Xverse Wallet Permissions
Last updated
Last updated
Sats Connect mediates interactions between your app and your user's Xverse wallet through appropriate user consent.
XvereseWallet Permissions allow your app to reduce user friction and avoid prompting the user for consent on every action.
To allow for a smooth user experience and avoid prompting your user repeatedly for the authorisation to access their account data, your app remains connected to the user's account after the initial connection request.
While connected, your app has permission to read account data using any of the below methods, without additional prompts to the user:
Sats Connect currently still requires user authorisation for every transaction or message signature. Every Bitcoin or Stacks transaction or message signature request will prompt the user for approval.
We may introduce transaction & message permissions in the near future to help apps reduce user friction. If your app requires them, reach out in our developer forum
You can use request("wallet_requestPermissions")
to prompt the user for the authorisation to access their account data.
If the user had not granted your app permissions already, they will be prompted to approve a connection request from your app.
Note that reading account data is currently the single type of permission available. This permission is automatically requested with the connect
method
When retrieving data from the wallet account using methods that require permission, the general flow can be:
If your app has read permission -> the method will successfully return the required data
If your app does not have permission -> the method will throw
1) you can use request("wallet_requestPermissions")
. This will show a connection popup to the user asking them to accept the request.
2) Once your user grants you permission, you can request("example-method"
again
Example: Requesting a connection when a request has insufficient permissions
You can use wallet_getCurrentPermissions
to determine whether the user's wallet account is connected to your app, and query the current permissions granted to your app for that account.
type
The type of resource represented by the object Example: "wallet" | "account"
clientId
The client identifier associated with the request or resource access. This can be a URL or an identifier for the client application accessing the resource
resourceId
A unique identifier for the resource (e.g., an account).
actions
An object representing the actions that are allowed or permitted on the resource.
You can clears your app's permissions for all wallet accounts with request("wallet_renouncePermissions")
, effectively disconnecting users from your app.
request("example-method")
(e.g. getBalance)