What happens when you import
Think of this like unlocking a wallet app. The secret is only needed locally so your browser can prove to XRPL that the transaction is yours.
No normal swap flow sends your seed to our server. Your wallet secret is used inside your browser to sign the transaction. The server receives the already-signed transaction, not the seed, not your PIN, and not your decrypted wallet.
Think of this like unlocking a wallet app. The secret is only needed locally so your browser can prove to XRPL that the transaction is yours.
Public blockchain data is public. Wallet secrets are different. The app does not need raw secrets to quote, sign, or submit a swap.
Security is strongest when the site and the user both do the right thing.
The wallet module uses browser WebCrypto to derive a PIN key and encrypt the vault locally.
PBKDF2-SHA256 iterations: 210000 Vault encryption: AES-GCM 256 Storage: local browser vault blob Unlock: PIN required before signing
The relay submit endpoint validates a signed hex tx_blob. The endpoint is not designed to receive a seed or PIN.
POST /api/xrpl-relay/submit
body: { "tx_blob": "SIGNED_HEX_TRANSACTION" }
No seed field. No PIN field. No decrypted wallet.tx_blob data after local signing.