A one time token will be appended to your xApp launch URL (GET parameter). The "one time token" is only valid for one minute and can be retrieved only once.
Calling the XUMM API from your frontend / xApp
The XUMM API is not supposed to be called from your frontend (for security reasons). Your XUMM tokens could be used by a 3rd party to trick users into signing sign requests.
- You can use the xApp JWT flow for direct interaction between your frontend and the XUMM platform
- You can use the JS/TS SDK to build your own backend.
- You can use our ready to use NodeJS-proxy if you need a simple back end for your SPA / frontend WebApp: https://github.com/XRPL-Labs/xapp-proxy-for-xumm-api
See subpage: Re-fetch OTT data
See subpage: OTT Response details