Author

Topic: Announcing BlockCypher's Transaction API: create&manage bitcoin transactions (Read 1890 times)

newbie
Activity: 4
Merit: 0
This is PHP and the syntax is very similar to C. If you see the link I provided, it wont be very difficult for you to decipher the working logic. sign() is a server side function which is taking $txSkeleton & $privateKeys variables as input and returning the signed data. But, if I could sign using PHP itself, I could avoid this step and directly push the signed Tx. I hope, someone, who knows PHP, chime in and point me to a code that allows me to do so...

Okay - then I hope the OP will explain his misleading point (hopefully it isn't a scam but it could be).


Well... blockcypher is definitely not a scam. blockcypher API is also used by services like ShapeShift.io. blockchain.info needs your private key/password too to send a Tx. This has become the de-facto rule for small bitcoin app devs and most do not bother much about this (well they'll tell you lots of security stories though). I have used blockchain.info before and none of my faucets ever got hacked. The thumb rule is to keep low amount in the hot wallet. But, as I am preparing for a bigger project I was exploring for an API that offers better security.

Actually blockchain.info doesn't use your keys on their side, all signing is done in browser. You never hand over raw keys to blockchain.info thank the stars!
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
If you look closer, you will see that the `sign` method is running on the client.

Thanks for clearing that up for us.
sr. member
Activity: 467
Merit: 267
If you look closer, you will see that the `sign` method is running on the client.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
if they do, it doesn't mean that this information is logged or stored. Sure it can be stored your end and passed through the API - I think Micro-transaction API. They can process it and not store. I think blockcypher are a trustworthy service, I know developers who use them over blockchain.info / other services just for the stability, speed, documentation and the bcy testnet.

No-one should ever be trusting a server "not to store private keys" (and no such server should ever even see them) so if that is what they are saying then I would be even more worried about it being a shady operation.
newbie
Activity: 14
Merit: 0
Well... blockcypher is definitely not a scam.

Hopefully not - but claiming they don't keep private keys and having an API that asks for your private key doesn't add up to me.


if they do, it doesn't mean that this information is logged or stored. Sure it can be stored your end and passed through the API - I think Micro-transaction API. They can process it and not store. I think blockcypher are a trustworthy service, I know developers who use them over blockchain.info / other services just for the stability, speed, documentation and the bcy testnet.
sr. member
Activity: 412
Merit: 287
This is PHP and the syntax is very similar to C. If you see the link I provided, it wont be very difficult for you to decipher the working logic. sign() is a server side function which is taking $txSkeleton & $privateKeys variables as input and returning the signed data. But, if I could sign using PHP itself, I could avoid this step and directly push the signed Tx. I hope, someone, who knows PHP, chime in and point me to a code that allows me to do so...

This is false; the library signs using PHP itself. So they're doing it right: server generates the unsigned transaction, user signs locally and returns the signature.

https://github.com/blockcypher/php-client/blob/master/lib/BlockCypher/Client/TXClient.php
https://github.com/blockcypher/php-client/blob/master/lib/BlockCypher/Api/TXSkeleton.php
full member
Activity: 199
Merit: 100
BlockCypher is a platform-as-a-service for crypto coins. It's exposed through simple web APIs and callbacks for developers to build Bitcoin apps. We rebuilt the Bitcoin platform from the ground-up and optimized it for high availability. Our up time is 99.99%. 



 Grin Grin Grin Grin Grin


legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Well... blockcypher is definitely not a scam.

Hopefully not - but claiming they don't keep private keys and having an API that asks for your private key doesn't add up to me.
hero member
Activity: 616
Merit: 500
I AM A SCAMMER
This is PHP and the syntax is very similar to C. If you see the link I provided, it wont be very difficult for you to decipher the working logic. sign() is a server side function which is taking $txSkeleton & $privateKeys variables as input and returning the signed data. But, if I could sign using PHP itself, I could avoid this step and directly push the signed Tx. I hope, someone, who knows PHP, chime in and point me to a code that allows me to do so...

Okay - then I hope the OP will explain his misleading point (hopefully it isn't a scam but it could be).


