Setting up a payment button on my site and verifying successful transactions

19 replies 102 views
eric.altMember
Posts: 43 · Reputation: 230
#1Jan 24, 2020, 02:10 PM
Hey everyone. I'm just starting out as a programmer (working with asp.net/c#) and I'm looking to improve my skills in creating websites that sell products and services. I've been trying to integrate payment systems like WayForPay and LiqPay into my site, but since that hasn't worked out, I thought about accepting bitcoin instead. What I want is to enable payments directly to my bitcoin wallet address on my site. I'm a total newbie with bitcoin, so I'm not sure where to start. Ideally, I’d like customers to pay using their Visa/MasterCard by simply entering their card details (number, expiration date, and CVV) or using Google Pay or their bank app to avoid entering sensitive CVV info. I'm from Ukraine, and our currency is UAH (Ukrainian Hryvnia), so I’m hoping there’s a way to let people pay from UAH bank cards to my e-shop's bitcoin wallet. I’m not sure if it’s possible to accept Visa/MasterCard payments and then automatically convert those to bitcoin. I’ve seen some sites that do conversions from USD/EUR to bitcoin, but I have no clue if there’s something similar for Ukrainian currency. If it turns out that paying with bank cards to automatically convert to bitcoin isn’t common, that’s cool. I’m open to setting up a method for buyers to send payment from their bitcoin wallets to our shop's bitcoin address. From what I gather, anyone wanting to buy something online with bitcoin will need to get a BitcoinCore wallet (or is there a better option? let me know). Then they can fund their bitcoin wallet using some method.
5 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#2Jan 24, 2020, 03:28 PM
I'm not programmer, so i can't answer your main question. It's not encrypted at all and I recommend you learn more about Bitcoin to avoid misconception which may lead to loss money. You might want to read https://learnmeabitcoin.com/ and https://github.com/bitcoinbook/bitcoinbook for starter. Many website which accept Bitcoin automatically check and notify whether the address receive appropriate amount of Bitcoin. So ideally this step should avoided.
0 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#3Jan 24, 2020, 06:23 PM
Generally, you would want to configure it with Bitcoin Core and the relevant RPCs. The process would go like this: Customer goes to the payment page -> You generate a unique address for them and set a callback using Bitcoin Core's RPCs -> Listen for callbacks for X confirmations and subsequently confirm their transaction and send whatever goods you're selling. The easy part is implementing this, but the difficult part is ensuring that it doesn't run into any errors, ie. Bitcoin Core crashing, attackers gaining access to your backend, etc, etc. The easiest way, by far is to just use BitPay as a POS and have them handle it for you. They do have integration with plenty of languages.
3 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#4Jan 26, 2020, 02:29 AM
Without additional software running to merge the transactions form Bitcoin Core and the payment functionality together, you can't implement a modern payment processor with just Core. You have two options: - One is to use open-source software such as BTCPayServer which will automatically take care of all Bitcoin payments for you (and as a bonus, LN), but you won't get payment card integration. - The second option, there are payment processors out there that will accept card payments and spit out crypo for your withdrawals. These systems also let you pay in Crypto. An example is Hoodpay (I am not endorsing them). You could roll up your own, but it is quite hard to pull off.
3 Reply Quote Share
max_lynxSenior Member
Posts: 210 · Reputation: 1438
#5Jan 26, 2020, 03:33 AM
Without any knowledge of programming, I’ll just drop you how I feel this could work and you can sort help with a programmer to see you through the set up. I guess your challenge isn’t just having to put in place a payment media as that could be done easily but, it’s confirmation. That is where you would need a programmer to link your website to some program that constantly refresh your payment history by minutes as payment notifiers does come in and process transaction through its reference ID. When it comes to putting in place a payment media with regards to Bitcoin, having a scannable bar code address or the alphanumeric address configured to your hope page or payment media could help out while, using same step as above, you instruct your programmer to honor transactions with at least 2 confirmations on it. Be open to more advice but, this is my thought on the issue here.
3 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#6Jan 26, 2020, 04:24 PM
Each transaction should be paying ideally to its own unique address. Using the same address for multiple users or multiple transactions would inevitably cause some confusion and ambiguity. Confirmations, or accepting payment is not the hardest part but the systems design of it is more difficult.
