Please note that, instead of calling the XUMM API yourself, you can use the XUMM SDK instead. Here's a tutorial.
If you want to call the API yourself: the xumm API lives at
https://xumm.app/api/v1/platform/<endpoint>. Please check out the API Docs for available endpoints and methods.
All calls to the xumm API have to contain at least these three HTTP headers:
Anyone in possession of your
X-API-Secretcan create payloads (sign requests) on behalf of your application. If abused, this can damage the reputation of your application immensely. Please never implement the xumm API in a scenario where calls are made from the client side: only call the xumm API from your application backend, always ensuring you keep your xumm API secret safe on the server side.
If you think your API Secret has been exposed or compromised, re-generate a new secret immediately in the xumm Developer Dashboard.
Updated 7 months ago