To publish xApps, contact XRPL Labs Support. Visit the XUMM Developer Console, register your app and read the xApp page for more information: https://apps.xumm.dev/app-xapp
» Xumm SDK: xApp (JWT) flow
Xumm UI interaction
Note: calling the XUMM API from your frontend / xApp
The XUMM API is not supposed to be called from your frontend (for security reasons). Your XUMM tokens could be used by a 3rd party to trick users into signing sign requests.
Your xApp URL will get two extra GET parameters appended when opened, with an "OTT": One Time Token, and the app style (light, dark, ...) for to render the xApp UI. The first GET param. is called
xAppToken and contains a UUID. To retrieve the environment and user data for your own xApp session, you must fetch the OTT data from the XUMM API within one minute (and only once): xapp/ott/:token.
You can find an example on consuming the OTT data using the XUMM SDK for JS/TS.
While developing your xApp, you can easily re-fetch an OTT (so: fetch the OTT without invalidating it, allowing for easy page refreshing) by whitelisting your Device ID when using the JWT endpoints, or by using a specially crafted hash when using the XUMM backend API (SDK/DIY).
The OTT data will contain the selected r-address of the XRPL account managed with XUMM, as well as the selected locale (in XUMM) and other data. When your WebApp relies on eg. browser locale, please note that you'll have to get the locale from the OTT, as the XUMM xApp frame locale will always be default.
If your xApp URL is configured as
https://my.app/?load=true, we will effectively fact call:
Updated 5 months ago