Who Can Spend Your Tokens?
Interacting with DeFi apps, we usually approve token allowances to enable the dApp to make transactions on our behalf. It's easy to forget about those allowances and the spending limits involved.
Later on it can mean that an exploited project's contract has unlimited access to the tokens in your wallet. And malicious actors can spend those tokens even if you have withdrawn your funds from the smart contract back into your wallet.
Having the means to keep track of the contracts authorized to spend your tokens would help DeFi users control their funds, take preventive measures to eliminate malicious spending, or build reactive mechanisms to minimize an exploit:
- Know who can spend your tokens.
- Be aware of allowed spending limits.
- Revoke allowances for smart contracts you no longer use or trust (in progress).
We have a specific API to help keeping your mind at peace in this matter — ankr_getTokenAllowances
.
ankr_getTokenAllowances
Retrieves smart contracts allowed to spend tokens owned by a particular account.
The idea of this method is rather straightforward: you provide the account address, and the API lists all smart contracts allowed to spend your tokens along with the metadata available for those allowances.
The method itself is part of our Advanced API collection that optimizes, indexes, caches, and stores blockchain data, so you can query it at near-instant speeds and search across multiple supported chains at once.
API features:
- Review who can spend your funds.
- Check spending limits (and other metadata).
- View allowances across 10 chains.
- Make informed decisions to reduce the risk of losing funds to hacks or exploits.
Possible users:
- dApps — to check addresses that can spend tokens owned by a wallet, and then build code that offers a revoke.
- Wallet providers/Portfolio dashboards — to show their users contract allowances for improved security and token management.
Parameters
-
id
(int64; required): a request ID (example: 1). -
jsonrpc
(string; required): a JSON RPC spec used (example: 2.0). -
method
(string; required): a method used for the request. -
params
(array): request body parameters:walletAddress
(required; string): the account address to check for smart contract allowances; supports ENS naming.blockchain
(optional; string): a chain or a combination of chains to query:- Single chain:
arbitrum
,avalanche
,base
,bsc
,eth
,fantom
,flare
,gnosis
,linea
,optimism
,polygon
,polygon_zkevm
,rollux
,scroll
,stellar
,syscoin
,avalanche_fuji
,base_sepolia
,eth_holesky
,eth_sepolia
,optimism_testnet
,polygon_amoy
. - Chains combination:
[arbitrum, avalanche, base, bsc, eth, fantom, flare, gnosis, linea, optimism, polygon, polygon_zkevm, rollux, scroll, stellar, syscoin, avalanche_fuji, base_sepolia, eth_holesky, eth_sepolia, optimism_testnet, polygon_amoy]
. - All chains: leave the value empty to query all the chains available.
- Single chain:
spenderAddress
(optional; string): an address approved to spend tokens.contractAddress
(optional; string): an address of the token contract.
Response
Returns detailed metadata for the contracts allowed to spend tokens of the account address specified. Can query multiple chains in a single request.
Code Examples
Request
curl --location --request POST 'https://rpc.ankr.com/multichain' \
--header 'Content-Type: application/json' \
--data-raw '{
"jsonrpc": "2.0",
"method": "ankr_getTokenAllowances",
"params": {
"blockchain": "bsc",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
},
"id": 1
}'
Response (single chain)
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"allowances": [
{
"walletAddress": "0xd8da6bf26964af9d7eed9e03e53415d37aa96045",
"spenderAddress": "0x749f37df06a99d6a8e065dd065f8cf947ca23697",
"contractAddress": "0xe9e7cea3dedca5984780bafc599bd69add087d56",
"value": "84374.759982025218241696",
"tokenDecimals": 18,
"blockHeight": 28753241,
"timestamp": 1685720603,
"transactionHash": "0x08a78f662a7872a95bfdab5e69d2a5b5721f2b0cb668cd03713cde1db34f7542",
"blockchain": "bsc",
"tokenName": "BUSD Token",
"tokenSymbol": "BUSD",
"thumbnail": "https://raw.githubusercontent.com/trustwallet/assets/master/blockchains/smartchain/assets/0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56/logo.png",
"rawLog": {
"blockchain": "bsc",
"address": "0xe9e7cea3dedca5984780bafc599bd69add087d56",
"topics": [
"0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925",
"0x000000000000000000000000d8da6bf26964af9d7eed9e03e53415d37aa96045",
"0x000000000000000000000000749f37df06a99d6a8e065dd065f8cf947ca23697"
],
"data": "0x0000000000000000000000000000000000000000000011ddf703ef03b168b4a0",
"blockNumber": "0x1b6bd59",
"transactionHash": "0x08a78f662a7872a95bfdab5e69d2a5b5721f2b0cb668cd03713cde1db34f7542",
"transactionIndex": "0x2f",
"blockHash": "0x666a9eacd3ac13378a412b358aa41ecc2c0e534536bf21e60c1014311b0e6f1d",
"logIndex": "0x73",
"removed": false
}
},
{
"walletAddress": "0xd8da6bf26964af9d7eed9e03e53415d37aa96045",
"spenderAddress": "0x13f4ea83d0bd40e75c8222255bc855a974568dd4",
"contractAddress": "0x2170ed0880ac9a755fd29b2688956bd959f933f8",
"value": "44.812352180632424077",
"tokenDecimals": 18,
"blockHeight": 28753211,
"timestamp": 1685720513,
"transactionHash": "0x8cc55219401e8a63aab41a33aea7a8ae6ca10de29b75f0884c685e5e44ab785d",
"blockchain": "bsc",
"tokenName": "Ethereum Token",
"tokenSymbol": "ETH",
"thumbnail": "https://raw.githubusercontent.com/trustwallet/assets/master/blockchains/smartchain/assets/0x2170Ed0880ac9A755fd29B2688956BD959F933F8/logo.png",
"rawLog": {
"blockchain": "bsc",
"address": "0x2170ed0880ac9a755fd29b2688956bd959f933f8",
"topics": [
"0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925",
"0x000000000000000000000000d8da6bf26964af9d7eed9e03e53415d37aa96045",
"0x00000000000000000000000013f4ea83d0bd40e75c8222255bc855a974568dd4"
],
"data": "0x0000000000000000000000000000000000000000000000026de574e1dc4c0e8d",
"blockNumber": "0x1b6bd3b",
"transactionHash": "0x8cc55219401e8a63aab41a33aea7a8ae6ca10de29b75f0884c685e5e44ab785d",
"transactionIndex": "0x7c",
"blockHash": "0xc560ca161bd6a76d90e5fc6c083835848500ded1a5d587c974f41aa85e2517f4",
"logIndex": "0x134",
"removed": false
}
}
]
}
}