Connection approvals

What is an approval?

Your crypto activity is based on public key cryptography. Your wallet has a matching public and private key generated when the wallet is created.These pair of keys are both necessary to transact: the private key for you to demonstrate that you initiated the transaction, and the public key for the recipient to verify the origin.

For example:

  1. You wish to send one of your contacts tokens.
  2. You possess the recipient's public key and know their wallet address. The transaction is encrypted using the public key.
  3. The transaction is received by the recipient, who also holds the private key. Since their keys are related, the transaction transmitted by their public key can only be unlocked with the corresponding private key, which they alone possess.

This knowledge can now be transferred to approvals - for this we flip the roles of the keys. In this case, the sender encrypts the message with their private key. Since others can easily find out the sender’s public key (i.e. wallet address), the keys can combine to decrypt the message, verifying the sender’s identity. Only a matching pair of keys will reveal the contents of the message, meaning no one can dispute the origin.

Dapp permissions

The first of the two major approval types you will experience is when you first link your wallet to a dapp, whether it be DeFi, a service like Etherscan, or an NFT marketplace.

In order to interact with the platform, you must provide the dapp permission to access your wallet address. The fact that it is referred to as "a permission" or "permissions"—nouns that precisely describe what you are doing—also explains why. Some dapps ask for your permission automatically, while others require you to click "connect" or equivalent buttons.

Giving your permission will, in our case, look something like this:


Token approval

Whether you're an experienced crypto user or a complete newbie, you need to approve access to your tokens to interact with smart contracts within DeFi, blockchain gaming, and NFT purchases.

During a token approval process you are:

  1. Allowing the smart contract to access your token balance. Apex will clearly display at this point how much access you are providing: some dapps may specify a finite quantity of tokens and others request unlimited access
  2. Confirming that you want to complete the transaction in question. This is when you allow the smart contract to submit the transaction to the network on your behalf.

How can I manage approvals/permissions?

We provide our users with full control over how they interact with platforms. Apex is non-custodial which means you have the ability to view and manage dapp and smart contract approvals.

Your connected sites

In our connected site feature, you can review which sites your wallet is connected to and can disconnect at any time.


Your token approvals

In Etherscan, you can check your token approvals and revoke these approvals.

A list of token approvals is displayed once you connect Apex and give Etherscan permission to view your wallet.


Always assess the projects you interact with

Before approving a dapp connection or a smart contract to access your tokens, you should go through a checklist to assess risk. Below are some questions to ask yourself:

  • Is the project well-known?
  • How long has the project been active?
  • Is there an active community on Discord, Telegram, or Twitter?
  • Are the dapp’s developers/owners transparent and have documentation on the site?
  • Have they undergone a third-party smart contract audit?
  • Have you checked the contract address on the block explorer (i.e. Etherscan)? Some contracts may be flagged by users, or check for suspicious activity including large inflows or outflows of cash in short time periods

Key points to remember

  • When dealing with dapps, public key cryptography is utilized to verify your permissions.
  • Dapp permissions entail permitting dapps to see the balance in your wallet.
  • Token approvals allow the smart contract of a dapp to access and move a particular token from your wallet.
  • Before authorizing a dapp's smart contract, make sure you've checked out its credentials and are confident in its reliability.