Wallet Capabilities

Keythings Wallet uses a granular capability system that makes dApp connections clear and secure.

Overview

Keythings Wallet implements a four-capability permission system. Each capability grants specific, limited access:

read — View wallet data, account balances, transaction history, and network information
sign — Sign messages and operations without broadcasting
transact — Send transactions and interact with smart contracts
network — Switch or add custom networks

Common Permission Combinations

Most dApps use one of these common patterns:

Default: read + transact

The default connection type provides read access and transaction capability.

Default Connection: Read + Transact

Most dApps need both read and transaction capabilities. This is the default connection type that provides:

Read Access: View wallet data, account balances, transaction history, and network information
Transact Access: Send transactions, sign operations, and interact with smart contracts

Connection Dialog

When a dApp requests default permissions, users see:

Allow localhost:3000 to send transactions and view your wallet data.

Approving grants this site read and transact access to your wallet. Only continue if you trust this website.

Use Cases

DeFi applications (swaps, lending, staking)
NFT marketplaces
Gaming dApps
Social platforms with transactions
Any interactive dApp that needs to send transactions

Read-Only Access

Some applications only need to view wallet information. Request just the 'read' capability:

Read Access: View wallet data, account balances, transaction history, and network information
No Signing: Cannot sign messages or send transactions

Connection Dialog

When a dApp requests read-only permissions, users see:

Allow localhost:3000 to view your wallet data.

Approving grants this site read-only access to your wallet. Only continue if you trust this website.

Use Cases

Portfolio trackers
Analytics dashboards
Block explorers
Tax reporting tools
Any application that only needs to view wallet data

Implementation for Developers

As a dApp developer, you can request the appropriate capabilities:

Implementation Examples

const provider = getKeetaProvider() const accounts = await provider.requestAccounts() // Automatically grants read + transact capabilities

Capability Reference

Capability	Grants	Example Use
read	View balances, history, network info	Portfolio trackers, analytics
sign	Sign messages without broadcasting	Message signing, authentication
transact	Send transactions, call contracts	DeFi, NFT minting, transfers
network	Switch or add custom networks	Multi-chain dApps, testing

Security Benefits

The capability system provides several security advantages:

Granular Permissions: Users grant exactly what your dApp needs
Principle of Least Privilege: Request only capabilities you use
Transparent Dialogs: Connection approval clearly states what permissions are being granted
Capability Expiration: Capabilities expire to limit exposure

Best Practices

Request Minimum Capabilities: Only request what your dApp actually needs
Handle Capability Errors: Implement proper error handling for denied capabilities
Refresh Before Expiry: Proactively refresh capabilities before they expire
User Education: Explain to users what permissions your dApp needs and why

Remember

The capability system makes wallet connections granular and secure. Request only the capabilities your dApp needs, and handle permission denials gracefully.

← Previous

API Reference

Complete API documentation for dApp integration.

Integration Patterns

Copy-ready wallet + SDK recipes for dApp and enterprise teams.