T
Tokenkit
Tokenkit Starknet Tokenkit Documentation

Documentation

dApps and Connections

The in-wallet dApp browser, WalletConnect for mobile, and how Keon handles connection requests

The dApps hub

Open the dApps tab and you get a directory of Starknet apps you can connect to. The list is grouped into categories (DeFi, NFT, social, infra, etc.) and you can search if you know what you are looking for.

The directory is powered by the TokenKit dApps API, so anything listed there shows up in Keon. New dApps are added all the time, and the list refreshes every few hours.

Tapping a dApp opens it. On the extension, that means a new browser tab. On mobile, it opens the dApp inside Keon's in-app browser, which lets the dApp talk to your wallet without leaving the app.

Connecting from a desktop dApp

When a dApp asks to connect, Keon pops up a request that shows you:

  • The site asking to connect
  • Which account it will see
  • What the dApp can and cannot do

You approve once, and Keon remembers the connection. You can revoke it later from Settings under Connected Apps.

Connecting from a mobile dApp

On mobile, dApps connect through WalletConnect under the hood. The flow is:

  1. The dApp shows a QR code (or a deep link if you tap from the same phone).
  2. You scan or tap, and Keon opens with the request.
  3. You approve, and the dApp can now ask for transactions.

If you opened the dApp inside Keon's in-app browser, the WalletConnect step is invisible. The wallet detects the dApp directly.

What dApps can ask for

Keon supports the standard Starknet wallet methods:

  • wallet_requestAccounts to get your address
  • starknet_addInvokeTransaction to send a transaction
  • starknet_signTypedData to sign typed messages (SNIP-12)
  • starknet_addDeclareTransaction to declare a contract class
  • wallet_switchStarknetChain to switch networks

Every transaction the dApp asks for goes through the same simulation preview as a manual send. You see what will happen before you sign.

Pending requests

If a dApp sends you more than one request before you have answered the first, Keon queues them. The pending request modal lets you flip between them and approve or reject each one. Common case: a swap dApp asks for an approve and a swap in quick succession, and Keon shows both so you can review them together.

Reporting a malicious dApp

If a dApp behaves badly (unexpected approvals, requests you did not trigger, suspicious calldata), you can report the domain. Keon submits the report to the TokenKit domain reputation service, and the team reviews and may add it to the shared blacklist that all Keon users see going forward.

This is also why the dApps hub matters: anything listed there has been reviewed at least once. dApps you reach by typing a URL into a browser have not been.

Disconnecting

Open Settings, then Connected Apps. Each connection has a disconnect button. Disconnecting revokes the dApp's access immediately, and the dApp will need to ask again next time.

Report an issue
Previous
Tokens and Swap
Next
Security and Backup