Sponsorship Rules

Control exactly which transactions you sponsor — per project, per wallet, per function

Sponsorship Rules let you define fine-grained policies for gasless transactions. Instead of sponsoring every transaction from every user, you choose who can transact, which smart contract functions are allowed, and how much gas you're willing to cover.

Rules are configured per-project from the Dashboard — no code changes required. The gateway reads your rules and enforces them before any transaction reaches the relayer.

Available Rules

All rules are optional. When disabled or left empty, no restriction is applied.

Rule	Type	Description
allowedFunctions	string[]	Whitelist of Move functions (e.g. `0x1::coin::transfer`). If set, only these functions are sponsored.
allowedSenders	string[]	Only these wallet addresses can submit sponsored transactions.
blockedSenders	string[]	Block specific wallets from using your sponsorship.
maxTxsPerWalletPerHour	number	Max sponsored transactions per wallet per hour.
maxTxsPerWalletPerDay	number	Max sponsored transactions per wallet per day.
maxGasPerTx	number	Maximum gas units per transaction. Rejects transactions requesting more.
requireCaptcha	boolean	Require a CAPTCHA token with each request to prevent bot abuse.

Dashboard Configuration

Configure rules for each project directly from your dashboard — no code changes, no redeployment.

1. Open the Dashboard and select your project.

2. Expand the Sponsorship Rules panel.

3. Toggle rules on and configure thresholds.

4. Click Save Rules. Changes apply immediately to all new transactions.

CAPTCHA Integration (SDK)

When requireCaptcha is enabled, your frontend must provide a CAPTCHA token with each request.

App.tsx

TypeScript

1import { SmoothSendTransactionSubmitter } from '@smoothsend/sdk';
2 
3const submitter = new SmoothSendTransactionSubmitter({
4  apiKey: process.env.NEXT_PUBLIC_SMOOTHSEND_API_KEY!,
5  network: 'mainnet',
6  getCaptchaToken: async () => {
7    // Return a token from your CAPTCHA provider (e.g. Turnstile, reCAPTCHA)
8    return await turnstile.getToken();
9  },
10});

The SDK calls getCaptchaToken() before each request and includes the token in the X-Captcha-Token header. If the rule is enabled and no token is provided, the request is rejected with 403.

Error Codes

When a transaction violates a sponsorship rule, the relayer returns one of these errors.

HTTP	Code	Meaning
403	SPONSORSHIP_SENDER_BLOCKED	Wallet is on the blocked list.
403	SPONSORSHIP_SENDER_NOT_ALLOWED	Wallet is not on the allowed list.
403	SPONSORSHIP_FUNCTION_NOT_ALLOWED	Contract function is not in the allowlist.
403	SPONSORSHIP_GAS_LIMIT_EXCEEDED	Transaction gas exceeds maxGasPerTx.
403	CAPTCHA_REQUIRED	CAPTCHA token missing or invalid.
429	WALLET_RATE_LIMITED	Wallet exceeded hourly or daily transaction cap.

How It Works

You configure rules in the Dashboard

Rules are stored per-project in the gateway database.

SDK sends a transaction

The request hits the Cloudflare Worker gateway with your API key.

Gateway loads your rules

Rules are read from D1 and forwarded to the relayer as a header.

Relayer enforces rules

Sender lists, rate limits, function allowlists, and gas caps are checked before the transaction is relayed.

← API Reference Examples →