Comment on page
Authorization & Credentials
How to authorize when communicating with the Xumm platform depends on your workflow.
When communicating with the Xumm platform from your backend environment, you will need a API Key and API Secret. They can be obtained from our Developer Dashboard, and are to be passed in the
x-api-secretheaders to our platform.
Never use an API Secret obtained from the Developer Dashboard in a frontend environment! Anyone in possession of your API Secret (
x-api-secret) can create payloads (Sign Requests) on behalf of your application. If abused, this can immensely damage the reputation of your application.
- user context information
- a JWT, JSON Web Token, allowing you to make subsequent calls to our platform
Any OAuth2 (Implicit and PKCE flows both supported) client will do. Your application Native Apps can redirect the user to our platform (to be redirected to the Xumm app) to sign in after which the client will be redirected back to your application (if your application supports deep links). You will obtain a JWT (JSON Web Token) to communicate to our platform from the user context. See:Identity (OAuth2, OpenID)