight, hyphens allowed for
        chains using base64url-encoded addresses like TON)
      example: '0xbF394748301603f18d953C90F0b087CBEC0E1834'
      maxLength: 255
    SolanaPublicKey:
      type: string
      pattern: ^[1-9A-HJ-NP-Za-km-z]{43,44}$
      description: >-
        Valid Solana wallet address, must be a 44-character string using base58
        characters
      example: vines1vzrYbzLMRdu58ou5XTby4qAqVRLmqo36NKPTg
    WaasChainEnum:
      type: string
      enum:
        - EVM
        - MIDNIGHT
        - SVM
        - SUI
        - BTC
        - TON
        - STELLAR
        - TEMPO
        - ALEO
        - TRON
    WaasPolicyArgumentConstraint:
      type: object
      required:
        - operator
        - value
        - index
      properties:
        operator:
          $ref: '#/components/schemas/WaasPolicyConstraintCondition'
        value:
          description: Reference value for comparison
        index:
          type: integer
          minimum: 0
          description: Index of the function argument to validate
    WaasPolicyConstraintCondition:
      type: string
      enum:
        - equal
        - greater
        - less
        - greaterEqual
        - lessEqual
        - notEqual
      description: Comparison operator for argument validation
  responses:
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Unauthorized'
    Forbidden:
      description: Forbidden
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Forbidden'
    NotFound:
      description: Not Found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/NotFound'
    InternalServerError:
      description: Internal Server Error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InternalServerError'

````