DEV Community

Cover image for XUMM PYTHON SDK: 5. Security & finishing touch 🎉
Denis Angell
Denis Angell

Posted on

 

XUMM PYTHON SDK: 5. Security & finishing touch 🎉

Previous: 4. Verify the results ⛑ and push 🚀

If you have made it this far, you may want to actually build something (even if it's just a hobby project) using the XUMM SDK. If you do, please VERIFY THE PAYLOAD RESULT ON the XRP LEDGER.

You can use the XRPL-PY package, or use the sdk.get_transaction(txHash) method to do this by relying on the XUMM platform to fetch the on ledger transaction outcome for you, or, for example, by using the xrpl-py package to verify 'locally'.

By using the xrpl-py package, you can connect to one of the public XRP ledger nodes and verify the transaction. To do so, add the xrpl-py package to your project by entering this in the terminal: pip3 install xrpl-py. You can then verify a transaction as per the package documentation.

Pay special attention to the balanceChanges response.
❗ There are several reasons why you need to check. For example, a payment can yield a different result (eg. lower amount sent) than requested!

It is your responsibility to check the transaction outcome returned from the XRP ledger rather than relying on XUMM telling you that a transaction has been signed. For example if:

  • The user signed successfully in XUMM, but with a key that is no longer valid for a certain account (because multisign has been configured, an account has been rekeyed, etc.)
  • The user sent a Partial Payment (e.g., sending EUR to deliver XRP, while the owned amount of EUR was insufficient due to exchange rate slippage)
  • The user tried to trick you into accepting a testnet payment, by signing with a funded Testnet account Please take a look at this sample code implementing the xrpl-py package to verify on ledger balance changes for a signed XUMM payload.

Blog.5.1

That's it! You made it 🎉

Thank you for reading this tutorial! We hope you had fun! If you have questions, suggestions, something to share: our contact details are available at https://xrpl-labs.com :)

Resources 📚

If you want to learn more about the XUMM SDK PY, platform, documentation, etc., make sure to check out:

The XUMM SDK (PY) readme
The XUMM SDK (PY) source code
The XUMM API documentation & API reference
XUMM (end user) support docs
In case of questions: support@xumm.app
Thank you XRP Community!

... For checking, correcting & testing the SDK & tutorial!
@technotip, @calvincs, @wenusch, @alloyxrp, @rippleitinnz, @Ubbah, @enclavia, @WormholeMech, @Chicles_, @3N0RYM, @XrpSpark, @devnullinator, @Vetjes, @kevinking64, @Kujistudios, @nodehash, @4thMadHatter, @Vkumzy, @CarpeDiemXRP, @Hex539, @xrplosion1, @chemical_realm, @RossMacFirdeen

Top comments (0)