1 Reply Quote Share
bull_2019Senior Member
Posts: 296 · Reputation: 1992
#7Jan 26, 2020, 10:44 PM
You can use the BTCPayServer just as it's been recommended by @NotATether Check out https://github.com/btcpayserver/btcpayserver and https://btcpayserver.org/ the payment to a new address is actually the best for cases where you need to check for a payment(probably for review or any related needs),  if it's a single address and there are multiple payments of same units, there will be a lot of confusion attached to review but with different address all you have to do is check the particular address( besides privacy is important).
4 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#8Jan 27, 2020, 01:37 AM
hello, thank you all for you oppinions. I think that I found a quick solution: https://www.blockchain.com/ru/explorer/api/blockchain_api I can simply use: - https://blockchain.info/rawtx/$tx_hash - https://blockchain.info/rawaddr/$bitcoin_address - https://blockchain.info/balance?active=$address etc, and this seems to be quite great! =-) Today I for the first time ever bought my first satoshis, sent them to BitcoinCore wallet (it took around half an hour), and I am happy that I can see my transaction, wallet transactions and balance etc at blockchain.info. This is actually solves the security problem with BitcoinCore RPC server which I thought I would need to run on my PC all the time and be available always on network for my website to get some answers about transactions, balance of addresses etc. My wallet (Trustee Plus) provided transaction ID (hash) after it was successful and I though money coming to my BitcoinCore wallet address. I had to choose wallet address starting with 1 (legacy, but most supported by everyone). Interesting that blockchain.com requires that wallet address also should begin with 1 or 3, so I made good start choosing proper wallet address type (like that which Satoshi Nakamoto used in very first transactions). What I feel now, is that there are many guys who want to earn money on doing something like bitcoin-payment-system. TrusteePlus took 0.00025 BTC which is quite much amount. I hope I can manually set smaller commisions for my transaction in BitcoinCore. Conclusion is that it all seems to be so easy that I am really shocked about it. I couldn't imagine that payment system could be so transparent and simple as bitcoin. I start loving bitcoin very much. And probably I'll keep all my money in bitcoins/satoshis instead of bank accounts (because of their inflations etc). Bitcoin really seems to be a wonderful solution, because I need to work and earn, but I want to be helpful to people to sell their goods/services online as it is "internet era". Non-crypto (non-bitcoin) payment systems / banks and to some advance government have done so much bad things to stop people from making for them easy to earn online (honestly). Bitcoin is great. Next days and weeks (probably monthes even) I'll code my internet-shop(s) with bitcoin, and if I'll have anything to say /ask soon, I'll do that later. Thank you all again, bitcoiners ;-)
2 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#9Jan 27, 2020, 05:27 AM
why do you say that Bitcoin is not encrypted at all? By that (encrypted) I mean that all transaction etc are recorded in blockchain, but they don't record private keys, so they can't be stolen from blockchain etc. Yes, it is true that MTGOX, first Exchange for bitcoins was hacked around some 10 years ago (in some 2014), and went bankrupt. And even binance, which seems to replace MTGOX was hacked, but still it is biggest exchange (I didn't like to use them as they have higher minimal transaction). Well, some guys here - https://www.youtube.com/watch?v=01LEyuNgRSQ saying / showing in russian that they could calculate/get private key somehow. But they pose themselves not as hackers but as company which helps to make bitcoin more secure. So they make vulneravilities researches and publish it, so that developers fix it as soon as possible. I was shocked to see a command https://developer.bitcoin.org/reference/rpc/dumpprivkey.html in BitcoinCore. I don't know what it does, but it seems to extract a private key from wallet address. But when i tried it on some random address, it asked to make wallet first, to enter passwrod to access that address etc, so I think thus that it will not reveal private key to everyone without passwrod. Yes, as I understand, that if I don't make a password for my wallet, then it is indeed saved inside blockchain in un-encrypted form. But adding password makes it protected (its private key). I am not sure if i understand all this right.
2 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#10Jan 27, 2020, 09:22 AM
Thank you. Yes, I'll take a look at it. I see that it uses Python (and I already started learning it a couple of monthes ago when i did OCR, optical characters recognition in Python with Neuro network ;-) interesting, but so hard). Python is great language for Artificial Intelligence. So i see that it has libraries for Bitcoin. It makes me think I can find similar bitcoin-libraries for C#, which probably will do something similar to what functions at https://www.blockchain.com/ru/explorer/api/blockchain_api are doing. This I can guess from that Python code. And yes, few days ago I already odwnloaded some Bitcoin books, and started learning. It all takes a lot of time, but is very interesting
0 Reply Quote Share
coin_sigmaLegendary
Posts: 1275 · Reputation: 5553
#11Jan 27, 2020, 12:56 PM
BTCpaysever is a good option for adding a payment button on your website as mentioned above but the only problem is I think it doesn't have an option to add or accept debit/credit cards but you can accept BTC and it converted it directly into fiat. If you are looking for other payment gateways that can add and accept credit/debit cards the payment processor that I know is Coinbase e-commerce they do accept cards and the payment is auto-converted to supported crypto. Take note once you use and add cards to your accepting payment list Coinbase will force you to pass KYC.
