Skip to main content

Project ID

The Project ID is consumed through URL parameters. URL parameters used: Example URL: https://relay.walletconnect.com/?projectId=c4f79cc821944d9680842e34466bfbd This can be instantiated from the client with the projectId in the SignClient constructor.

Allowlist

To help prevent malicious use of your project ID you are strongly encouraged to set an allowlist of origins or application/bundle ids for mobile applications where the project ID is used. Requests from other origins will be denied. Using localhost (or 127.0.0.1) is always permitted, and if empty all origins are allowed. Updates take 15 minutes to apply. If scheme or port is specified, it must match exactly. Hostname must also match exactly, but wildcards can be used for individual labels within the hostname. Example of possible origins in the allowlist:
  • example.com - allows https://example.com or http://example.com but not https://www.example.com
  • https://example.com - allows https://example.com but not http://example.com
  • https://www.example.com - allows https://www.example.com but not https://example.com
  • https://example.com:8080 - allows https://example.com:8080 but not https://example.com
  • https://*.example.com - allows https://www.example.com but not https://example.com
  • https://*.*.example.com - allows https://www.subdomain.example.com but not https://www.example.com or https://example.com
  • https://www.*.example.com - allows https://www.subdomain.example.com but not https://www.example.com
  • https://www-*.example.com - invalid; * must be the full label

Error Codes

Websocket Close Codes

Best Practices

  • Create a new projectId for each project. This allows for more granular control, dedicated explorer listings, and project metrics.
  • Don’t reuse a projectId.
  • Use the AllowList to limit unauthorized usage.
  • Avoid committing projects keys to the repo. Use env variables instead.