Skip to main content
❗️ Payment status by network:
  • naga-dev – usage is currently free; no deposits required.
  • naga-test – payments are enabled using test tokens (see faucet link below).
  • Mainnet – coming soon; mainnet payment details will be announced shortly.
💰 Need Test Tokens? Visit the Chronicle Yellowstone Faucet to get test tokens for your EOA account.
See the Payment Manager Reference API for more details on how to manage payments.

Overview

The Payment Manager handles Lit Protocol’s payment system - a billing mechanism for decentralized cryptographic services. Users deposit funds to pay for compute resources when accessing core network operations:
  • Encryption/Decryption - Encrypt data that only authorized users or conditions can decrypt.
  • PKP Signing - Generate signatures and sign transactions using your PKP wallet.
  • Lit Actions - Execute serverless JavaScript functions for decentralized computation.
Similar to how you pay AWS for cloud computing, this system ensures the decentralized network can sustain itself and compensate node operators. The Payment Manager allows you to deposit funds, request withdrawals (with security delays), and manage balances for yourself or delegate payment for other users - enabling applications to sponsor their users’ costs for a seamless experience.
1

Payment Manager Setup

Naga Test
import { createLitClient } from '@lit-protocol/lit-client';
import { nagaTest } from '@lit-protocol/networks';

// 1. Create lit client
const litClient = await createLitClient({ network: nagaTest });

// 2. Get PaymentManager instance (requires account for transactions)
const paymentManager = await litClient.getPaymentManager({
account: yourAccount // viem account instance
});
2

Create an account

// 1. import the useWalletClient function from wagmi
import { useWalletClient } from 'wagmi';

// 2. Use your connected wallet as the account
const { data: myAccount } = useWalletClient();
3

Deposit funds

// 1. Deposit funds to your own account
const result = await paymentManager.deposit({
  amountInEth: '0.1',
});

console.log(`Deposit successful: ${result.hash}`);
// Returns: { hash: string, receipt: object }

Payment Delegation / Sponsoring Your Users

1

Define spending limit

Define spending limits for the users you want to sponsor (values are in wei).
await paymentManager.setRestriction({
  totalMaxPrice: '1000000000000000000', // 1 ETH equivalent limit
  requestsPerPeriod: '100', // max number of sponsored requests in a period
  periodSeconds: '3600', // rolling window (1 hour in this example)
});
2

Delegate users

With restrictions set, delegate one or more users to spend from your payer wallet.
await paymentManager.delegatePaymentsBatch({
  userAddresses: ['0xAlice...', '0xBob...'],
});
3

(Optional) Inspect Balance

Optionally inspect Payer/Sponsor Ledger balance
const balance = await paymentManager.getBalance({
  userAddress: viemAccount.address,
});
4

Remove users (optional)

Undelegate users when you no longer want to sponsor them.
await paymentManager.undelegatePaymentsBatch({
  userAddresses: ['0xAlice...'],
});

Alternatively

Manage delegation via the hosted or self-hosted Auth Service (see Auth Services setup for the full flow).

After Payment Delegation

Users decrypt as normal – we still call litClient.decrypt with an auth context; the network draws fees from the delegated payer instead of the user’s wallet.
ℹ️ userMaxPrice is recommended for sponsored sessions, typically the same value or less than the the restriction the sponsor set; optional guardrail when self-funded.
// Client-side decrypt with sponsored payments
const authContext = await authManager.createEoaAuthContext({
  litClient,
  config: { account: walletClient },
  authConfig: {
    resources: [
      ['access-control-condition-decryption', '*'],
      ['lit-action-execution', '*'],
    ],
  },
});

const response = await litClient.decrypt({
  data: encryptedData,
  unifiedAccessControlConditions: accs,
  authContext,
  chain: 'ethereum',
  userMaxPrice: 1000000000000000000n,
});

Auth Service API Endpoints

Leverage the hosted Auth Service to manage delegation without exposing private keys in your application. Full request/response details live in the Auth Services setup guide. In practice you will:
  • Call authService.registerPayer (hosted or self-hosted) to derive a payer wallet + payerSecretKey.
  • Call authService.delegateUsers (/add-users) to sponsor a list of user addresses.
  • Or skip the service entirely and use the Payment Manager methods directly (example below).
import { createLitClient } from '@lit-protocol/lit-client';
import { nagaTest } from '@lit-protocol/networks';

// 1. Create the Lit client for the naga-test environment
const litClient = await createLitClient({ network: nagaTest });

const authServiceBaseUrl = 'https://naga-test-auth-service.getlit.dev/';
const apiKey = process.env.YOUR_AUTH_SERVICE_API_KEY!;

// 3. Register a payer wallet (store the secret securely server-side)
const registerResponse = await litClient.authService.registerPayer({
  authServiceBaseUrl,
  apiKey,
});

console.log('Payer wallet:', registerResponse.payerWalletAddress);
console.log('Payer secret (store securely!):', registerResponse.payerSecretKey);

// 4. Later on, delegate payments for multiple users using the saved secret
const delegateResponse = await litClient.authService.delegateUsers({
  authServiceBaseUrl,
  apiKey,
  payerSecretKey: registerResponse.payerSecretKey,
  userAddresses: [
    '0x1234...abcd',
    '0xabcd...1234',
  ],
});

console.log('Delegation submitted with tx hash:', delegateResponse.txHash);

// 5. Continue to use the same payer secret for future delegation calls

How the Auth Service derives payer wallets

  • For hosted or self-hosted deployments, see the derivation and rotation notes in the Auth Services guide. Manual deployments can always provision and delegate entirely via the PaymentManager helper without touching these endpoints.