2 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#12Jan 27, 2020, 03:32 PM
Bitcoin does not come with encryption, and ECDSA, the public-private key scheme that Bitcoin is using doesn't have any encryption involved. Encryption is done only by the wallet on the user-side. Any hacking of exchange is likely due to their vulnerability and/or poor security habits. Hence, this is why I'm recommending you to offload the transaction payment to a trusted point of sale merchant. dumpprivkey only works for addresses and private keys that you have in your own wallet. You cannot obtain another person's private key for which you have no knowledge of. You can absolutely do so yourself, and if you're serious about security, you should look into the different ways that a hacker can exploit access to your server, or for them to exploit any vulnerabilities within. The standard way of doing so is using a master public key on the server, while keeping a master private key safe and secure out of the server. Even if any attacker were to gain access to your server, the losses incurred would be minimized.
4 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#13Jan 27, 2020, 04:35 PM
It seems TrusteePlus is a custodial service, so 0.00025 BTC is probably their withdraw fee where they take some profit. Bitcoin Core and other self-custodial wallet (where you have the private key) let you set the transaction fee, although it depends on Bitcoin network condition (such as how many unconfirmed TX and fee of those unconfirmed TX). I've see that group or company before. It seems they discover security issue due to improper cryptography usage or implementation (e.g. generate private key from weak RNG). Although personally i would be careful with that group, since their statement seems to be exageratted. For example, they state that "for all Bitcoin Addresses that were generated before version 22.1 from Bitcoin Core" on https://www.youtube.com/watch?v=0aCfT-kCRlw, even though Bitcoin Core developer never state that "vulnerability". Your understanding isn't correct. Private key isn't stored on Bitcoin blockchain at all. Private key is only stored on your device (if you use self-custodial wallet) or third-party (if you use custodial service). Command dumpprivkey only can be used to obtain/extract private key which exist from any wallet.dat file you have access to.
3 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#14Jan 27, 2020, 07:30 PM
Do you really think that using BitPay is easiest? When I see those "third-party" bitcoin companies, which offers something for me as a programmer, I think that it all only becomes more complicated with them. (And worst is that usually they want money for all that complicated stuff: I may spend a lot of time to make it work, reading their documentations, and finally it still will not work, or would be too expensive to use). You say that "Generally, you would want to configure it with Bitcoin Core and the relevant RPCs. The process would go like this: Customer goes to the payment page -> You generate a unique address" OK. Why do you offer to generate unique wallet-addresses for every transaction? I myself was thinking recently about blockchain.info website, which provides all transactions for anyone. In the beginning I thought that I would ask a buyer to provide his "transaction ID" (and maybe also "FROM-wallet-address" from which he sent money, plus amount). But then I thought that there is one problem. It can happen with non-sincere users/buyers. For example, some buyer is "too clever", and he understands that he can easily watch all transactions which happened with my destination "TO-wallet-address". I mean, suppose I don't generate wallet-addresses everytime for each transaction, for every user. So, any buyer (or even one who never bought anything on my site), can surf through blockchain.info, and see all previous transactions. And he can just copy-paste some transaction ID which is not his, claiming that it is his (writing its transaction-ID into some input box which I may provide on website for him for this exact order ID). So what can happen, is that some buyer can click "buy this", I give him always same TO-wallet-address (destination in my Bitcoin-Core wallet). Then he goes to list of all transaction which happened with my Destination-wallet-address, and copy paste some transaction-ID which has same amount (same amount which he has to pay, but didn't pay). So, if this is all done without any info like Name Surname etc (KYC - know your client), then he can misuse this openness of information, transactions list on site blockchain.info (or any similar site). Thus, my website/shop can make a mistake and think that he payed money for this order, but in fact it can be some other guy who made a transaction, payed for it honestly, (same amount of money, which, by the way, is not always easy to hack, maybe) - but he didn't have time to confirm his transaction-id by copy-pasting to website/shop into input-field. Thus, problem can be with dishonest guys who can prened that it were them who payed, and we can never know if that were them or not them, because info in blockchain is anonymous. So, as I can understand, this problem can be solved by generating new unique wallet-addresses each time for my Bitcoin-Core wallet (using RPC). OK, suppose, I have some my shop at some hosting company (yes, I have to pay to them each year, maybe 