Skip to main content
The Registry App uses credential-based allowlists to control which parties are permitted to perform specific actions for an asset. This enables issuers to enforce KYC, AML, regulatory, or business-specific requirements while keeping the rules fully configurable for each instrument. Common use cases include:
  • Restricting who may hold a regulated security.
  • Restricting who may request minting or redemption of a stablecoin.
  • Limiting participation to onboarded investors.
  • Delegating compliance decisions to an external compliance provider.

How Allowlisting Works

Allowlists are implemented using credential contracts. The Instrument Configuration defines the credential requirements for each workflow. When a user performs an action, the Smart Contract model verifies that the required credentials are present before the transaction is executed. Credential requirements can be configured independently for:
  • Holder requirements – Who may hold, receive, or transfer an asset.
  • Mint/Burn requirements – Who may request minting or redemption.
If a requirement is left empty, no credential verification is performed for that workflow.

Configuring an Allowlist

Each credential requirement specifies:
  • Credential Issuer – The party responsible for maintaining the allowlist.
  • Claim Property – The permission being granted (for example canHold or canMint).
  • Claim Value – The asset or permission scope (for example USDX or BondX).
When an action is requested, the Registry App verifies that a valid credential matching the configured requirements exists for the acting party.

Managing the Allowlist

Adding a party to an allowlist is equivalent to issuing a credential with the required claims. Credentials can be created directly through the Registry App. The recommended approach is for the credential issuer to also hold the credential. This allows the allowlist to be maintained unilaterally without requiring the allowlisted party to separately accept or manage credential contracts. To add a party to an allowlist:
  1. Go to the Credential module.
  2. Click offer new credential.
  3. Set the credential holder to use same party
  4. Set the subject to the party being allowlisted.
  5. Add the claims required by the Instrument Configuration.
  6. Click Offer Free credential.
Removing a party from the allowlist simply requires revoking or deleting the corresponding credential.

Example Configurations

Stablecoin

Anyone may hold or transfer the stablecoin, but only KYC-approved parties may request minting or redemption.

Money Market Fund

Only onboarded investors may hold, receive, mint, or redeem fund units.

Tokenized Bond

A third-party compliance provider manages the allowlist independently from the registrar. This model enables issuers to delegate investor onboarding and compliance checks while retaining full control over the asset lifecycle.