Skip to main content
Walley supports connections to external decentralized applications (dApps) built on or integrated with the Canton Network. When you connect a dApp, you authorize it to send method requests to your wallet and request your approval for specific actions. This connection model keeps you in control — Walley presents every request for your review before anything is signed or submitted. This guide explains how connections work, what data is exchanged, and how to manage or revoke access.
Walley connects your wallet to external, third-party dApps that are not developed, audited, or controlled by Walley. You are solely responsible for the dApps you choose to connect to and the requests you choose to approve. Always verify the source and intent of any request before signing.

What dApp Connections Are

A dApp connection is a session-based link between an external application and your Walley wallet. Once connected, the dApp can submit method requests — such as asking you to sign a transaction or authorize a contract action — which Walley surfaces in the Connections interface for your explicit approval. Connecting a dApp does not grant it automatic access to your assets or the ability to execute transactions without your consent. Every request still requires your review and approval inside Walley.

How to Connect a dApp

1

Initiate the connection from the dApp

Open the external dApp and locate its Connect Wallet or equivalent option. Select it to generate a connection request directed at Walley.
2

Walley receives the connection request

Walley detects the incoming connection request and displays a review prompt. The prompt shows the dApp name (if provided), the requested connection scope, and the session metadata.
3

Review the connection details

Before approving, verify:
  • The dApp identity matches the application you intended to connect.
  • The requested permissions and connection scope are appropriate.
  • You recognize and trust the source of the request.
4

Approve the connection

Select Approve to establish the connection session. Walley assigns a unique connection session ID to this link, which the dApp uses to route future requests to your wallet.
If you did not initiate the connection request yourself, do not approve it. Unexpected connection requests may indicate an attempt to link your wallet to an unauthorized application.

What Data Is Shared

When you connect a dApp to Walley, the following data is exchanged as part of the connection and approval flow:
  • Connection session ID: A unique identifier scoping the dApp’s access to this specific session.
  • Method requests: The specific wallet actions the dApp asks you to perform (e.g., sign a transaction, read a contract state).
  • Approval flow metadata: Timestamps, request identifiers, and outcome data (approved or rejected) for each request you action within the session.
Connecting a dApp does not expose:
  • Your private keys or signing credentials.
  • Your full asset holdings or balance details (unless a specific method request asks for this and you approve it).
  • Other active connection sessions or their data.
  • Your Party Hint or party ID unless explicitly shared by you or required by an approved method request.

Reviewing and Approving dApp Requests

Once a dApp is connected, it may send method requests at any time during the active session. Each request appears in Walley’s Connections → Pending Requests view.
1

Open Pending Requests

Navigate to Connections in the sidebar and select the Pending tab to see all outstanding requests from connected dApps.
2

Inspect the request

Select a request to expand its details. Walley displays the method type, the dApp session that sent it, and the full parameters of the requested action.
3

Approve or reject

Select Approve to sign and submit the action, or Reject to decline it. Walley records your decision as part of the session’s approval metadata.
Read every request carefully before approving. Approving a method request may result in an on-ledger transaction that is irreversible. If a request’s intent or parameters are unclear, reject it and contact the dApp provider for clarification before proceeding.
Legitimate dApps describe their requests in plain language. Be cautious of any request that uses opaque identifiers, asks for unusual permissions, or does not match the action you expected to take in the dApp.

Managing Active Connections

Walley displays all active dApp connection sessions in the Connections tab.
1

View active connections

Navigate to Connections to see a list of all currently active sessions, including the dApp name (if available), connection session ID, and the time the session was established.
2

Revoke a connection

Select the connection you want to remove and choose Revoke. Walley immediately terminates the session. The dApp loses the ability to send new requests through that session ID.
Revoking a connection does not reverse any actions that were already approved and submitted on-ledger during the session. It only prevents future requests from that session.

API and SDK Integration

If you access Walley programmatically through its API or SDK, you are responsible for securing your integration environment. This includes:
  • Storing API tokens and credentials securely — never commit them to source control or expose them in client-side code.
  • Managing session lifecycle appropriately: invalidate tokens when they are no longer needed.
  • Ensuring your integration environment is protected against unauthorized access — this includes any servers or machines that hold your credentials.
Walley’s API grants programmatic access to wallet actions on behalf of your party. A compromised API token can allow an unauthorized party to submit requests as you. Treat API credentials with the same care as your wallet signing credentials.