20$/year or maybe more). But more complicated here is to have additional always running computer, maybe laptop, which is somewhere at my home (or say office of web-shop), and it is always running Bitcoin-Core-CLI RPC on some IP address x.x.x.x:port. Ok, I understand that it maybe can a problem for security. I don't know. There seems to be special settings file for bitcoin-core cli/rpc, where I can create some user and password, so there seem to be no problem with security, and hacker should be not able to run any command in bitcoin rpc on that IP:port, without knowing login+password. For me bigger problem here seems to be that here in Ukraine we have war (Russia is attacking electric stations etc), so we can have electricity "black-outs", which means there can be some days or hours when there is totally no electricity, so even if I have laptop running bitcoin-RPC at that time, it will discharge after several hours (I don't have some big charging station). And I would need to reconnect to another ISP (Internet service provider), which claims to provide internet even when there is "black-out", but they also use some electricity generators from patrol etc, or some new technologies like optical fibre etc. And that would require to connect router also to some charging station / powerbank etc. And thus it is all more costly. But well, seem to be simpler that using some third-party company in between buyer and seller to do all this. I have a question. Say, I would configure my bitcoin-core-cli-rpc to generate unique wallet-addresses for each transaction (so it is connected to unique buyer and his order-id, his goods/services there, payment amount etc). I don't understand what would happen to my wallet balance if I have multiple wallet-addresses? Let's take a simple example. Suppose I sell some test / cheap service/good at my webshop. Price is 1$. Say, User1 registers, places order#1, and bitcoin-rpc generate unique wallet address A. Then he pays that 1$ (and some cents commision), and money goes to my wallet address A. Then user2 registers, also creates order to buy serice/good for amount of 1$, for him again is generated unique destination (TO) wallet address, he sends 1$ to it, places his confirmation transaction ID (maybe it is not necessary if all wallet addresses are unique, so I can probably check them automatically through blockchain.info say, once every minute. yes, i think they have a limit of 100 such API calls within a minute, so maybe I'ld have to do that later to my Bitcoin Core CLI/RPC at my home/office computer). Anyway, say, user2 made a payment of 1$ to address B, payed some fee, and money goes to address B to my Bitcoin Core wallet. Question is: if these two wallet addresses are unque, different, but belong to same wallet, does it mean I would see that my wallet now has 2$? I mean, is it like this, that say, I have one room (bank etc), but so many doors (many keys), so I can enter into it through any of doors/keys (wallet addresses), but total amount/balance / sum is same for each of these wallet-addresses? I mean, if buyer2 will pay 1$ to wallet B, will I automatically have that 2nd dollar in wallet address A? (and vice versa)? Or I will have to send money from wallet B to wallet A (say, it is primary), and thus spend additional money / fee to send from each uniques wallet address (wallets B, C, D, E, F ...) - to wallet-A? How it works? If each wallet address has own unique separate money balance, which is not connected / united with other wallet  address in same wallet, then it is not convenient/good enough, because it means I would have to pay to bitcoin network to send money from hundreds or maybe thousands of wallets addresses to wallet-A address, paying fee for each such additional transaction. If that is so, that one wallet would hold multiple balances (each wallet address has its own separate balance), then it makes services/goods sold on website even more expensive (and that extra cost/fee is to be included into price, which user pays to seller).
2 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#15Jan 28, 2020, 12:08 AM
Definitely, that is their unique selling point. They have an obligation to ensure that you're able to integrate their products seamlessly and that they're able to handle the different edgecases that can exist. As a full stack myself, I definitely do trust BitPay to integrate their POS onto my website and save the hassle of the entire integration process. Not discouraging you to do so, but you should know how Bitcoin works inside out and know the different considerations that should go into designing a payment system. RPC is not encrypted. You should be able to run a secure tunneling directly to the server to ensure that no one is eavedropping on your connection. In addition, you have to ensure that the server is secure, because there were instances where servers are compromised and funds are emptied from their wallet. You seem to have confused the concept of addresses and wallets. A wallet can have many addresses and the balance that you see is the sum of all of the balance of the addresses in your wallet. You should have a callback for each specific address. Addresses are independent, which means you would have to send from Address A to B. If you have funds in tons of addresses, then you have to spend from them individually. If you want, you can learn more about Lightning network and use that instead.
