SettleMint
Platform setup

Add administrators

Grant DALP platform administrator roles through the API when provisioning operators, compliance teams, auditors, or automation accounts.

Grant platform administrator roles to wallet addresses with the Platform API. Use the API path for automation, bulk operations, or provisioning workflows.

Adding administrators gives selected wallets access to platform-wide operating surfaces before they create API keys or manage assets.

Rendering diagram...

For the web interface approach, see the user guide. Both paths write the same on-chain role record.

Prerequisites

Gather the following before you begin.

  • Platform URL
  • API key with admin system role
  • Wallet verification (pincode or 2FA)
  • Target wallet address or email

For API key setup, see Getting Started.

When to add administrators via API

Use the API to automate initial setup or bulk-provision multiple admins in a single script. You can also integrate role grants into HR and identity provisioning workflows.

Available system roles

Each role grants a distinct set of platform capabilities. Grant only the roles each account needs.

RoleDescriptionCommon use cases
adminRoot authority that can grant or revoke all other system rolesPlatform ops account, initial setup
systemManagerCore system configuration (upgrades, registering factories/modules)Deployment team, rarely granted to EOAs
auditorRead-only inspection of operational and security-sensitive surfacesAudit users who need visibility without operator rights
identityManagerIdentity registry maintenance (register/recover identities, onboarding)Compliance/onboarding teams managing identities
tokenManagerToken factory calls such as /api/token/createEvery wallet that deploys assets
complianceManagerGlobal compliance module setup, bypass lists, enforcement togglesCustom compliance flows, allowlists
claimPolicyManagerTrusted issuer and claim topic managementWorkflows that check collateral/KYC claims before minting
claimIssuerPermission to create claims on identitiesAuditors, service providers issuing attestations
feedsManagerFeed registration, updates, and removalTeams operating pricing or market data feeds
gasManagerPaymaster funding and sponsorship configurationTeams operating advanced accounts gas sponsorship

Steps to add administrators

Identify target user

Look up the user by email to get their wallet address. If you already have the wallet address, skip this step. The platform returns the on-chain wallet tied to that account:

curl -X GET "https://your-platform.example.com/api/user/[email protected]" \
  -H "X-Api-Key: YOUR_API_KEY"
[
  {
    "id": "usr_abc123",
    "name": "New Admin",
    "wallet": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "role": "member"
  }
]

Save the wallet address for the grant step. If the user is not found, verify the email exists on the platform before proceeding.

Check existing roles (optional)

Before granting roles, verify the user's current assignments. Checking first prevents duplicate-role errors and confirms the target account is correct. The platform returns all accounts and their current roles:

curl -X GET "https://your-platform.example.com/api/system/access-manager/roles" \
  -H "X-Api-Key: YOUR_API_KEY"
[
  {
    "account": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "roles": []
  },
  {
    "account": "0xExistingAdmin...",
    "roles": ["admin", "tokenManager"]
  }
]

To check a single wallet, pass its address as a path segment:

curl -X GET "https://your-platform.example.com/api/system/access-manager/roles/0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb" \
  -H "X-Api-Key: YOUR_API_KEY"

Grant administrator role

Assign the desired platform role to the target wallet. The platform returns the wallet and the granted role on success.

curl -X POST "https://your-platform.example.com/api/system/access-manager/grant-roles" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "account": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "role": "identityManager",
    "walletVerification": { "secretVerificationCode": "YOUR_PINCODE" }
  }'
{
  "accounts": ["0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"],
  "roles": ["identityManager"]
}

Grant multiple roles

To assign multiple roles in a single transaction, pass an array for the role field.

curl -X POST "https://your-platform.example.com/api/system/access-manager/grant-roles" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "account": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "role": ["identityManager", "tokenManager"],
    "walletVerification": { "secretVerificationCode": "YOUR_PINCODE" }
  }'

Verify role assignment

Confirm the grant succeeded by checking the updated roles list. The target wallet now appears with its assigned roles in the response. Confirm the correct roles appear before logging the change.

curl -X GET "https://your-platform.example.com/api/system/access-manager/roles" \
  -H "X-Api-Key: YOUR_API_KEY"

User profile with administrative role assignment

Request parameters

All three parameters are required.

ParameterTypeRequiredDescription
accountstring or arrayYesWallet address(es) to grant role to
rolestring or arrayYesRole(s) to grant
walletVerificationobjectYesYour wallet verification to authorize the blockchain transaction

Wallet verification object

The walletVerification object authorizes the on-chain transaction. Pass the code that matches your account's configured method. The platform rejects the request if the code is missing or incorrect.

FieldTypeDescription
secretVerificationCodestring6-digit pincode or TOTP code
verificationTypestring"PINCODE" (default), "SECRET_CODES", or "OTP"

Response fields

A successful grant returns the wallet addresses and roles affected by the operation. Use the response to confirm which accounts and roles the platform wrote on-chain.

FieldTypeDescription
accountsarrayWallet addresses that received roles
rolesarrayRoles that were granted

Best practices

Apply these practices before granting roles in a production environment. They reduce the blast radius of a compromised account and make periodic access reviews easier to complete.

Role assignment principles

Grant only the permissions each account needs. Divide critical functions among different admins to enforce separation of duties. Review assignments periodically and record the reason for each grant. Keeping a clear record makes audits faster and access reviews more accurate.

Security considerations

Limit exposure from a compromised account.

  • Restrict admin to platform ops accounts
  • Use separate wallets per function
  • Rotate API keys regularly
  • Store credentials in environment variables
  • Test role changes in staging first

Troubleshooting

IssueSolution
401 UnauthorizedAPI key is invalid, expired, or disabled
403 USER_NOT_AUTHORIZEDVerify you have admin system role. Only admins can grant other system roles.
404 User not foundEmail lookup failed; verify user exists or use wallet address directly
400 Role not foundCheck role name matches exactly (case-sensitive). See available roles table above.
400 Duplicate roleUser already has this role. Check existing roles before granting.
Transaction failsEnsure your wallet has sufficient gas. Verify PIN/OTP is correct.
Batch operation failsCannot grant multiple roles to multiple addresses in one call. Split into separate requests.
User cannot see new permissionsAsk user to log out and back in. Verify transaction was confirmed on-chain.

On this page