Add restricted method text (MetaMask#1217)

* Add restricted method text * update restricted * add correct paths * add backticks * update links * update links * update links * update links * update links * update links * Update wallet/concepts/wallet-api.md Co-authored-by: Alexandra Tran Carrillo <[email protected]> * revert changes * fix typo * Apply suggestions from code review Co-authored-by: Alexandra Tran Carrillo <[email protected]> * move note * Add snaps example * change link * Apply suggestions from code review Co-authored-by: Alexandra Tran Carrillo <[email protected]> * Apply suggestions from code review Co-authored-by: Alexandra Tran Carrillo <[email protected]> --------- Co-authored-by: Alexandra Tran Carrillo <[email protected]>
Bjoganz · Mar 22, 2024 · 4554589 · 4554589
1 parent e9e616b
commit 4554589
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 32 deletions.
diff --git a/snaps/how-to/request-permissions.md b/snaps/how-to/request-permissions.md
@@ -54,16 +54,30 @@ See the [`eth_accounts` dynamic permission](../reference/permissions.md#eth_acco
 
 ## Request permissions from a dapp
 
-Dapps that communicate with Snaps must request permission to do so by calling the
+Dapps that communicate with Snaps using [`wallet_snap`](/wallet/reference/wallet_snap) and [`wallet_invokeSnap`](/wallet/reference/wallet_invokesnap) must request permission to do so by calling the
 [`wallet_requestSnaps`](/wallet/reference/wallet_requestsnaps) MetaMask JSON-RPC API method.
 
-For example, to request permission to connect to the `hello-snap` Snap:
+The following example calls `wallet_requestSnaps` to request permission to connect to the `hello-snap` Snap, then calls `wallet_invokeSnap` to invoke the `hello` JSON-RPC method exposed by the Snap:
 
 ```js title="index.js"
+// If the Snap is not already installed, the user will be prompted to install it.
 await window.ethereum.request({
   method: 'wallet_requestSnaps',
   params: {
+    // Assuming the Snap is published to npm using the package name 'hello-snap'.
     'npm:hello-snap': {},
   },
 });
+
+// Invoke the 'hello' JSON-RPC method exposed by the Snap.
+const response = await window.ethereum.request({
+  method: 'wallet_invokeSnap',
+  params: { snapId: 'npm:hello-snap', request: { method: 'hello' } },
+});
+
+console.log(response); // 'world!'
 ```
+
+:::note
+Learn more about implementing [custom JSON-RPC APIs](../learn/about-snaps/apis.md#custom-json-rpc-apis) in a Snap.
+:::
diff --git a/snaps/learn/about-snaps/apis.md b/snaps/learn/about-snaps/apis.md
@@ -102,19 +102,19 @@ The `ethereum` global available to Snaps has fewer capabilities than `window.eth
 Snaps can only use it to make read requests, not to write to the blockchain or initiate transactions.
 Snaps can call all MetaMask API methods **except** the following:
 
-- `wallet_requestSnaps`
-- `wallet_requestPermissions`
-- `wallet_revokePermissions`
-- `wallet_addEthereumChain`
-- `wallet_switchEthereumChain`
-- `wallet_watchAsset`
-- `wallet_registerOnboarding`
-- `wallet_scanQRCode`
-- `eth_sendRawTransaction`
-- `eth_sendTransaction`
-- `eth_signTypedData_v4`
-- `eth_decrypt`
-- `eth_getEncryptionPublicKey`
+- [`wallet_requestSnaps`](/wallet/reference/wallet_requestSnaps)
+- [`wallet_requestPermissions`](/wallet/reference/wallet_requestPermissions)
+- [`wallet_revokePermissions`](/wallet/reference/wallet_revokePermissions)
+- [`wallet_addEthereumChain`](/wallet/reference/wallet_addEthereumChain)
+- [`wallet_switchEthereumChain`](/wallet/reference/wallet_switchEthereumChain)
+- [`wallet_watchAsset`](/wallet/reference/wallet_watchAsset)
+- [`wallet_registerOnboarding`](/wallet/reference/wallet_registerOnboarding)
+- [`wallet_scanQRCode`](/wallet/reference/wallet_scanQRCode)
+- [`eth_sendRawTransaction`](/wallet/reference/eth_sendRawTransaction)
+- [`eth_sendTransaction`](/wallet/reference/eth_sendTransaction)
+- [`eth_signTypedData_v4`](/wallet/reference/eth_signTypedData_v4)
+- [`eth_decrypt`](/wallet/reference/eth_decrypt)
+- [`eth_getEncryptionPublicKey`](/wallet/reference/eth_getEncryptionPublicKey)
 
 ## Custom JSON-RPC APIs
 
@@ -178,4 +178,4 @@ const response = await window.ethereum.request({
 });
 
 console.log(response); // 'world!'
-```
+```
diff --git a/snaps/reference/snaps-api.md b/snaps/reference/snaps-api.md
@@ -858,4 +858,4 @@ await snap.request({
     message: 'Hello, world!',
   },
 });
-```
+```
diff --git a/wallet/concepts/wallet-api.md b/wallet/concepts/wallet-api.md
@@ -61,23 +61,41 @@ Make sure to handle errors for every call to
 [`request()`](../reference/provider-api.md#request).
 :::
 
