Drop Wallet Documentation

English

Español
Français
Deutsch
中文
Português
Türkçe
हिन्दी
日本語
한국어
Bahasa Indonesia

English

Español
Français
Deutsch
中文
Português
Türkçe
हिन्दी
日本語
한국어
Bahasa Indonesia

Appearance

App ID

appId is a UUID the Drop wallet uses to look up per-dApp configuration at the edge. It controls three things:

  1. Which parent origins may embed the wallet. The Drop wallet edge function sets a dynamic Content-Security-Policy: frame-ancestors <your-origins> header on every response. A dApp trying to iframe the wallet from an unregistered origin is blocked by the browser before any code runs.
  2. Feature flags. Individual dApps can opt into or out of features (additional chains, extra assets, etc.) without affecting other integrations.
  3. Analytics scope. Storage, analytics and per-partner state are keyed by appId so your integration is cleanly isolated.

INFO

appId is optional in local development. You can omit it or pass any UUID and the wallet will fall back to a localhost-only CSP. It becomes required once you deploy to a public origin.

Register an App ID

There is no self-service portal today — registration is a PR against the partner database.

  1. Generate a UUID v4 (e.g. uuidgen or crypto.randomUUID()).

  2. Open a pull request against apps/web/shared/partners.ts adding an entry for your dApp:

    ts
    const PARTNERS: Record<string, AppConfig> = {
  // ... existing entries
  '<your-uuid>': {
    domains: ['your-app.com', '*.your-app.com'],
    assets: { additionalEnabled: [] },
  },
}

  3. Once the PR is merged and the wallet redeploys, the entry is live.

domains

Strings are matched against the browser-reported frame-ancestors origin using wildcard-match. You can list bare hostnames (your-app.com), wildcards (*.your-app.com), or full origins including protocol (https://your-app.com). When you pass a hostname, both http:// and https:// variants are accepted.

localhost and 127.0.0.1 are always allowed regardless of domains, so you can develop against an unregistered or empty-domain appId without extra ceremony.

assets.additionalEnabled

A list of extra chain IDs to surface in the wallet UI beyond the default set. Leave as [] if you only need the defaults.

Using your App ID

Pass the UUID as appId when creating the wallet:

tsx
const wallet = createWallet({
  appId: '424306bd-e3ae-40c0-902b-dffb1f18c7cc',
  providers: {
    solana: true,
  },
})

The SDK forwards it to the iframe as ?appId=<uuid> — there is no runtime handshake you need to perform.

What happens if the App ID is wrong?

  • Unknown UUID — the edge function falls back to NO_APP_CONFIG, which only allows localhost and 127.0.0.1. The wallet will fail to load on your production origin with a CSP violation in the browser console.
  • Wrong domains — same as above: the browser blocks the iframe before any wallet code executes.
  • Missing UUID — same as "unknown UUID" above. Intentional, so dropping the appId cannot accidentally broaden your allow-list.