⚠️ Secure payment verification

Once a payment has been sent and the XUMM platform payload resolves, there are some checks to perform.

So a payload completed the entire Payload life cycle. A payload was created, a user opened the payload, signed a transaction and XUMM sent the transaction to the XRP Ledger.

Now your application will receive (if configured, highly advisable) a WebHook callback, which should trigger your application to fetch the payload results.

You can also (highly advisable) fetch the payload results again on your "thank you" / return page, in case you didn't persist the payload results after receiving a webhook.

You now have your payload results, payload details with transaction information. There are a couple of remaining steps to make sure you REALLY did get paid. The steps below assume a regular Payment transaction in XRP was signed.

  1. Check if the Payload output contains meta.resolved. This value should be true, otherwise the payload is still pending (waiting for user interaction). Alternatively the Payload has been abandoned by the user.
  2. Check if the Payload output contains meta.signed. This value should be true, otherwise the user didn't sign the transaction.
  3. Check the response.dispatched_nodetype value. If you are expecting a real payment, make sure this value contains MAINNET. If you don't, you may be tricked into accepting a TESTNET payment.
  4. Check the response.txid value: this is the on ledger transaction hash. You have to verify this transaction on ledger. Please note that it may take ~4 seconds for a ledger to close, and slightly longer for the ledger and transaction info to propagate. You may want to repeat async/delay fetching this info if you don't get a result at first, or if your result contains a validated: false value. We have a helper lib (JS/TS) to fetch this data.
    XRPL Transaction Data fetcher npm versionnpm version GitHub Actions NodeJS statusGitHub Actions NodeJS status CDNJS BrowserifiedCDNJS Browserified CDNJS Browserified MinifiedCDNJS Browserified Minified
    Alternatively you could use the JSON RPC (HTTP POST) method at eg. https://xrplcluster.com.
  5. After you fetched the transaction details, check the meta.delivered_amount value, to see if the amount of XRP (in drops, one million drops = one XRP) equals the expected amount to be paid.