VAULT_AUTH
A truly blackholed XRPL vault — no master key, no regular key, controlled only by its signer list — used to be able to store funds but never use them. X-Multi changes that with on-ledger authentication: any dApp can verify a vault's sign-in directly from the blockchain in a few lines of code.
The same protocol works for personal r-addresses too — log into dApps without a wallet extension, prove you control your address with a single on-chain signature.
The gap this fixes
Every XRPL dApp login asks for a single-key signature. Truly blackholed vaults have no single key — that's the entire point of being decentralized. So a CTO project, a DAO treasury, or any multisig-only account couldn't sign into a DEX, an NFT marketplace, or a DeFi protocol — locked out of the entire ecosystem of XRPL apps despite being the most secure way to hold value on the ledger.
Quorum signs the proof
The vault's required signer set co-signs the sign-in transaction. The dApp sees the signers in tx.Signers and treats the proof as authorization by the whole vault.
User signs the proof themselves
No wallet extension required. The user signs the same proof shape with their own key. tx.Signersis empty — that's how the dApp knows it's a personal proof.
The flow, end to end
The same five steps work for both account types. Vaults need quorum approval; personal accounts skip the quorum step. Same on-chain proof shape, same verifier code, same result.
The dApp shows a 'Sign in with X-Multi' button (or a QR code). It includes a session token — a random nonce that proves the login attempt is fresh.
The user is taken to X-Multi. They see exactly which dApp is asking, which vault will sign, and the session details. Nothing happens unless they explicitly approve.
For a vault: the required number of signers (the vault's quorum) co-sign a tiny self-payment carrying the dApp's session token in a memo. For a personal account: the user signs it themselves with their own key. Either way, no private key leaves any device.
X-Multi submits the transaction to the XRP Ledger. Cost: about 0.00001 XRP for personal proofs, ~0.0002 XRP for vault proofs (the multisig fee scales with signer count). Settles in 3–4 seconds, just like any other XRPL payment.
The dApp calls a public verify endpoint with the transaction hash. The endpoint checks the signature, account, and session token directly from the blockchain, and reports back whether the proof was minted by a vault or a personal account. If everything matches, the user is in — as the account that signed.
Why this matters
No private key revealed
Signers (or the personal account holder) approve from their own devices. Keys never leave the browser. The dApp only ever sees the on-chain transaction — never any signing material.
Cryptographic, not custodial
Verification reads directly from the XRP Ledger. Nothing depends on X-Multi's servers being up. If X-Multi vanished tomorrow, every existing proof — vault or personal — would still be verifiable.
Open spec, anyone can integrate
The protocol is published as X-Multi Auth v1.1 — covers both VAULT_AUTH sign-in and cross-device sign requests. Any dApp can adopt either or both in a few lines. We don't gate the spec, the verifier, or the standard.
Beyond sign-in
VAULT_AUTH proves identity. The same protocol family also lets dApps request signatures for any individual transaction — payments, NFT offers, swaps — without requiring the user to install a wallet extension.
Site calls requestSignature() with the unsigned tx, gets back a URL pointing at xmulti.app/sign/<id>, encodes it as a QR.
X-Multi PWA on the phone scans the QR, lands on the review page, shows the tx fields and the requesting domain. The user reviews and approves.
The phone signs locally, submits to the XRPL, and posts the resulting tx hash back. The dApp's polling loop sees submitted and continues with the hash.
Personal accounts only
Vaults still need quorum coordination — those run through the proposal flow on xmulti.app/vaults rather than scan-and-sign-once. A dApp can pair both protocols: VAULT_AUTH for sign-in (vault or personal), then sign requests for per-tx signing once a personal user is logged in.
We built a working third-party dApp simulator. Paste any X-Multi vault auth transaction hash and watch the verify endpoint pull live proof off the XRPL.
For developers
Add VAULT_AUTH + sign requests to your dApp
Either pull @x-multi/sdk for one-line integration, or hit the public verify endpoint directly with no dependency at all. The full spec is published at xmulti.app/specs/xmulti-auth-v1.md.