The Injected Provider API is a fundamental JavaScript interface that enables communication between decentralized applications (DApps) and users' blockchain wallets directly through their web browsers. This technology allows DApps to securely request account access, read on-chain data, and facilitate the signing of messages and transactions without compromising user security.
Understanding the Injected Provider API
An Injected Provider API operates as a bridge between web applications and blockchain networks. When users install a compatible browser extension wallet, the extension "injects" this API into every website they visit. This allows DApps to interact with the user's wallet through a standardized interface.
The primary functions of this API include:
- Requesting connection to user accounts
- Reading data from connected blockchains
- Signing transactions and messages securely
- Handling authorization requests
This technology has become essential for Web3 development, enabling seamless user experiences while maintaining security protocols.
Connecting User Accounts
The connection process begins when a DApp calls the account request method:
window.okxwallet.tronLink.request(args)Connection Process Description
For security reasons, DApps must obtain explicit user permission before connecting to their wallet. The connection authorization process ensures that users maintain control over which applications can access their blockchain accounts.
The typical connection flow involves:
- DApp initiates connection request
- User reviews and approves/denies the request
- Upon approval, DApp receives access to necessary account information
Status Codes and Responses
The API returns specific status codes during the connection process:
| Status Code | Description | Message |
|---|---|---|
| 200 | Site previously authorized | The site is already in the whitelist |
| 200 | User approved connection | User allowed the request |
| 4000 | Duplicate connection request | Authorization requests are being processed, please do not resubmit |
| 4001 | User rejected connection | User rejected the request |
Practical Implementation Example
A typical TRON network transaction involves three critical steps:
- Transaction Creation: Building the unsigned transaction object
- Transaction Signing: Securely signing with private keys (handled by wallet)
- Transaction Broadcasting: Sending the signed transaction to the network
The signing step requires wallet integration, while creation and broadcasting typically occur through network libraries like tronWeb.
👉 Explore advanced Web3 integration strategies
Signing Transactions
Transaction signing is a critical security process that ensures only authorized users can execute blockchain operations.
Method Structure
okxwallet.tronLink.tronWeb.trx.sign(transaction, privateKey)Step 1: Creating Transfer Transactions
sendTRX Method
Creates an unsigned TRX transfer transaction.
Parameters:
| Parameter | Description | Type |
|---|---|---|
| to | Recipient TRX address | hexString |
| amount | Amount of TRX to send | integer |
| from | Optional sender address | hexString |
| options | Permission ID | integer |
Step 2: Signing Transactions
Security Note: Never use private keys in client-facing applications where they might be exposed.
Sign Method Parameters:
| Parameter | Description | Type |
|---|---|---|
| transaction | Created transaction object | JSON |
| privateKey | Private key for signing (optional, defaults to tronWeb configured key) | String |
Step 3: Broadcasting Signed Transactions
sendRawTransaction Method
Broadcasts signed transactions to the network.
Parameters:
| Parameter | Description | Type |
|---|---|---|
| signedTransaction | Signed transaction object | JSON |
Message Signing
Message signing allows DApps to verify user ownership of addresses without executing transactions.
Method Structure
window.okxwallet.tronLink.tronWeb.trx.sign(message)Description
DApps can request users to sign messages, which can then be verified on backend systems to authenticate legitimate users. This process requires prior wallet connection approval.
Parameters
| Parameter | Description | Type |
|---|---|---|
| message | Plain string or hexadecimal string | String |
Version-Specific Behavior
For versions prior to 2.80.0:
- All messages are converted to hexadecimal before signing
- Hexadecimal messages require additional conversion during verification
For version 2.80.0 and later:
- Hexadecimal strings are signed directly without conversion
- Plain strings are automatically converted to hexadecimal format
Return Values
Successful signing returns a hexadecimal signature string. Errors return descriptive error messages for troubleshooting.
Verifying Signed Messages
Signature verification confirms that a message was signed by a specific address.
Method Structure
window.okxwallet.tronLink.tronWeb.trx.verifyMessage(hexMsg, signedMsg[, address])Parameters
| Parameter | Description | Type |
|---|---|---|
| hexMsg | Message in hexadecimal format | String |
| signedMsg | Signature result for the message | String |
| address | Optional wallet address for verification | String |
Version-Specific Verification
The verification process varies depending on the wallet version and whether the original message was hexadecimal or plain text. Developers must ensure consistent handling based on their users' wallet versions.
Return Value
Returns a Promise resolving to boolean true (verified) or false (not verified).
Event Handling
The API provides event listeners for tracking connection state changes.
Successful Connection Events
Triggered when:
- User approves connection request in popup
- User manually connects to website
Usage:
window.okxwallet.tronLink.on('connect', (accounts) => {
// Handle connection
});Disconnection Events
Triggered when:
- User rejects connection request
- User manually disconnects from website
Usage:
window.okxwallet.tronLink.on('disconnect', (error) => {
// Handle disconnection
});Account Change Events
Triggered when:
- User logs in
- User switches accounts
- User locks account
- Wallet auto-locks after timeout
Usage:
window.okxwallet.tronLink.on('accountsChanged', (accounts) => {
// Handle account changes
});👉 View real-time blockchain development tools
Frequently Asked Questions
What is an Injected Provider API?
An Injected Provider API is a JavaScript interface that wallet extensions add to web pages, allowing DApps to interact with users' blockchain accounts securely. It enables transaction signing, message verification, and account management without exposing private keys to websites.
How do I handle different wallet versions?
Always check the wallet version and implement conditional logic for methods that behave differently across versions. For message signing, particularly note the changes in version 2.80.0 regarding hexadecimal handling to ensure proper verification.
What security precautions should I take?
Never handle private keys in client-side code. Use the wallet's signing methods instead. Always verify messages on the backend and implement proper error handling for connection rejections and timeouts.
Why might a connection request fail?
Requests can fail if users reject the connection, if duplicate requests are made, or if the wallet extension isn't properly installed. Always provide clear user guidance and fallback options for failed connections.
How do I test my DApp without a browser extension?
Use test networks and development environments that simulate wallet behavior. Many development frameworks offer mock providers for testing all API functionality without requiring actual browser extensions.
What networks does this API support?
While this documentation focuses on TRON network integration, similar provider APIs exist for Ethereum, BSC, and other EVM-compatible networks. The core concepts remain consistent across different blockchain ecosystems.