# Implementation checklist * [ ] **Verify transactions on ledger:** [Secure Payment Verification](/concepts/payloads-sign-requests/verify-transactions.md) 1. **Fetch Payload Results:** Trigger your application to fetch payload results after receiving a Webhook callback. 2. **Inspect Payload Output:** Confirm `meta.resolved` and `meta.signed` are both true in the payload output. 3. **Identify Dispatched Node Type:** Ensure `response.dispatched_nodetype` is "MAINNET" for real payments. 4. **Validate Transaction ID:** Validate the `response.txid` value on the ledger. 5. **Examine Delivered Amount:** Confirm the `meta.delivered_amount` equals the expected payment amount. 6. **Use xrpl-txdata Package:** Establish a connection to the XRP Ledger, fetch the transaction by hash, and cross-verify transaction details with the XRPL ledger. * [ ] **Consider the end user network:** [Networks](/concepts/payloads-sign-requests/networks.md) 1. **Network Independence:** Use the Xumm API/SDK, which operates independently of the network, to allow users the freedom of network choice. 2. **Network Information:** Ensure the results of a signed payload include the network the user was on during the signing. 3. **Forced Network Identifier:** Check for the expected result in the Payload results or specify a particular network using a forced network identifier in a payload. 4. **OTT Data:** Utilize xApp OTT data, including network information, to better manage transactions. 5. When linking to Transaction Details using a Transaction Explorer, consider using our helper tooling: [Tx Explorer(s)](/concepts/payloads-sign-requests/tx-explorer-s.md) * [ ] **Verify Webhook signatures:** [Signature verification](/concepts/payloads-sign-requests/status-updates/webhooks/signature-verification.md) 1. **Secure Your Webhooks:** Implement appropriate security measures. 2. **Verify Payloads:** Authenticate received payloads. 3. **Error Handling:** Develop robust error management mechanisms. * [ ] **Protecting your application from the "partial payments exploit"** is crucial when implementing payment functionalities. Instead of relying on the `Amount` field, which merely indicates the transaction instruction, you should base your logic on the `delivered_amount` field in the transaction metadata. The `Amount` field is the **instruction**, and the **delivered\_amount** metadata field is the result. For more detailed information, please refer to the [XRPL.org documentation](https://xrpl.org/partial-payments.html#the-delivered_amount-field).\\ * [ ] **xApps**: [Requirements](/environments/xapps-dapps/requirements.md) 1. **xApp Creation & Audit:** Anyone can create sandbox xApps, but public release requires an audit by XRPL Labs for user safety, compliance, and value addition. 2. **User Experience:** xApps must be self-explanatory, prevent dangerous mistakes, and provide a unique experience tailored to Xumm users. 3. **Technical & Styling Standards:** xApps must meet Xumm's technical guidelines and respect or have unique styling. 4. **Transparency & Support:** Developers cannot be anonymous and must provide a clear support workflow, terms & conditions, and a privacy statement. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.xaman.dev/concepts/implementation-checklist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.