Skip to main content

Live Demo Hub

No integration needed — just scan with PalmxApp to experience Palm's core flows end-to-end.


OAuth Binding

Use the Palm OAuth SDK to scan with PalmxApp and bind your account, obtaining an open_id.

Live Demo

Try OAuth Binding

Scan the QR code with PalmxApp to bind your account and get an open_id.

1
Load binding QR
2
Scan & authorize
3
Exchange for open_id

⚡ Sandbox demo — no data persisted.

What you'll see:

  • How the iframe + postMessage architecture avoids cross-origin issues
  • SDK returns code + codeVerifier after user scan authorization
  • Backend exchanges code for open_id and access_token

Read full documentation →


OAuth Verification

When a user initiates a sensitive operation, the backend creates a verification challenge. The user confirms with a palm scan in PalmxApp.

Live Demo

Try OAuth Verification

Simulate a transfer: create a verification challenge and confirm in PalmxApp.

1
Enter OpenId & initiate
2
Palm scan in PalmxApp
3
Get verification result

⚡ Sandbox demo — no data persisted.

What you'll see:

  • Backend calls VerifyCreate to initiate verification
  • Complete flow of user palm scan confirmation
  • Polling VerifyQuery for result status (pending / approved / denied / expired)

Read full documentation →


Agent Registration & Authorization

Grant an AI Agent a "human-claimed" identity credential. After the real person scans the QR code and palm-scans in PalmxApp, the Agent receives an authorization token and the business can bind it to a local account.

Live Demo

Try Registration & Authorization

Scan the QR code below with PalmxApp to experience the full Agent registration and human authorization flow.

1
Generate registration
2
Scan QR & palm scan
3
Exchange open_id

⚡ Sandbox demo — no data persisted.

What you'll see:

  • Agent generates an Ed25519 key pair locally; private key never leaves the device
  • Real person QR scan + palm scan triggers a single-transaction server-side binding
  • Agent polls for a one-time code and passes it to the business to exchange for open_id

Read full documentation →


Agent Identity Verification

Every business request is signed by the Agent's private key. The business fetches and caches the public key, then verifies locally — proving "it's the same Agent."

Live Demo

Try Identity Verification

Call verify/device to fetch the public key and verify the Agent registration status.

1
Enter DeviceId & OpenId
2
Fetch pubkey (verify/device)
3
View registration status

⚡ Sandbox demo — no data persisted.

What you'll see:

  • How the canonical string is constructed (body hash + nonce)
  • Method A (cached local verification) vs Method B (online verification)
  • Revocation delay equals cache TTL

Read full documentation →


High-risk Step-up Verification

When an Agent initiates a high-risk operation (transfer, withdrawal, etc.), the real person must palm-scan on PalmxApp to approve. The server issues an Assertion JWT as the authorization credential.

Live Demo

Try High-risk Step-up

Enter the DeviceId to simulate a Step-up verification for a transfer.

1
Enter DeviceId & initiate
2
Palm scan in PalmxApp
3
Get Assertion JWT

⚡ Sandbox demo — no data persisted.

What you'll see:

  • Differences between Step-up Levels 1 / 2 / 3
  • Full flow from real-person palm scan to Assertion JWT issuance
  • The six-step JWT verification sequence (including action_detail hash tamper protection)

Read full documentation →