Wallet permissions
When a wallet first connects to a dapp the user is prompted to grant certain permissions. This flow is defined in EIP-2255 and gives dapps a way to request permissions, and users to manage them.
| Method | Purpose |
|---|---|
wallet_getPermissions | Read what this origin is currently allowed to do |
wallet_requestPermissions | Ask the user to grant a capability — often the backing call for "Connect" |
wallet_revokePermissions | Remove a previously granted capability for this site |
Reading capabilities
The wallet_getPermissions method allows for reading what extended capabilities a wallet might have available for use within the app.
For example if a wallet supports wallet_sendCalls (see Batch calls) a app could enable the batching experience in the UI.
Each entry in the returned array represents a single grant. The fields that matter:
parentCapability— the capability being granted, e.g.eth_accountsfor address access.invoker— the origin that holds the grant (your site's URL).caveats— an optional array of scoping constraints, such as limiting which addresses are returned or which RPC methods are permitted.
Caveat type values are wallet-defined. MetaMask's rpc-cap documents common ones like filterResponse and requiredMethods; other wallets may define their own.