Xverse Wallet Permissions
Motivation
Sats Connect mediates interactions between your app and your user's Xverse wallet through appropriate user consent.
XvereseWallet Permissions allow your app to reduce user friction and avoid prompting the user for consent on every action.
Request read access to a wallet account's addresses and holdings
To allow for a smooth user experience and avoid prompting your user repeatedly for the authorisation to access their account data, your app remains connected to the user's account after the initial connection request.
While connected, your app has permission to read account data using any of the below methods, without additional prompts to the user:
π π΄ getAccount
π getAddresses
π getBalance
π¨ ord_getInscriptions
π² runes_getBalance
π΄ stx_getAccounts
Request a transaction or message signature from the wallet account
Sats Connect currently still requires user authorisation for every transaction or message signature. Every Bitcoin or Stacks transaction or message signature request will prompt the user for approval.
We may introduce transaction & message permissions in the near future to help apps reduce user friction. If your app requires them, reach out in our developer forum π
Request Xverse Wallet Permissions
You can use request("wallet_requestPermissions")
to prompt the user for the authorisation to access their account data.
If the user had not granted your app permissions already, they will be prompted to approve a connection request from your app.
Note that reading account data is currently the single type of permission available. This permission is automatically requested with the connect
method
When retrieving data from the wallet account using methods that require permission, the general flow can be:
request("example-method")
(e.g. π getBalance)
If your app has read permission -> the method will successfully return the required data
If your app does not have permission -> the method will throw
1) you can use
request("wallet_requestPermissions")
. This will show a connection popup to the user asking them to accept the request.2) Once your user grants you permission, you can
request("example-method"
again
Example: Requesting a connection when a request has insufficient permissions
Get your current Xverse Wallet Permissions
You can use wallet_getCurrentPermissions
to determine whether the user's wallet account is connected to your app, and query the current permissions granted to your app for that account.
Property | Description |
---|---|
type | The type of resource represented by the object Example: |
clientId | The client identifier associated with the request or resource access. This can be a URL or an identifier for the client application accessing the resource |
resourceId | A unique identifier for the resource (e.g., an account). |
actions | An object representing the actions that are allowed or permitted on the resource. |
Renounce Xverse Wallet Permissions
You can clears your app's permissions for all wallet accounts with request("wallet_renouncePermissions")
, effectively disconnecting users from your app.
Last updated