request() path
- Your dApp calls provider.request({ method, params }).
- Read-only methods (eth_chainId, eth_accounts) resolve from cached session state.
- eth_requestAccounts opens SessionConnect overlay if no valid session exists.
- Signing methods build a WallCard RPC intent and open /onetime-connect (iframe or popup).
- WallCard API creates a signing request; user approves in hosted wallet UI.
- Wallet UI posts noderails-card:success back to your page; SDK resolves the promise.
Hosted wallet routes
| Route | When it opens |
|---|---|
| /session-connect | eth_requestAccounts, first connect per dApp origin |
| /onetime-connect | personal_sign, eth_sendTransaction, Solana sign methods, and other signing RPCs |
| /auth | Optional App login only (wallet settings flows, not required for standard dApp signing) |
Custody boundary
Your site never receives PIN, CVV, or private key material. The SDK only returns addresses, signatures, and transaction results after user approval in WallCard UI.