Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Author

Topic: GWT Wallet & Billing API (Read 3062 times)

rupy
hero member
Activity: 725
Merit: 503
GWT Wallet & Billing API
May 05, 2014, 03:16:09 AM
#2
Edit: Offline while working on accounts, distributed microtransactions and off-chain 100% uptime.

Instructions on how to use the bbb billing interface:

1) Register an account, bitcoinbankbook.com.
2) Add atleast one address by pressing the 'Add' button in the 'Menu'.
3) Browse here: bitcoinbankbook.com/[email protected],
    after replacing the mail with the address used to register and copy your id.
4) Now you can redirect your customers to the following URLs:

Manual payments: bitcoinbankbook.com/bill?id=&meta=&price=

    the id retrieved in step 3), this will never change.
    your unique identifier for this bill so you know what was paid for. This HAS to be unique.
    the optional amount of BTC to be billed, without this parameter the bill becomes a donation of any amount.

  If you are logged into the GWT GUI you will see the 'Transactions' dialog refresh
  in real-time with your as the transaction comes in!
  You will also receive an email once the transaction has one confirmation.

Automated payments: bitcoinbankbook.com/bill?id=&meta=&url=&price=

   is the callback where you want us to inform you about billings; confirmations and errors,
  "successful" billings will call the twice or more with these appended parameters:

  ?|&tx=&amount=&meta=&auth=&confirm=0,1...

    the bitcoin transaction id.
    the amount of BTC received. Might not be same as price!
    the lowercase HEX SHA-1 hash of your password salted with the , and and hashed again.

Code:
/* Pseudo code to verify 
 */
String auth = SHA(SHA("") + "" + "" + "");

  If you reply with a URL on the first callback request (confirm=0) in the response data (any string that starts with "http" will trigger this) we will try to redirect your customer to that URL upon successful billing (meta refresh after 5 seconds) with meta= appended to the parameters.

  If you receive the following parameters on your callback , it means we already have that meta string in our database:

  ?|&meta=&error=meta+not+unique

  One last thing: if you use this please leave a comment here so I can send you a PM before updates go live.

-----

TODO:

QR code generator.
calculator and timer.
pay with bbb account.
rupy
hero member
Activity: 725
Merit: 503
Re: GWT Wallet & Billing API
June 08, 2013, 01:01:04 PM
#1

bitcoinbankbook.com (bbb)

It's a fully functional bitcoin client; just sign up, add an address and transfer a small amount of btc to it.

This way your bitcoins are always accessible at any time without hassle.

----

I built this for 2 reasons: customizable security and instant access from anywhere, which I need as the blockchain grows since I don't have time, cpu, memory or diskspace to run the satoshi client on anything else than a dedicated server.

This works on all devices: phones, consoles, computers; anything with a browser.

----

We don't rely on HTTPS for security:

BBB is only as secure as you password! Use an appropriate pass according to the amount stored.

The only vulnerability that HTTPS and bbb have is MITM, so ask yourself; if you're the MITM would you masquerade HTTPS and see all traffic or reverse engineer some heavily obfuscated GWT code, for one site only?

For accounts with large wallets I provide an archive of the client files so you can run bbb from your local harddrive.

> chrome --disable-web-security book.html

SHA of the archive (2015/06/02):

728a81dd1eedb529ead056c3c9a0636dd3011944

----

The way we secure our protocol:

When you register we send a mail with a client side encryption key.

We then hash & encrypt your pass before it leaves your browser with javascript SHA and AES implementations.

When you login we simply SHA your pass twice, the second time with a random salt.

Finally payments are AES encrypted with 'random salt pass' SHA as encryption key.

BTW, if you wan't to pay someone that has a bbb account, use their mail as address in the pay dialog to avoid hitting the blockchain.

----

BUGS:

server-sent events don't work on registration.
account balance does not update on realtime transaction.

TODO:

server-sent events.
polling price from bitstamp.
bitcoind errors feedback.
add oil and gold prices.
realtime incoming transaction update.
merchant HTTP billing API.
lock unspent outputs to "improve" anonymity.
AES encrypt everything.
2 phase commit escrow.
private keys backup.
after email / before password greeting. (this way hackers need to steal the database to phish you)

----

If you would like to host your own; I sell two licences for this software:

- single-user (req. bitcoind, java). 50$
- multi-user (req. bitcoind, java, mysql). 100$/year

It uses GWT.

I will extend the product with any feature a paying customer has in mind in "valve time". If you are a multi-user customer, and need a feature quickly, it's 100$/hour.

Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Jump to: