Allowlists

Control which addresses can receive your token by maintaining an approved list.

Tokens created with requiresAllowlist: true enforce a list of approved destination addresses on allowlist-aware issuance flows such as minting and administrative transfers. Required for tokenized-security tokens. Payment transfers use wallet-level destination allowlists instead.

Prerequisites

A token created with requiresAllowlist enabled
tokens:write permission on the API key

How it works

Enable the allowlist

The allowlist is configured at token creation time. Decide before creating whether your token requires one — it cannot be changed after deployment.

In the Create token flow, step 3 of 3, toggle Allowlist on.

For tokenized-security tokens, the allowlist toggle is pre-enabled and locked.

The Compliance tab on the token detail page shows the allowlist management interface, with an Address and Label field and a Control Lists sidebar tracking entry and frozen account counts.

Operational settings form showing the Allowlist toggle during token creation

Set requiresAllowlist: true when creating the token:

body: JSON.stringify({
  name: "Acme Security",
  symbol: "ACMES",
  decimals: 8,
  template: "tokenized-security",
  requiresAllowlist: true,
  isMintable: true,
  isFreezable: true,
}),

Once deployed, the allowlist is enforced automatically on issuance flows.

Add an address

Add a wallet address to the allowlist before minting to it or using it as an administrative transfer destination.

Open the token detail page and go to the Compliance tab, then select Allowlist.

Enter the wallet address and an optional label, then click Add allowlist entry. The address is enforced on the next allowlist-checked operation.

Compliance Allowlist tab with empty address and label fields, ready to add a new entry

After adding, the entry appears below the form with a Remove entry button.

Allowlist entry added and visible in the list

curl -X POST https://api.solana.com/v1/issuance/tokens/tok_abc123/allowlist \
  -H "Authorization: Bearer sk_test_..." \
  -H "Content-Type: application/json" \
  -d '{
    "address": "7xKXz...9fGh",
    "label": "Treasury wallet"
  }'

const res = await fetch(
  "https://api.solana.com/v1/issuance/tokens/tok_abc123/allowlist",
  {
    method: "POST",
    headers: {
      Authorization: "Bearer sk_test_...",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ address: "7xKXz...9fGh", label: "Treasury wallet" }),
  }
);
// res.data.entry.id — save this to remove the entry later

Review the list

Check which addresses are currently approved. Useful before minting to a new destination or during a compliance audit.

The Allowlist tab shows all approved addresses, their labels, and when they were added.

Use the search field to find a specific address by label or public key.

curl https://api.solana.com/v1/issuance/tokens/tok_abc123/allowlist \
  -H "Authorization: Bearer sk_test_..."

const { data, meta } = await res.json();
// meta: { total, page, pageSize, hasMore }

Supports page and pageSize query parameters.

Remove an address

Remove an address when a holder's compliance status changes. Existing token holdings are unaffected — only future allowlist-enforced flows are blocked.

In the Compliance → Allowlist tab, click Remove entry next to the address. The entry is removed immediately and the Control Lists sidebar updates to 0 entries.

curl -X DELETE \
  https://api.solana.com/v1/issuance/tokens/tok_abc123/allowlist/alw_abc123 \
  -H "Authorization: Bearer sk_test_..."

Use the entry.id returned when the address was added.

Typical workflow for a tokenized security

Create the token with requiresAllowlist: true and template tokenized-security
Deploy the token
Collect wallet addresses from KYC-verified investors
Add each verified address to the allowlist
Mint tokens to allowlisted addresses
Remove addresses when compliance status changes

Is this page helpful?