Portal Team

Share the love

Want to stay updated? Subscribe below to keep in touch.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="mask0_996_165" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="2" y="1" width="46" height="46"> <path d="M47.2941 1.41177H2.11768V46.5882H47.2941V1.41177Z" fill="white"/> </mask> <g mask="url(#mask0_996_165)"> <path fill-rule="evenodd" clip-rule="evenodd" d="M16.2353 4.2353C16.2353 2.67591 17.4995 1.41177 19.0589 1.41177H44.4706C46.0301 1.41177 47.2941 2.67591 47.2941 4.2353V29.6471C47.2941 31.2065 46.0301 32.4706 44.4706 32.4706H38.8236V12.7059C38.8236 11.1465 37.5595 9.88236 36 9.88236H16.2353V4.2353ZM4.94121 15.5294C3.3818 15.5294 2.11768 16.7935 2.11768 18.353V43.7647C2.11768 45.3242 3.3818 46.5882 4.94121 46.5882H30.353C31.9124 46.5882 33.1765 45.3242 33.1765 43.7647V18.353C33.1765 16.7936 31.9124 15.5294 30.353 15.5294H4.94121Z" fill="currentColor"/> </g> </svg>
Product Updates
3 min read

Intro to Custom Signature Hooks on Portal

Integrate internal business logic into a transaction signing flow to keep users secure.

October 16, 2023

Intro to Custom Signature Hooks on Portal

Portal is excited to introduce custom signature hooks, a new way of keeping users and your business secure. To execute most transactions on a blockchain, users have to sign, or approve, the transaction. This signature verifies that the user consents to their account being involved in the action, whether it is sending an NFT, connecting a wallet to an app, or conducting a swap. With custom signature hooks, the business providing the wallet can set up a custom hook that allows them to perform internal business logic before approving or rejecting the request from the end user to sign the transaction.

What are custom signature hooks?

Custom signature hooks allow companies to trigger approval business logic based on parameters including transaction value, transaction volume, types of signature, and more. The business logic can be anything that helps the company and/or end user make good decisions during the signing request process. A couple examples are auto-approvals (eg, auto-approving transactions below a certain value or volume) and two-factor authentication (eg, requiring approval for transactions above a certain limit). Another option is performing security checks, either internal or external, to prevent malicious activity.

Why use custom signature hooks?

There are a few common reasons developers use custom signature hooks. For example: 

  • Approving transactions - Most developers will prompt a user for approval before signing a message from a dApp or Wallet Connect
  • Adding additional authentication - Developers can add extra authentication steps such as MFA to riskier transactions 
  • Checking transaction sizes - Developers can perform checks on transaction sizes to trigger specific authentication steps 

Custom signature hooks can be passive, invisible to the user, or active, designed into the frontend UX with which customers engage. 

A passive flow will generally be used to facilitate company goals, such as ensuring a user isn’t on a deny list. As such, the company can create a custom security check that is activated when a customer signs a transaction without them knowing. Transactions will continue as normal unless the user is found to be denied use of the app, at which time it will be rejected.

An active flow is visible to the user and can be used to offer a superior user experience. For example, companies can trigger MFA for transactions above a certain size, an example we will dive into next.

A common use case: MFA for large transactions

We show you how custom signature hooks can combine steps as mentioned above into a common use case: implementing multi-factor authentication (MFA) for large transactions

As you can see, the developer prompts a user for a first approval to approve the swap taking place from the dApp Uniswap, before triggering a second approval based on SMS verification from the user due to the size of the swap. This extra layer of caution ensures a secure user experience because it prevents both errors in putting in numbers as well as potential malicious behavior. 

2FA with SMS verification for large transactions (e.g. $1000)

This example shows MFA based on SMS verification, but you can use any form of verification such as biometrics or passkeys for example.

The best thing is the developer can only implement 2FA for large value transactions but keep it to a single approval for low value transactions, such as what is shown below, providing for a user experience that balances usability and security.

Single approval for small sized transactions (e.g. $50)

How developers implement custom signature hooks

Custom signature hooks feature is available across all Portal’s SDKs: React Native, iOS, Android or Web and available to all developers who integrate Portal regardless of pricing plan. 

The Portal signing approval flow is driven by a series of event hooks that take place throughout the lifecycle of a transaction. These hooks are as follows:

  • portal_signingRequested - Emitted by the Portal Web3 Provider when a new signing request is received by the Provider
  • portal_signingApproved - Emitted by you when signing a given request is approved
  • portal_signingRejected - Emitted by you when signing a given request is rejected

The additional code binds to portal_signingRequested in the following pattern:

A company can implement any business logic they desire as long as the final output is portal_signingApproved or portal_signingRejected.

Test out custom signature hooks for yourself today! Book a demo today to see this feature live.