SettleMint
Developer guidesPlatform setup

Add administrators

Grant administrative permissions to users in your organization via API.

This guide explains how to grant platform administrator roles to wallet addresses using the API. Use this for automation, bulk operations, or integration into your provisioning workflows.

For the web interface approach, see the user guide.

Prerequisites

  • Platform URL (e.g., https://your-platform.example.com)
  • API access token with admin system role (required to grant platform administrator roles)
  • Wallet verification method enabled on your account (e.g., pincode or 2FA)
  • Target wallet address (can be any valid address or looked up by email)
  • See Getting Started for API key setup

When to add administrators via API

  • Initial setup automation — Scripting first-time platform configuration
  • Bulk provisioning — Adding multiple administrators in batch operations
  • Organizational onboarding — Integrating with HR/identity systems

Platform vs Asset roles

Platform administrator roles control system-wide operations. Asset-specific roles (Asset Operator, Custodian, Supply Management, Emergency) are assigned per token during asset creation.

Available system roles

RoleDescriptionCommon use cases
adminRoot authority that can grant or revoke all other system rolesPlatform ops account, initial setup
systemManagerCore system configuration (upgrades, registering factories/modules)Deployment team, rarely granted to EOAs
identityManagerIdentity registry maintenance (register/recover identities, onboarding)Compliance/onboarding teams managing identities
tokenManagerToken factory calls such as /api/token/createEvery wallet that deploys assets
complianceManagerGlobal compliance module setup, bypass lists, enforcement togglesCustom compliance flows, allowlists
claimPolicyManagerTrusted issuer and claim topic managementWorkflows that check collateral/KYC claims before minting
claimIssuerPermission to create claims on identitiesAuditors, service providers issuing attestations

Steps to add administrators

Identify target user

Look up the user by email to get their wallet address. If you already have the wallet address, skip this step.

curl -X GET "https://your-platform.example.com/api/user/[email protected]" \
  -H "X-Api-Key: YOUR_API_KEY"

Response:

[
  {
    "id": "usr_abc123",
    "name": "New Admin",
    "wallet": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "role": "member"
  }
]

Save the wallet address for the grant step.

Check existing roles (optional)

Before granting roles, verify the user's current role assignments:

curl -X GET "https://your-platform.example.com/api/system/access-manager/roles" \
  -H "X-Api-Key: YOUR_API_KEY"

Response:

[
  {
    "account": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "roles": []
  },
  {
    "account": "0xExistingAdmin...",
    "roles": ["admin", "tokenManager"]
  }
]

To check a single wallet directly:

curl -X GET "https://your-platform.example.com/api/system/access-manager/roles/0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb" \
  -H "X-Api-Key: YOUR_API_KEY"

Grant administrator role

Assign the desired platform role to the target wallet:

curl -X POST "https://your-platform.example.com/api/system/access-manager/grant-roles" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "account": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "role": "identityManager",
    "walletVerification": { "secretVerificationCode": "YOUR_PINCODE" }
  }'

Response:

{
  "accounts": ["0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"],
  "roles": ["identityManager"]
}

Grant multiple roles

To assign multiple roles in a single transaction:

curl -X POST "https://your-platform.example.com/api/system/access-manager/grant-roles" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "account": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "role": ["identityManager", "tokenManager"],
    "walletVerification": { "secretVerificationCode": "YOUR_PINCODE" }
  }'

Batch limitations

You can grant multiple roles to one address, or one role to multiple addresses, but not multiple roles to multiple addresses in a single request. Use separate requests for complex bulk operations.

Verify role assignment

Confirm the role was granted by checking the updated roles list:

curl -X GET "https://your-platform.example.com/api/system/access-manager/roles" \
  -H "X-Api-Key: YOUR_API_KEY"

The target wallet should now appear with the assigned roles in the response.

User profile with administrative role assignment

Request parameters

ParameterTypeRequiredDescription
accountstring or arrayYesWallet address(es) to grant role to
rolestring or arrayYesRole(s) to grant
walletVerificationobjectYesYour wallet verification to authorize the blockchain transaction

Wallet verification object

FieldTypeDescription
secretVerificationCodestring6-digit pincode or TOTP code
verificationTypestring"PINCODE" (default), "SECRET_CODES", or "OTP"

Response fields

FieldTypeDescription
accountsarrayWallet addresses that received roles
rolesarrayRoles that were granted

Best practices

Role assignment principles

  • Least privilege — Grant only necessary permissions
  • Separation of duties — Divide critical functions among different admins
  • Regular review — Audit role assignments periodically
  • Document decisions — Record why roles were granted for audit purposes

Security considerations

  • Keep admin role restricted to platform ops accounts
  • Use separate wallets for different administrative functions
  • Store API keys securely and rotate regularly
  • Use environment variables for credentials in scripts
  • Test role changes in staging before production

Troubleshooting

IssueSolution
401 UnauthorizedAPI key is invalid, expired, or disabled
403 USER_NOT_AUTHORIZEDVerify you have admin system role. Only admins can grant other system roles.
404 User not foundEmail lookup failed; verify user exists or use wallet address directly
400 Role not foundCheck role name matches exactly (case-sensitive). See available roles table above.
400 Duplicate roleUser already has this role. Check existing roles before granting.
Transaction failsEnsure your wallet has sufficient gas. Verify PIN/OTP is correct.
Batch operation failsCannot grant multiple roles to multiple addresses in one call. Split into separate requests.
User cannot see new permissionsAsk user to log out and back in. Verify transaction was confirmed on-chain.

First administrator setup

Initialize your platform by creating the first administrator account and setting up system infrastructure via API.

Change admin roles

Grant or revoke platform administrator roles.

On this page

PrerequisitesWhen to add administrators via APIRecommended scenariosAvailable system rolesSteps to add administratorsIdentify target userCheck existing roles (optional)Grant administrator roleGrant multiple rolesVerify role assignmentRequest parametersWallet verification objectResponse fieldsBest practicesRole assignment principlesSecurity considerationsTroubleshootingRelated guides