The Sign Confirmation feature allows you to protect users from front-end attacks when using Magic’s UI for on-chain signature requests such as Transaction Signing and Personal Signatures by popping them out to a safe, Magic-hosted browser window to confirm the action.

Compatibility

  • Wallets are by default opted out of Magic’s Signature Request UI and Sign Confirmation, but we do recommend that you enable both to enhance wallet security

Use cases

When users connect their wallet to an app or send tokens to another wallet, they are performing an on-chain transaction. Magic provides Signature Request UI that you can enable in the developer dashboard so users are prompted to approve these actions before it is executed. However, malicious front-end attacks can attempt to trick users into performing unintended actions by overlaying malicious content on top of legitimate websites or applications such as your own. By opting into the Sign Confirmation feature, you add an extra layer of security to users’ wallets, preventing front-end attacks and ensuring that they can more safely confirm transactions.

Usage

To enable the Sign Confirmation feature in the user wallets of your app, follow these steps:
  1. Go to the Magic Dashboard and sign into your developer account
  2. Go to your app for which you would like to enable this feature
  3. Go to Settings on the left navigation bar, scroll down to the Sign Confirmation section, and click Edit in the top right corner
  4. Toggle on Enable confirmation in new tab and click Save

Configuration

See how to brand this experience with your own logo and colors in the customization section.