The xumm API lives at
Please check out the API Docs for available endpoints and methods.
All calls to the xumm API have to contain at least these three HTTP headers:
Anyone in possession of your
X-API-Secret can create payloads (sign requests) on behalf of your application. If abused, this can damage the reputation of your application immensely. Please never implement the xumm API in a scenario where calls are made from the client side: only call the xumm API from your application backend, always ensuring you keep your xumm API secret safe on the server side.
If you think your API Secret has been exposed or compromised, re-generate a new secret immediately in the xumm Developer Dashboard.
Updated 19 days ago