Topic: List of Bitcoin blockchain APIs - page 3. (Read 8186 times)

Great quesiton. I'll give an example to help illustrate the problem and how 2-of-3 multisig solves it.

Lets say you run a bitcoin service of some sort, for example, an exchange, a gambling website, an ATM network, etc. One morning you wake up to find that $1,000,000 worth of bitcoins are missing from your hot wallet

If you were using 2-of-3 multisig, this scenario could have been prevented, because the service provider (for example BlockTrail) could enforce your custom restrictions and spending limits before signing your transactions. This allows you to greatly mitigate how much damage an attacker can do (i.e you would lose $10k instead of $1m). In order to circumvent the restrictions, an attacker would need to have access both to your systems AND the multisig service provider's systems, making it very unlikely for a successful attack.

In another scenario, if the multisig service provider's systems are breached, then users' coins are still safe, because the service provider only has 1 out of 3 keys needed to make transactions. An attacker would still need to attack every single user individually, to actually get their bitcoins. This isn't necessarily the case with some of the more traditional APIs which either have access to your private key (coinbase) or which you need to send your password to the service provider (bc.info).
   
Since we're on the topic of security I think its worthwhile mentioning some of the benefits of HD Wallets, which separate your keychain from your backup process. The issue is that if your bitcoin service (exchange, gambling site, ATM, etc) is constantly generating new bitcoin addresses for users to pay and deposit into, in a short while you'll find that you need to manage hundreds, or hundreds of thousands of private keys. If you have a high volume of transactions its likely that you have a very well defined backup process for getting these keys into cold storage.

HD wallet technology eliminates this issue entirely - since you have one private key to manage all of your bitcoin addresses, forever, and you only need to back it up once when you initially created it. You can generate it, throw it in a safety deposit box and never need to expose your backup process to technical faults, human errors or unknown security vulnerabilities. This is also far easier to manage and gives you peace of mind.

Generally I understand what multisig is for but could you explain in the case of BlockTrail service why need their signature for the transaction, what's the advantage of having a multisig transaction and BlockTrail's signature on the transaction?

This is probably the best explanation for that question at https://en.bitcoin.it/wiki/Green_address

No, BlockTrail uses 2-of-3 multisig (unlike greenaddress which makes use of 2-of-2), so BlockTrail does not have the control over the coins to prevent its users from double spending (and thus does not provide "greenaddress functionality" between its users)

What's a "green" address?

Does your project and API support or implements green addresses? I am looking for a green address implementation/API other than the https://greenaddress.it one.

Imagine you want to get all incoming transactions for your address.
With webhooks, you have an API endpoint on your service. You give
that endpoint to the service provider, and everytime they see a new
transaction to your address they post it to the endpoint you've
provided.

With websockets, you establish a continuous connection to the service
using WebSockets, thereby subscribing to updates regarding
transactions for your address. As long as you keep the connection open,
the service will publish new transactions to your address on this websocket
connection.

Both have advantages and disadvantages. Webhooks are plain http and thus
have no technological overhead. However, you need a stable endpoint
(a server). WebSockets is an additional protocol, and thus you might face
problems (extra libraries and infrastructure needed). However, you can
initiate them from anywhere, also from mobile devices for example.

It's great to have an API that one can self-deploy, but unfortunately it's pretty darn slow. I experimented with Toshi recently, which seams considerably faster - but I haven't had the time yet to deploy it myself, so I can't compare properly.

What is the difference between websockets & webhooks ?

Great list, thanks! I just tried out Insight and I'm pretty happy so far.

What will be the purpose? An overview as given here or a data api in itself? Also, before block 34400 might be hard...

I am working on a site which I hope to announce before block 34400, www.querytheblockcha.in (Home page will throw an error).  PM me if you want a sneak peak.

I added tags that indicate whether an API supports websockets, webhooks, or some additional multi-signature functions. I didn't have the time to wade through it all in detail, so things might not be correct. If you spot an error, let me know!

The main issue with blockchain.info (and many other APIs) is that they have direct access to your coins. It's originally a webwallet where your password never leaves your browser, but their API requires you to provide their server with the password and thus gives them custody of your coins.
You'll never need to do that with BlockTrail because the transactions are created and signed on the client side using the SDK, and are then co-signed and broadcasted via BlockTrail.

The blockchain.info receive API actually makes the bitcoins go to their own address first before the coins come to you, again, giving them full custody of your coins.
This is done for various technical reasons and are considered bad practice nowadays - the main reason being that you can't monitor your own addresses for transactions and that they have a max amount of addresses (which is because you need to backup every private key for each address).

The Blocktrail Wallet API is a HD Wallet, so you can have unlimited addresses, create a new one every time you need to receive coins (as best practices dictate) and because of the HD 'magic' you never even need to create new backups.
And we also have 'webhooks' which allow you to get notifications ( we send data to your server using a HTTP POST ) when your addresses receive transactions.

Initialize SDK

Create a wallet

Setup transaction notifications

Receive a transaction
you'll be automatically subscribed to notifications on these new addresses

Send a transaction

Get wallet balance

If you need any help feel free to email us or join us on #blocktrail on irc.freenode.net !

To be specific, I'm looking for alternative to the following 2...

i. https://blockchain.info/api/api_send

ii. https://blockchain.info/api/api_receive

If you are offering similar alternative, can you please point me to the specific links on https://www.blocktrail.com/api/docs ? Conversion to any FIAT is not the requirement. bc.i does not offer it either.

Sorry for my miss understanding there,
We do offer send and receive but only for BTC not a conversion to dollars or euro, is this where you are looking for ?

I dint say bc.info is great in terms of normal blockchain API. I said it in terms of 2 specific functions required by merchants... the send & receive API. bc.info is becoming monopoly in providing these 2 specific service, which I think is bad.

Can I challenge you to try our API and see if you still think bc.info is the best ?
Im from the https://www.blocktrail.com/ team, if you need any help I can get our team to help you with the integration.

localbitcoins is also in use at the site of the same name so I presume that's their reference for checking trades there.  So I'd imagine that would also be fairly stable one.
All three sites have been up since I became aware of insight.

Great, thanks, I'll add a note to my main post. If these instances will stay around is of course questionable - except the Bitpay one, maybe.