The Sign Confirmation feature allows you to protect users from front-end attacks when using Magic’s UI for on-chain signature requests such as Transaction Signing, Personal Signatures, and NFT Transfer by popping them out to a safe, Magic-hosted browser window to confirm the action.
- Dedicated Wallets are by default opted out of Magic's Signature Request UI and Sign Confirmation, but we do recommend that you enable both to enhance wallet security
- Universal Wallets are all opted into this security feature by default
Universal wallets will soon be merged with Dedicated Wallets into a single product line. Universal apps created before February 7, 2024 will work as expected with no change. See our blog post to learn more.
When users connect their wallet to an app (like yours!) or send tokens to another wallet, they are performing an on-chain transaction. Magic provides Signature Request UI that you can enable in the developer dashboard so users are prompted to approve these actions before it is executed.
However, malicious front-end attacks can attempt to trick users into performing unintended actions by overlaying malicious content on top of legitimate websites or applications such as your own. By opting into the Sign Confirmation feature, you add an extra layer of security to users’ wallets, preventing front-end attacks and ensuring that they can more safely confirm transactions.
To enable the Sign Confirmation feature in the user wallets of your app, follow these steps:
- Go to the Magic Dashboard and sign into your developer account
- Go to your Dedicated Wallet app for which you would like to enable this feature
- Go to “Settings” on the left navigation bar, scroll down to the “Sign Confirmation” section, and click "Edit" in the top right corner
- Toggle on “Enable confirmation in new tab” and click “Save”
See how to brand this experience with your own logo and colors in the customization section.