Obtaining a user token

The issued user token will be returned to your application using a HTTP POST to the Webhook-URL registered for you application in the xumm Developer Dashboard, and in the payload results when server side calling the xumm API at HTTP GET call to the /payload endpoint..

Getting the user token using from a webhook

After the end user resolved the sign request by signing, the configured application Webhook URL will receive a JSON body per POST request, containing the accessToken section:

{
  "meta": {
    ..
    "payload_uuidv4": "<some-uuid>"
  },
  "payloadResponse": {
    ...
  },
  "userToken": {
    "user_token": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
    "token_issued": 1635000000,
    "token_expiration": 1637500000
  }
}

πŸ‘

User token expiration

The issued user token expires 30 days after the LAST successfully signed payload of your application by the xumm user, using the same issued user token. If there's a good reason for your application to have longer living user tokens, please contact XUMM Support and explain your use case.

Getting the user token from the API

When you GET the payload results, the application.issued_user_token contains the user token.

The entire data format is specified in this type.

{
  "meta": {
    ...
    "uuid": "<some-uuid>",
    ...
  },
  "application": {
    ...
    "issued_user_token": "e5fff0d0-698d-425d-bdcf-3156e744282d"
  },
  ...
}