# Token Authority

{% hint style="info" %}
The token authority system implements a comprehensive permissions model that enables fine-grained control over token operations. This hierarchical permission structure allows token creators to delegate specific authorities to different addresses while maintaining overall control of their token.
{% endhint %}

### Authority Hierarchy

The Authority system follows a hierarchical structure with the `master_authority` at the top:

<figure><img src="/files/C4m0ZM7imyPtRGxi2NOA" alt=""><figcaption></figcaption></figure>

### Permission Types

#### Master Authority (`master_authority`)

The `master_authority` is the root of the permission hierarchy and has complete control over the token.

Capabilities:

* Grant and revoke all other authority types
* Mint tokens without allowance restrictions
* Cannot be changed after token creation

#### Master Mint Burn Authority (`master_mint_burn_authority`)

The `master_mint_burn_authority` can **grant and revoke minting and burning privileges** to other addresses.

Capabilities:

* Grant minting privileges to other addresses with specific allowances
* Grant burning privileges to other addresses&#x20;
* Revoke minting and burning privileges from addresses
* Cannot mint tokens directly

#### Mint Burn Authorities (`mint_burn_authorities`)

Addresses with minting privileges can create new tokens up to their allowance limit. They can also destroy tokens from any account. &#x20;

Capabilities:

* Mint new tokens up to their allowance
* Burn tokens from any account
* Cannot grant minting or burning privileges to others

Constraints:

* Maximum of 20 mint burn authorities per token
* Each mint burn authority has a specific allowance that decreases as they mint tokens

#### Pause Authorities (`pause_authorities`)

The `pause_authorities` can temporarily freeze all token transfers.

Capabilities:

* Pause all token transfers, mints, and burns
* Unpause token operations

Constraints:&#x20;

* Maximum of 5 pause authorities per token

#### List Authorities (`list_authorities`)

List authorities can blacklist or white list an address so that it can make the address able or unable to participating in token operations

if it is black listed, the address will be put into black\_list.

Capabilities:

* Add addresses to the blacklist
* Remove addresses from the blacklist&#x20;

Constraints:

* Maximum of 5 blacklist authorities per token&#x20;
* Blacklisted addresses cannot send or receive tokens

if it is white listed, the address will be put into black\_list.

Capabilities:

* Add addresses to the whitelist
* Whitelisting is effective immediately

Constraints:

* Maximum of 5 list authorities per token&#x20;

#### Metadata Update Authorities (`metadata_update_authorities`)

The metadata update authorities can modify the token's metadata.Capabilities:

* Update token name
* Update token URI
* Update additional metadata key-value pairs

Constraints:

* Maximum of 5 metadata update authorities per token&#x20;

#### Revoking Authorities

Any authority can be revoked by the master\_authority.

***

### Best Practices

#### Separation of Concerns

* Assign different authorities to different addresses based on their responsibilities
* Avoid giving multiple critical authorities to the same address

#### Secure the Master Authority

* Use a highly secure wallet for the master authority
* Consider using a multisig wallet for the master authority in production environments

#### Limited Minting Allowances

* Grant minting authorities with appropriate allowances
* Regularly review and adjust allowances as needed

#### Emergency Planning

* Always have a pause authority assigned for emergency situations
* Test pause/unpause functionality before deploying to production

#### Authority Rotation

* Periodically rotate authorities as part of security best practices
* Revoke authorities from addresses that no longer need them


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.1moneynetwork.com/core-concepts/token-authority.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.