Status web DApps API

On top of the regular web3 API we are considering exposing status specifics API to web based DApps.

To mitigate security and privacy concerns this API would not be available by default. DApps developers would need explicitly request it, allowing status users to grant/deny this privilege. This is following a pattern pushed by MetaMask in EIP 1062.

e.g.

    window.addEventListener('message', function (event) {
        if (!event.data || !event.data.type) { return; }
        if (event.data.type === 'STATUS_API_SUCCESS') {
            // status API defined
        }
    });
    // request status API
    window.postMessage({ type: 'STATUS_API_REQUEST' });

This status object would then provide access to:

  • current account whisper key
  • current account contacts

And potentially any status data that might proove useful.

Any thoughts?

4 Likes

I really like this idea. Especially if Status is able to expose things like push messages to dapps, or other native functions.

I think a current holy grail Status dapp involves being able to minimize and close the Status app but have dapps still be able to have workers running. Or being able to subscribe to things, to notify users about events in the dapp somehow. Like “it’s your turn in Words With Friethnds” or “your ENS name is about to expire”.

Right we are definitely going to expose more status features. PNs will probably take more time though :slight_smile:

For long running logic web DApps might not be the most suitable approach. Something closer to the metal, like the extensions work we are initiating, is probably a better fit.

1 Like

Yeah we definitely need this, also it would be great if we could store different permissions for every dapp, for example, show panel with permissions when dapp requests access and user can choose which permissions he wants to allow to this dapp

This is great. Then we can create a front-end component so dapp developers can just wrap their application in a STATUS_PROVIDER and easily integrate their dapp with Status.

First version is in develop branch already

window.addEventListener('message', function (event) {
    if (!event.data || !event.data.type) { return; }
    if (event.data.type === 'STATUS_API_SUCCESS') {
        console.log(event.data.permissions) //=> ["CONTACT_CODE"] if allowed , and [] if not allowed
        console.log(STATUS_API["CONTACT_CODE"]) //=> "0x0012300..123" if allowed
    }
});
// request status API
window.postMessage({ type: 'STATUS_API_REQUEST', permissions: ["CONTACT_CODE"] }, '*');

Other data that might be useful:

profile info like:

  • username
  • contact code
  • whisper id
  • main currency

It would be cool if a dapp could reach out and start a new chat with a contact, group or even its own bot counterpart, seemlessly passing a user from the dapp context to the chat context.

Eventually, presumably Status will have a contacts/friends list and maybe online/offline status so those would be good to have also. For a dapp to be able to ask Status to ask the user to choose a friend to do something with (ride share, check splitting, calendar, etc).

There is also the possibility for dapps to be able to ask for even more native things like GPS location, all the various sensors, battery level, current time.

Privacy is a main concern so there are data we probably won’t want to share. Even if it is all guarded by permissions and user acceptance.

Native like API is a nice idea. We don’t want to hijack too much the web stack though.

Some other thoughts re: things dapps might want:

What about camera access for things like scanning QR codes? Say I have a grocery store dapp and I’m scanning items, or scanning concert tickets or signed messages in a scavenger hunt.

Although maybe that shouldn’t be a Status specific API,