During xApp development, you will most likely test in your (desktop) browser, appending the OTT information (and style param.) you retrieved after initially calling your xApp from XUMM.

During xApp development, you will most likely test in your (desktop) browser, appending the OTT information (and style param.) you retrieved after initially calling your xApp from XUMM.

🚧

Note

The documentation on this page only applies when using the XUMM SDK / building your own DIY backend using the regular XUMM platform API endpoints.

If you are using the xApp JWT flow, you can easily re-fetch OTT's (and obtain a JWT) by whitelisting your Device ID in the XUMM Developer Console.

When your xApp URL (for example) is:
https://myxapp.domain.com/
it will be called with the OTT and style params:
https://myxapp.domain.com/?xAppToken=...&xAppStyle=...

You then take the URL (query) xAppToken param, and feed it to the API (see documentation on this page) or the XUMM SDK (Sdk.xApp.get(...)) method.

Normally, an OTT expires after fetching it. For testing purposes, it makes sense to be able to re-fetch the same OTT so you can refresh your webapp after making changes.

To allow an OTT to be re-fetched (over and over again, for development purposes), you can append a slash followed by a sha1 hash to the xAppToken.

When using the API, instead of using this route:
xapp/ott/:token
you will use:
xapp/ott/:token/:hash

When using the SDK, instead of using:
Sdk.xApp.get(xAppToken)
you will use:
Sdk.xApp.get(xAppToken + '/' + hash)

The sha1 hash can be computed this way:

const crypto = require('crypto')

const data = `${xAppToken}.${myXummAppSecret}.${myXummDeviceId}`
const hash = crypto
  .createHash('sha1')
  .update(data.toUpperCase())
  .digest('hex')

The data constant contains (separated by dots, finally: uppercased):

  • Specific xApp token (in the URL of your xApp as called)
  • XUMM API Secret
  • Your Device ID (open XUMM, go to Settings, go to Advanced)