diff --git a/authorization/authorization.go b/authorization/authorization.go
new file mode 100644
index 000000000..9f7cbcbc1
--- /dev/null
+++ b/authorization/authorization.go
@@ -0,0 +1,35 @@
+// Copyright 2022 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authorization
+
+import "github.com/matrix-org/dendrite/setup/config"
+
+type AuthorizationArgs struct {
+	RoomId     string
+	UserId     string
+	Permission string
+}
+
+type Authorization interface {
+	IsAllowed(args AuthorizationArgs) (bool, error)
+}
+
+func NewClientApiAuthorization(cfg *config.ClientAPI) Authorization {
+	// Load authorization manager for Zion
+	//if cfg.PublicKeyAuthentication.Ethereum.EnableAuthz {
+	//}
+
+	return &DefaultAuthorization{}
+}
diff --git a/authorization/default_authorization.go b/authorization/default_authorization.go
new file mode 100644
index 000000000..1baba3f86
--- /dev/null
+++ b/authorization/default_authorization.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authorization
+
+type DefaultAuthorization struct {
+}
+
+func (azm *DefaultAuthorization) IsAllowed(args AuthorizationArgs) (bool, error) {
+	// Default. No authorization logic.
+	return true, nil
+}
diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go
index a06ef3c12..441fd7b07 100644
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/gorilla/mux"
 	appserviceAPI "github.com/matrix-org/dendrite/appservice/api"
+	"github.com/matrix-org/dendrite/authorization"
 	"github.com/matrix-org/dendrite/clientapi/api"
 	"github.com/matrix-org/dendrite/clientapi/auth"
 	clientutil "github.com/matrix-org/dendrite/clientapi/httputil"
@@ -73,6 +74,8 @@ func Setup(
 
 	rateLimits := httputil.NewRateLimits(&cfg.RateLimiting)
 	userInteractiveAuth := auth.NewUserInteractive(userAPI, userAPI, cfg)
+	authorization := authorization.NewClientApiAuthorization(cfg)
+	_ = authorization // todo: use this in httputil.MakeAuthAPI
 
 	unstableFeatures := map[string]bool{
 		"org.matrix.e2e_cross_signing": true,
diff --git a/setup/config/config_publickey.go b/setup/config/config_publickey.go
index e214163e2..d834cfefc 100644
--- a/setup/config/config_publickey.go
+++ b/setup/config/config_publickey.go
@@ -21,9 +21,10 @@ func (p EthereumAuthParams) GetParams() interface{} {
 }
 
 type EthereumAuthConfig struct {
-	Enabled  bool  `yaml:"enabled"`
-	Version  uint  `yaml:"version"`
-	ChainIDs []int `yaml:"chain_ids"`
+	Enabled     bool  `yaml:"enabled"`
+	Version     uint  `yaml:"version"`
+	ChainIDs    []int `yaml:"chain_ids"`
+	EnableAuthz bool  `yaml:"enable_authz"` // Flag to enable / disable authorization during development
 }
 
 type PublicKeyAuthentication struct {
diff --git a/web3/account.go b/web3/account.go
new file mode 100644
index 000000000..27eda6b5d
--- /dev/null
+++ b/web3/account.go
@@ -0,0 +1,65 @@
+package web3
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"errors"
+	"fmt"
+	"math/big"
+
+	"github.com/ethereum/go-ethereum/accounts/abi/bind"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/ethclient"
+)
+
+type CreateTransactionSignerArgs struct {
+	PrivateKey string
+	ChainId    int64
+	Client     *ethclient.Client
+	GasValue   int64 // in wei
+	GasLimit   int64 // in units
+}
+
+func CreateTransactionSigner(args CreateTransactionSignerArgs) (*bind.TransactOpts, error) {
+	privateKey, err := crypto.HexToECDSA(args.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	publicKey := privateKey.Public()
+	publicKeyECDSA, ok := publicKey.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, errors.New("cannot create public key ECDSA")
+	}
+
+	fromAddress := crypto.PubkeyToAddress(*publicKeyECDSA)
+
+	nonce, err := args.Client.PendingNonceAt(context.Background(), fromAddress)
+	if err != nil {
+		return nil, err
+	}
+
+	gasPrice, err := args.Client.SuggestGasPrice((context.Background()))
+	if err != nil {
+		return nil, err
+	}
+
+	signer, err := bind.NewKeyedTransactorWithChainID(privateKey, big.NewInt(args.ChainId))
+	if err != nil {
+		return nil, err
+	}
+
+	signer.Nonce = big.NewInt(int64(nonce))
+	signer.Value = big.NewInt(args.GasValue)
+	signer.GasLimit = uint64(args.GasLimit)
+	signer.GasPrice = gasPrice
+
+	fmt.Printf("{ nonce: %d, value: %d, gasLimit: %d, gasPrice: %d }\n",
+		signer.Nonce,
+		signer.Value,
+		signer.GasLimit,
+		signer.GasPrice,
+	)
+
+	return signer, nil
+}
diff --git a/web3/client.go b/web3/client.go
new file mode 100644
index 000000000..9cd643648
--- /dev/null
+++ b/web3/client.go
@@ -0,0 +1,14 @@
+package web3
+
+import (
+	"github.com/ethereum/go-ethereum/ethclient"
+)
+
+func GetEthClient(web3ProviderUrl string) (*ethclient.Client, error) {
+	client, err := ethclient.Dial(web3ProviderUrl)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}