This page will help you get started with xumm platform API
The xumm API can be called using an API Key and API Secret, which can be obtained from the Developer Console: https://apps.xumm.dev/
The xumm API is designed to be called from a server to server (backend) environment. Always send requests from your application frontend to your own application_backend**, and call the xumm API** from your application backend.
The API Key and API Secret are sent to the xumm API using HTTP headers. See: https://docs.xumm.dev/concepts/payloads-sign-requests
Anyone in possession of your
X-API-Secret
can create payloads (sign requests) on behalf of your application. If abused, this can greatly damage the reputation of your application. Please, never implement the xumm API in a scenario where calls are made from the client side. Only call the xumm API from your application backend, keeping your API secret safe on the server side.