Implementation checklist

This article presents a concise implementation checklist for developers using Xumm. By following these steps, you can ensure a smooth and secure integration whilst optimizing the user experience.

Verify transactions on ledger: Secure Payment Verification

Fetch Payload Results: Trigger your application to fetch payload results after receiving a Webhook callback.
Inspect Payload Output: Confirm meta.resolved and meta.signed are both true in the payload output.
Identify Dispatched Node Type: Ensure response.dispatched_nodetype is "MAINNET" for real payments.
Validate Transaction ID: Validate the response.txid value on the ledger.
Examine Delivered Amount: Confirm the meta.delivered_amount equals the expected payment amount.
Use xrpl-txdata Package: Establish a connection to the XRP Ledger, fetch the transaction by hash, and cross-verify transaction details with the XRPL ledger.

Consider the end user network: Networks

Network Independence: Use the Xumm API/SDK, which operates independently of the network, to allow users the freedom of network choice.
Network Information: Ensure the results of a signed payload include the network the user was on during the signing.
Forced Network Identifier: Check for the expected result in the Payload results or specify a particular network using a forced network identifier in a payload.
OTT Data: Utilize xApp OTT data, including network information, to better manage transactions.
When linking to Transaction Details using a Transaction Explorer, consider using our helper tooling: Tx Explorer(s)

Verify Webhook signatures: Signature verification

Secure Your Webhooks: Implement appropriate security measures.
Verify Payloads: Authenticate received payloads.
Error Handling: Develop robust error management mechanisms.

Protecting your application from the "partial payments exploit" is crucial when implementing payment functionalities. Instead of relying on the Amount field, which merely indicates the transaction instruction, you should base your logic on the delivered_amount field in the transaction metadata. The Amount field is the instruction, and the delivered_amount metadata field is the result. For more detailed information, please refer to the XRPL.org documentation.
xApps: Requirements

xApp Creation & Audit: Anyone can create sandbox xApps, but public release requires an audit by XRPL Labs for user safety, compliance, and value addition.
User Experience: xApps must be self-explanatory, prevent dangerous mistakes, and provide a unique experience tailored to Xumm users.
Technical & Styling Standards: xApps must meet Xumm's technical guidelines and respect or have unique styling.
Transparency & Support: Developers cannot be anonymous and must provide a clear support workflow, terms & conditions, and a privacy statement.

PreviousPush permission NextProtocol specific checks

Last updated 12 months ago