Delivering Sign Requests using a push notification can be a very convenient way for end users to interact with your application: they don't even have to scan a QR code.
xApps ("dApps") and Browser ("Web3") are signed in with user context, so payloads created in those environments will automatically be pushed to the signed-in user.
This means if you're using the xApp / Browser (Web3) flow, you do not have to specify the user_token as the payloads created from the xApp / Browser (Web3) flow are automatically pushed to the signed-in user.
If you are building a backend integration, the flow is slightly different.
If your application features user sign-in (to identify your user) and you obtained a user_token from a previously signed payload from this specific user, you can add the user_token to the next payload to deliver the payload through a push notification.
The first interaction (to obtain the user_token) will always involve either: showing a QR code for the user to scan with the Xumm app or a deep link to the Xumm app to sign a payload.
A payload containing a user token looks like this:
After posting the payload the Xumm SDK/API, the response will confirm push notification delivery:
User token expiration
The issued user token expires 30 days after the last successfully signed payload of your application by the Xumm user using the same issued user token. If there's a good reason for your application to have longer living user tokens, please contact Xumm Support and explain your use case.
Obtaining the `user_token`
From a webhook
After the end user resolves the sign request by signing, the configured application Webhook URL will receive a JSON body per POST request containing the accessToken section: