Obtaining a user token

The issued user token will be returned to your application using a HTTP POST to the Webhook-URL registered for you application in the xumm Developer Dashboard, and in the payload results when server side calling the xumm API at HTTP GET call to the /payload endpoint..

Getting the user token using from a webhook

After the end user resolved the sign request by signing, the configured application Webhook URL will receive a JSON body per POST request, containing the accessToken section:

{
  "meta": {
    ..
    "payload_uuidv4": "<some-uuid>"
  },
  "payloadResponse": {
    ...
  },
  "accessToken": {
    "token_issued": "2020-01-20T15:41:30.575Z",
    "token_expiration": "2021-01-19T15:41:30.575Z",
    "token_accesstoken": "f695df44-aef4-4903-ac56-4498ed6341f8"
  }
}

πŸ‘

User token expiration

The issued user token expires 12 months after the LAST successfully signed payload of your application by the xumm user, using the same issued user token.

Getting the user token from the API

When you GET the payload results, the application.issued_user_token contains the user token:

{
  "meta": {
    ...
    "uuid": "<some-uuid>",
    ...
  },
  "application": {
    ...
    "issued_user_token": "e5fff0d0-698d-425d-bdcf-3156e744282d"
  },
  ...
}