Well... blockcypher is definitely not a scam. blockcypher API is also used by services like ShapeShift.io. blockchain.info needs your private key/password too to send a Tx. This has become the de-facto rule for small bitcoin app devs and most do not bother much about this (well they'll tell you lots of security stories though). I have used blockchain.info before and none of my faucets ever got hacked. The thumb rule is to keep low amount in the hot wallet. But, as I am preparing for a bigger project I was exploring for an API that offers better security.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
This is PHP and the syntax is very similar to C. If you see the link I provided, it wont be very difficult for you to decipher the working logic. sign() is a server side function which is taking $txSkeleton & $privateKeys variables as input and returning the signed data. But, if I could sign using PHP itself, I could avoid this step and directly push the signed Tx. I hope, someone, who knows PHP, chime in and point me to a code that allows me to do so...

Okay - then I hope the OP will explain his misleading point (hopefully it isn't a scam but it could be).
hero member
Activity: 616
Merit: 500
I AM A SCAMMER
No... I dint. Signing is a part of their offered API. Here is their sample code...

http://blockcypher.github.io/php-client/sample/doc/transaction-api/CreateAndSignAndSendTransaction.html

Please check this line...

Code:
$txSkeleton = $txClient->sign($txSkeleton, $privateKeys);

I'm not familiar with the language (I'm a C++ coder) but if it means that the signing is not done on the client side then that would be a serious issue (hopefully the OP will clarify this).


This is PHP and the syntax is very similar to C. If you see the link I provided, it wont be very difficult for you to decipher the working logic. sign() is a server side function which is taking $txSkeleton & $privateKeys variables as input and returning the signed data. But, if I could sign using PHP itself, I could avoid this step and directly push the signed Tx. I hope, someone, who knows PHP, chime in and point me to a code that allows me to do so...
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
No... I dint. Signing is a part of their offered API. Here is their sample code...

http://blockcypher.github.io/php-client/sample/doc/transaction-api/CreateAndSignAndSendTransaction.html

Please check this line...

Code:
$txSkeleton = $txClient->sign($txSkeleton, $privateKeys);

I'm not familiar with the language (I'm a C++ coder) but if it means that the signing is not done on the client side then that would be a serious issue (hopefully the OP will clarify this).
hero member
Activity: 616
Merit: 500
I AM A SCAMMER
We just released our Transaction API. A transaction can be created in 3 steps:

1. With only an input address, output address, and the value transferred, we build the full unsigned transaction and the data to sign it.
2. You sign the transaction data (we do not store any private keys) and send us the signature.
3. We complete the transaction, broadcast it over the peer-to-peer network, and send it back to you.

So, sharing the hot wallet private key with blockcypher is a must to use blockcypher api to create, sign and send a Tx?

Did you miss point number 2?


No... I dint. Signing is a part of their offered API. Here is their sample code...

http://blockcypher.github.io/php-client/sample/doc/transaction-api/CreateAndSignAndSendTransaction.html

Please check this line...

Code:
$txSkeleton = $txClient->sign($txSkeleton, $privateKeys);
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
We just released our Transaction API. A transaction can be created in 3 steps:

1. With only an input address, output address, and the value transferred, we build the full unsigned transaction and the data to sign it.
2. You sign the transaction data (we do not store any private keys) and send us the signature.
3. We complete the transaction, broadcast it over the peer-to-peer network, and send it back to you.

So, sharing the hot wallet private key with blockcypher is a must to use blockcypher api to create, sign and send a Tx?

Did you miss point number 2?
hero member
Activity: 616
Merit: 500
I AM A SCAMMER
We just released our Transaction API. A transaction can be created in 3 steps:

1. With only an input address, output address, and the value transferred, we build the full unsigned transaction and the data to sign it.
2. You sign the transaction data (we do not store any private keys) and send us the signature.
3. We complete the transaction, broadcast it over the peer-to-peer network, and send it back to you.

So, sharing the hot wallet private key with blockcypher is a must to use blockcypher api to create, sign and send a Tx?
newbie
Activity: 4
Merit: 0
BlockCypher is a platform-as-a-service for crypto coins. It's exposed through simple web APIs and callbacks for developers to build Bitcoin apps. We rebuilt the Bitcoin platform from the ground-up and optimized it for high availability. Our up time is 99.99%. 

We just released our Transaction API. A transaction can be created in 3 steps:

1. With only an input address, output address, and the value transferred, we build the full unsigned transaction and the data to sign it.
2. You sign the transaction data (we do not store any private keys) and send us the signature.
3. We complete the transaction, broadcast it over the peer-to-peer network, and send it back to you.

For documentation on this and all our APIs, see http://dev.blockcypher.com/.
Jump to: