High level flow

The Exchange Application is an application for Ledger’s devices (Nano S, Nano X and Nano S Plus) that has been developed specifically to manage and secure swap operations (crypto-to-crypto transfer).
The trade between the provider and the user is secured by going through Ledger Live back-end, front-end and the Exchange app installed on the Hardware Wallet. The provider signs the trade data, in order to let the Ledger device (Nano S, S Plus, X or Stax) display it to the user. Since the Ledger device is the single source of truth, the user can trust and sign the transaction on the device, thus allowing the provider to complete the transaction. The provider is accredited by Ledger so that the device can trust the provider data.
Detailed flow
This is a C4 diagram that describe an overview of the exchange during the swap process.

Note
Although the provider's LiveApp is embedded inside Ledger Live, we describe it as running in a separate environment because it is sandboxed.
Details on the quote API needed.
Swap transaction flow

- Ledger Live opens the provider’s LiveApp through a deeplink. Example:
ledgerlive://discover/swapprovidername?quoteId=CC14E626-CF1B-4EDA-AF5E-766FFD5A3457&
fromAddress=bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq&
toAddress=0xb794f5ea0ba39494ce839613fffba74279579268&
fromAddressId=AF1A7BD4-6A9A-4491-A540-98B1C7AD2407&
toAddressId=6EA9F270-91C5-4832-9A44-2713F9A6F6F0
The quoteId
sent is the one coming from a previous request to the /quote
endpoint of the Provider’s backend. This id is linked to the fromCurrency
and toCurrency
wanted by the user.
-
The provider’s LiveApp starts Ledger’s swap process through a call to ExchangeSDK method call: swap
.
-
After asking the user to start the process, Ledger’s Swap Service will call the Provider’s backend to generate and sign the payload
. The backend will also returns a swapId
, for status tracking purpose.
-
The Provider’s backend will generate the payload with Ledger’s currency id. This part is important as Ledger’s device only knows Ledger’s referential currency.
-
The Provider’s backend will sign the payload with its private key. The public part must be previously sent to Ledger and must use secp256k1 curve.
-
As soon as the user signs the transaction within his Ledger’s device, Ledger Live will broadcast the transaction.
-
The transactionId
is returned in the response of the swap
method, called by the LiveApp.
- The LiveApp should call back Ledger Live with a deeplink. Example:
ledgerlive://swap?status=COMPLETED&swapId=123
Check swap status flow

High level architecture
