Xaman Developer Docs
Developer ConsoleAPI Endpoints
  • Build on Xaman
  • Concepts
    • Getting started
      • Terminology
      • Developer Education
    • 🔐Authorization & Credentials
    • Payloads (sign requests)
      • 🚨Secure Payment Verification
      • Workflow
      • Lifecycle
        • Sample POS lifecycle
      • Payload Delivery
        • Deep Linking
        • QR Scanning
        • Push
        • xApps
        • Mobile (iOS/Android)
        • Desktop browser
      • Status updates
        • Websocket
        • Webhooks
          • Signature verification
        • API Call (polling)
      • Networks
      • Payload Return URL
      • Tx Explorer(s)
    • Special Transaction Types
    • Limitations
      • Rate limits
      • Transaction types
      • Push permission
    • Implementation checklist
      • Protocol specific checks
  • Environments
    • 🌎Browser ("Web3")
      • CORS (Browser)
    • 📱xApps ("dApps")
      • Requirements
      • Develop & Test
      • CORS (xApp)
      • Xumm UI interaction
      • Your own backend (Auth)
      • Style guide
      • Development & Debugging
      • xAppBuilder 🏗️
        • Connecting localhost to xAppBuilder
        • xAppBuilder FAQ
    • 📂Backend (SDK / API)
      • User identification payloads
    • 🎛️Native Apps
    • 🙇Identity (OAuth2, OpenID)
      • Test Tools
  • JS/TS SDK
    • Xaman SDK (Intro)
    • Examples / User stories
      • Sign Requests (payloads)
        • Browser
        • xApp
        • Backend
      • Verify Payload signature
      • Simple Sign Request
    • 📦SDK (syntax)
      • Xumm.ping()
      • Xumm.on(event, fn)
      • Xumm.off(event, fn)
      • Xumm.helpers { … }
        • ping()
        • getRates( … )
        • getRails()
        • getHookHash( … )
        • getHookHashes()
        • getCuratedAssets()
        • getNftokenDetail( … )
        • getKycStatus( … )
        • verifyUserTokens([ … ])
        • getTransaction( … )
      • Xumm.user { … }
      • Xumm.environment { … }
      • Xumm.payload { … }
        • create( … )
        • createAndSubscribe( … )
        • cancel( … )
        • subscribe( … )
        • get( … )
      • Xumm.xapp { … }
        • ready()
        • openSignRequest({ … })
        • selectDestination({ … })
        • scanQr()
        • tx({ … })
        • close({ … })
        • share({ … })
        • navigate({ … })
        • openBrowser({ … })
        • on(xAppEvent, fn)
        • off(xAppEvent, fn)
      • Xumm.userstore { … }
        • list()
        • get( … )
        • delete( … )
        • set( … , { … } )
      • Xumm.backendstore { … }
        • get()
        • set({ … })
        • delete()
      • Xumm.push { … }
        • event( … )
        • notification( … )
      • Xumm.runtime { … }
      • Xumm.authorize()
      • Xumm.logout()
Powered by GitBook
On this page
  • Replacement variables
  • Routing / origin logic
  • Sample payload body

Was this helpful?

Edit on GitHub
Export as PDF
  1. Concepts
  2. Payloads (sign requests)

Payload Return URL

After a user signs a payload, a user can return to a URL (your website / app).

The Return URL (return_url) determines where the user is sent when the payload is signed. If none is given, the user will simply be displayed Close button in Xumm. Otherwise, the user will be presented a button which launches the Return URL.

Warning! iOS and Android do not allow the user to return to the browser tab they came from (if your flow starts in a browser). Make sure you restore state based on the payload / session / custom identifier or custom metadata assigned to the payload.

When a payload is created using the Xumm SDK in an xApp flow, the return URL is ignoded as the user will return to the xApp post signing, where an SDK event will be triggered.

Replacement variables

You can add the following replacement tags in your Return URL. They will be replaced with the appropriate values by Xumm.

  • {id} will be replaced with the xumm payload UUID.

  • {cid} will be replaced with the optional custom payload identifier.

  • {txid} will be replaced with the signed transaction hash.

  • {txblob} will be replaced with the signed transaction HEX blob.

Routing / origin logic

If both the app and web return URL values are present, and if they are identical, the XUMM platform will execute logic to see if the user is coming from a browser tab (local device or remote, e.g. desktop browser). If so, and if the origin browser window is still active, only the origin browser window will redirect, and the app won't. Else (if the browser window is not active anymore) XUMM will redirect to the return URL.

This behaviour prevents a double redirect (both on mobile and on desktop / browser window).

Sample payload body

{
  "txjson": {
    "TransactionType": "..."
  },
  "options": {
    "return_url": {
      "app": "https://...",
      "web": "https://..."
    }
  }
}
PreviousNetworksNextTx Explorer(s)

Last updated 1 year ago

Was this helpful?