O3 Labs has released an update to it’s NEO dAPI, an open protocol designed to give dApps an easy way to connect with existing NEO wallets. The article explores the issues with the previous framework, the O3 Alliance SDK, and notes the various improvements included in the v2 protocol.
In its announcement post, O3 discussed the pros and cons of the v1 implementation, which was used by Switcheo and NEO Name Service to offer users access to their respective platforms from directly within the O3 wallet.
O3 Labs noted the simplicity of the system for NEO developers, which allows signatures to be directly requested from O3 users, but also outlined some of the key issues with the approach:
- The user experience was sub-optimal due to endless dialog boxes, each with little understandable information on what was actually happening during transaction signatures
- It lacked a scalable security solution, as O3 can only screen requests for a limited number of dApps to ensure they are not malicious
- The open protocol is not a NEO standard, without which the ecosystem is liable to fragment as different developers implement their own interfaces
- It lacked support for multiple wallets or identities
- There was no support for the Ontology blockchain
To simplify the user experience, O3 has replaced the dialog screens with an alternative based on the OGP standard. The new dialog box displays all the necessary information in a more easily understood manner.
O3 Labs currently uses a manual vetting process to decide which dApps can use the dAPI to request payments, but this whitelisting process is not ideal for a growing ecosystem where a malicious dApp could potentially send a seemingly harmless signature request that drains a user’s wallet of funds.
The v2 protocol provides the wallet with two responsibilities; generate the transaction and signature, and then broadcast the transaction to the network. Instead of the dApp itself being responsible for creating the transaction, creating a security risk, they will interface with the wallet via the dAPI and request it to perform a send function.
Creating a NEO Standard
O3 notes that the previous dAPI was created to be used primarily by O3’s own applications, but the team has elected to make the protocol open so that any wallet or dApp can conform to it as a new standard. By creating a standard interface, the team hopes to attract more users and developers into the ecosystem.
The standard is still under discussion and not been finalized. It can be viewed on Github here, where all current progress can be seen.
One notable feature of the updated dAPI is the ability to easily change between wallet addresses when connecting to websites or dApps. O3 explains:
“Just like you have different credentials for different websites, you might want to provide different identity information to various websites. For instance, it might not make sense to give an untrusted site access to your address which contains 1000’s of dollars of cryptocurrency. If you had a second address, then you could provide it with a much more limited set of information, only as much as it NEEDED to know to get the job done.”
Due to the similar infrastructure and overlap between NEO and ONT users, O3 has created an Ontology version of the dAPI. This is hoped to create a standardized experience for interactions with both chains.