The current organization is taken from the authenticated session. It is not
selected or supplied when an application is created.
What an application defines
Workspace identity
A unique workspace identifier, display name, description, and application
type.
Contract association
The privacy contract that supplies transaction data for the application.
Application access
A primary contact and explicit permission assignments for organization
members.
Audit boundary
Application-specific audit identity and public integration material when
required by the selected privacy system.
Access required
Application management uses two organization-level permissions:| Permission | Allowed action |
|---|---|
applications:read | List applications and open application details for the current organization. |
applications:create | Create, update, and revoke applications for the current organization. |
Before creating an application
Confirm that:- the associated privacy contract already exists in the current organization;
- the workspace identifier is unique within the organization;
- the application type matches the intended privacy integration;
- any selected primary contact is already an organization member.
| Application type | Intended association |
|---|---|
stellar-pool | A Stellar privacy pool contract. |
solana-confidential-token | A Solana confidential-token contract. |
Create an application
Define the workspace identity
Provide a unique workspace identifier, application name, and optional
description. The workspace identifier is used as the application route
segment and cannot be changed later.
Select the application type and contract
Choose the application type and associate the application with an existing
contract from the current organization.
Assign a primary contact
Optionally select an existing organization member as the primary contact.
The selected member receives application-administrator permissions for the
new application.
- the application creator receives application-administrator permissions when the creator has an organization member record;
- the selected primary contact receives application-administrator permissions;
- the application appears in the organization’s application list;
- its detail view includes the members who currently have application access.
For a Stellar privacy pool associated with a Stellar contract, the platform
creates an application-specific audit identity and public audit key. Private
audit decoding material remains server-side and is never returned in the
application response.
Review applications
The organization application list is paginated and includes the information needed to identify and route work:- workspace identifier and application name;
- application type and contract association;
- optional description and primary contact;
- number of members with application access;
- creation timestamp.
Update an application
The current application management model allows the following fields to be updated:- application name;
- description;
- primary contact.
Changing or clearing the primary contact does not automatically revoke access
previously granted to another member. Review that member’s application
assignment separately in User management.
Manage application access
Application access is stored per organization member and per application. Each assignment contains common, administrator, and auditor permission groups. Use User management to:- grant a member access to an application;
- update the member’s permissions for that application;
- remove one application assignment without affecting other assignments;
- review every application currently available to the member.
Revoke an application
Revoking an application performs a soft deletion within the current organization. The application is removed from active application queries, but the revoke action remains represented in the activity history.Next steps
User management
Assign organization and application access to team members.
Create a case
Request controlled access to evidence inside an application.