+The RPC methods are divided into the following:
+
+- [Restricted methods](#restricted-methods) -  Require user consent for actions that impact assets or data (for example, initiating a transaction).
+- [Unrestricted methods](#unrestricted-methods) - Allow dapps to perform basic actions without permission (for example, retrieving a public address).
+
 ### Restricted methods
 
-MetaMask introduced wallet permissions in [EIP-2255](https://eips.ethereum.org/EIPS/eip-2255).
-In this permissions system, each RPC method is restricted or unrestricted.
-If a method is restricted, a dapp must request permission to call it using
-[`wallet_requestPermissions`](/wallet/reference/wallet_requestpermissions).
+MetaMask implements permissions based on [EIP-2255](https://eips.ethereum.org/EIPS/eip-2255) to enhance security for when users interact with dapps. 
+This requires that dapps obtain user consent before accessing certain features. 
 Under the hood, permissions are plain, JSON-compatible objects, with fields that are mostly used
 internally by MetaMask.
 
-Outside of [Snaps restricted methods](/snaps/reference/rpc-api/#restricted-methods), the only
-restricted method is [`eth_accounts`](/wallet/reference/eth_accounts), which allows you to access
-the user's Ethereum accounts.
-More restricted methods will be added in the future.
+Restricted methods are methods that cannot be called unless you have permission to do so using [`wallet_requestPermissions`](/wallet/reference/wallet_requestpermissions) or [`wallet_requestSnaps`](/wallet/reference/wallet_requestSnaps).
+
+The following methods are restricted:
+
+- [`eth_accounts`](/wallet/reference/eth_accounts) - Gaining permission requires calling `wallet_requestPermissions`. 
+Granting permission for `eth_accounts` also grants permissions for the following methods:
+  - [`eth_sendTransaction`](/wallet/reference/eth_sendTransaction)
+  - [`personal_sign`](/wallet/reference/personal_sign)
+  - [`eth_signTypedData_v4`](/wallet/reference/eth_signTypedData_v4)
+
+:::caution important
+To access accounts, we recommend using [`eth_requestAccounts`](/wallet/reference/eth_requestAccounts), which automatically asks for permission to use `eth_accounts` by calling `wallet_requestPermissions` internally.
+See [how to access a user's accounts](../how-to/connect/access-accounts.md) for more information.
+:::
+
+- [`wallet_snap`](/wallet/reference/wallet_snap) - Gaining permission requires calling `wallet_requestSnap`.
+- [`wallet_invokeSnap`](/wallet/reference/wallet_invokeSnap) - Gaining permission requires calling `wallet_requestSnap`.
+
+:::info note
+For more information on using `wallet_snap` and `wallet_invokeSnap`, see the [how to request Snap permissions from a dapp](/snaps/how-to/request-permissions/#request-permissions-from-a-dapp).
+:::
 
 ### Unrestricted methods
 
-Unrestricted methods do not require requesting permission to call them, but they might still rely on
-permissions to succeed (for example, the signing methods require calling the restricted
-[`eth_accounts`](/wallet/reference/eth_accounts) method), or they might require confirmation by the
+Unrestricted methods do not require requesting permission to call them, but they might require confirmation by the
 user (for example, [`wallet_addEthereumChain`](/wallet/reference/wallet_addethereumchain)).
diff --git a/wallet/how-to/manage-permissions.md b/wallet/how-to/manage-permissions.md
@@ -17,7 +17,7 @@ These methods are specified by [EIP-2255](https://eips.ethereum.org/EIPS/eip-225
 allow the dapp to call the requested method.
 The confirmation screen describes the functions and data the requested method can access.
 For example, something like the following confirmation displays when you request permission to call
-the [`eth_accounts`](/wallet/reference/eth_accounts) restricted method:
+the restricted method [`eth_accounts`](/wallet/reference/eth_accounts):
 
 <div class="row margin-bottom--md">
     <div class="column">
@@ -31,8 +31,9 @@ the [`eth_accounts`](/wallet/reference/eth_accounts) restricted method:
 :::info note
 To access accounts, we recommend using [`eth_requestAccounts`](/wallet/reference/eth_requestAccounts),
 which automatically asks for permission to use `eth_accounts` by calling `wallet_requestPermissions`
-internally.
-See [how to access a user's accounts](connect/access-accounts.md) for more information.
+internally. 
+See [how to access a user's accounts](../connect/access-accounts) for more information.
+Granting permission for `eth_accounts` also grants access to [`eth_sendTransaction`](/wallet/reference/eth_sendTransaction), [`personal_sign`](/wallet/reference/personal_sign), and [`eth_signTypedData_v4`](/wallet/reference/eth_signTypedData_v4). 
 :::
 
 ## Request permissions example
@@ -81,4 +82,4 @@ await provider // Or window.ethereum if you don't support EIP-6963.
             },
         ],
     });
-```
+```
-Original file line number
+Diff line change
@@ Expand Up / @@ -858,4 +858,4 @@ await snap.request({ @@
         message: 'Hello, world!',
       },
     });
-    ```
+    ```