A function used to simultaneously sign and post transactions to the network.
Table of Contents
signAndPostTxns, which accepts an array of
WalletTransactions, and posts them to the network.
export type SignAndPostTxnsFunction = ( txns: WalletTransaction, opts?: any, ) => Promise<PostTxnsResult>;
Allows the user to be sure that what they are signing is in fact all that is being sent. Doesn’t necessarily grant the DApp direct access to the signed txns, though they are posted to the network, so they should not be considered private.
Exposing only this API instead of exposing
postTxns directly is potentially safer for the wallet user, since it only allows the posting of transactions which the user has explicitly approved.
In case the wallet uses an API service that is secret or provided by the user, the wallet MUST ensure that the URL of the service and the potential tokens/headers are not leaked to the dApp.
Leakage may happen by accidentally including too much information in responses or errors returned by the various methods. For example, if the nodeJS superagent library is used without filtering errors and responses, errors and responses may include the request object, which includes the potentially secret API service URL / secret token headers.
For dApps using the
signAndPostTxns function, it is RECOMMENDED to display a Waiting/Loading Screen to wait until the transaction is confirmed to prevent potential issues.
The reasoning is the following: the pop-up/window in which the wallet is showing the waiting/loading screen may disappear in some cases (e.g., if the user clicks away from it). If it disappears, the user may be tempted to perform again the action, causing significant damages.
Copyright and related rights waived via CCO.
Please cite this document as:
DanBurton, "ARC-8: Algorand Wallet Sign and Post API," Algorand Requests for Comments, no. 8, August 2021. [Online serial]. Available: https://algorandfoundation.github.io/ARCS/arc-8.