# Whitelist

The whitelist feature enables token issuers to **explicitly grant access** to specific addresses for holding and transferring tokens. This feature is **only available for private tokens** (tokens created with `is_private = true`).

### How It Works

* **Default State**: No addresses can use the token
* **After Whitelisting**: Only approved addresses can receive and send the token
* **Authority**: Only the token's master authority can manage the whitelist

### Use Cases

* **Security Tokens**: Restrict access to accredited investors only
* **Private Sales**: Control participation in token sales
* **Enterprise Tokens**: Limit usage to verified business partners
* **Membership Tokens**: Grant access to exclusive community members

### Key Points

* Only whitelisted addresses can interact with the token
* Non-whitelisted addresses **cannot**:
  * Receive tokens (transfers will fail)
  * Send tokens (blocked at protocol level)
  * View or interact with token functions
* Whitelist status can be revoked at any time
* All whitelist changes are recorded on-chain

### Common Scenarios

#### KYC/AML Compliance

Private tokens often require Know Your Customer (KYC) verification before whitelisting, ensuring only verified users can participate.

#### Phased Access

Projects can gradually whitelist addresses for controlled token distribution phases (private sale → public sale → general access).

#### Geographic Restrictions

Whitelist only addresses from permitted jurisdictions to comply with regional regulations.

### Important Notes

* **Private Tokens Only**: Cannot use whitelist on public tokens
* **Strict Access Control**: No exceptions for non-whitelisted addresses
* **Planning Required**: Must whitelist addresses before they can receive tokens
* **Operational Overhead**: Requires active management as new users join

## POST /v1/tokens/manage\_whitelist

>

```json
{"openapi":"3.1.0","info":{"title":"om-api-rest","version":"0.1.0"},"tags":[{"name":"tokens","description":"Tokens API"}],"servers":[{"url":"https://api.testnet.1money.network","description":"Testnet API server"},{"url":"https://api.1money.network","description":"Mainnet API server"},{"url":"http://localhost:18555","description":"Local API server"}],"paths":{"/v1/tokens/manage_whitelist":{"post":{"tags":["tokens"],"operationId":"manage_whitelist","requestBody":{"description":"token whitelist management request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WhitelistRequest"}}},"required":true},"responses":{"200":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Hash"}}}},"400":{"description":"Client error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RESTErrorData"}}}},"404":{"description":"Resource not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RESTErrorData"}}}},"408":{"description":"Request timeout","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RESTErrorData"}}}},"422":{"description":"Business logic error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RESTErrorData"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RESTErrorData"}}}}}}}},"components":{"schemas":{"WhitelistRequest":{"allOf":[{"$ref":"#/components/schemas/WhitelistPayload"},{"type":"object","required":["signature"],"properties":{"signature":{"$ref":"#/components/schemas/RestSignature"}}}],"description":"Whitelist request for managing token whitelists"},"WhitelistPayload":{"type":"object","description":"Payload for whitelist operations","required":["chain_id","nonce","action","address","token"],"properties":{"action":{"$ref":"#/components/schemas/WhitelistAction","description":"The action of the transaction: Add or Remove from whitelist."},"address":{"$ref":"#/components/schemas/AddressSchema","description":"The address to be added to or removed from whitelist."},"chain_id":{"type":"integer","format":"int64","description":"The chain id of the transaction.","minimum":0},"nonce":{"type":"integer","format":"int64","description":"The nonce of the transaction.","minimum":0},"token":{"$ref":"#/components/schemas/TokenAddressSchema","description":"The token address of the transaction."}}},"WhitelistAction":{"type":"string","description":"Action types for whitelist operations","enum":["Add","Remove"]},"AddressSchema":{"type":"string","title":"string"},"TokenAddressSchema":{"type":"string","title":"string"},"RestSignature":{"type":"object","description":"Signature type for REST requests.\n\nWe use this type to avoid the ambiguity of the signature type in the core\nprimitives.\n\nThis type is referred to `https://github.com/alloy-rs/alloy/blob/b2278c40b2693908e4e5108d65ade26e8d716765/crates/rpc-types-eth/src/transaction/signature.rs#L9`.","required":["r","s","v"],"properties":{"r":{"$ref":"#/components/schemas/SignatureRSchema","description":"The R field of the signature; the point on the curve."},"s":{"$ref":"#/components/schemas/SignatureSSchema","description":"The S field of the signature; the point on the curve."},"v":{"type":"integer","format":"int64","description":"For EIP-155, EIP-2930 and Blob transactions this is set to the parity (0\nfor even, 1 for odd) of the y-value of the secp256k1 signature.\n\nFor legacy transactions, this is the recovery id\n\nSee also <https://ethereum.github.io/execution-apis/api-documentation/> and <https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_gettransactionbyhash>","minimum":0}}},"SignatureRSchema":{"type":"string","title":"string","description":"Signature R schema"},"SignatureSSchema":{"type":"string","title":"string","description":"Signature S schema"},"Hash":{"type":"object","description":"Represents a transaction hash returned by the API.","required":["hash"],"properties":{"hash":{"$ref":"#/components/schemas/B256Schema"}}},"B256Schema":{"type":"string","title":"string"},"RESTErrorData":{"type":"object","required":["error_code","message"],"properties":{"error_code":{"type":"string","description":"Structured error code for programmatic handling"},"message":{"type":"string","description":"Human-readable error message"}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.1moneynetwork.com/integrations/rest-apis/tokens/whitelist.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.