1 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#16Jan 28, 2020, 12:22 AM
I also just now thought that there can be easier (?) approach. I amy generate some fixed quantity of wallet addresses, one wallet address for each registered user. So one client/user of webshop would have unique destination address (it will be same for him for any his transactions, but different from destination addresses given/generated for other users/clients/buyers). Thus, if I generate even say 1000 wallet addresees, it is enough for serving 1000 users, and each new user will not know destination address given for any other user. This is good, and even makes it not necessary to keep BitcoinCore CLI/RPC always running. it maybe necessary only sometimes - at time of registering new users. This quick solution makes everything safer, not necessary to always keep BitcoinCore running. moreover, if I don't even ever run BitcoinCore RPC, but always do it on my local computer, say, using BitcoinCore CLI, command line, and then save wallet addresses to some text file, and copy it to server, so then it can use its list of addresses when necessary, assigning to some user a new wallet-address at time when user for a first time ever creates a first order on site. This may work. List of wallet addresses is also have to be saved somewhere. of course it cannot be some simple .txt file which is visible for anyone on website. Maybe it is to be in some protected folder on server, on in some database (it is also password-protected usually).
5 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#17Jan 28, 2020, 08:44 PM
1. So, do you mean, that say if I have a website which asks for 1$ for registration, and I would have 100 users registered, and each one would get a unique generated wallet-address, and will send 1$ to that unique address, then if I would want to get that 100$ out of those 100 wallet-addresses, then I woul have to make additional 99 transactions to send money from wallet2...wallet99 to wallet100, right? 2. What is the recommended transaction fee for a transaction. Say, 1$ is sent from one wallet-address to another wallet address, what is common fee? I have seen in BitcoinCore the possibility to set different fees/commisions. And I see that I can even set fee to 0 (zero). But it says that in such case such transaction will maybe never be processed. What would happen if say I have say 10$ (or, ok, maybe 100$ or 1000$, still have to earn that though), in wallet, and want to send it to some external wallet (from BitcoinCore wallet) - maybe to TrusteePlus (which I already used), but waht if I will set fee to 0 or maybe 1 cent, will it ever be processed? How to know what is the minimum fee to be set so that I can be 100% (or more probability) that it will be processed. I don't care much about time it takes, maybe even if it takes one day to process or few days (like in banks), but my consideration is to have lowest possible fees with guarantee that transaction is ever processed, but not "hangs forever". And also question is what happens if transaction "hangs" because of absent/0 or too low fee/comission? Is it possible to cancel it? Or such money will be lost forever?
4 Reply Quote Share
eric.altMember
Posts: 43 · Reputation: 230
#18Jan 28, 2020, 10:43 PM
I googled about Amazon, which is said to be the biggest online shop. Google said that in 2021 Amazon had 2,3 billions of unique visitors. Just a theoretical question: can BitcoinCore wallet have 2,3 billions unique addresses? :-) Also, if say wallet can have hundreds and thousands (or millionsof users/buyers), then is it possible to programmatically send money from one BitcoinCore wallet address to another? What are the commands? And how to set fee/comission there (in command line)? I am just a newbie in bitcoin world, so sorry for many questions
4 Reply Quote Share
alt_bearFull Member
Posts: 55 · Reputation: 444
#19Jan 29, 2020, 05:19 PM
No, having a hundred UTXOs at a hundred different addresses is the same as having a hundred UTXOs at one address. All you need to do is create one transaction that has hundred inputs and one output to the new address. This is what centralized exchanges and other online services do all the time. Think of it like combining multiple small change into a larger bill. Instead of counting out a hundred pennies one by one, you simply bundle them into a single dollar bill. The same principle applies to Bitcoin transactions. Transaction fees depend on the size of the transaction and current network congestion. Obviously, a transaction with a hundred input utxos will cost more than a transaction with a single input, but that's why such transactions are better done when the network congestion is lower and when the transaction fees are cheaper.
2 Reply Quote Share
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#20Jan 29, 2020, 07:52 PM
That's not dependent on Bitcoin Core but the system where it's running. If you can build a theoretical machine that can load a tremendously huge wallet.dat into its RAM, then it may be able handle it. But realistically, such service should not solely rely on a single Bitcoin Core wallet but a proprietary software that handles the addresses that it issues to the customers. May be derived from a number of extended public keys from multiple wallets that can be reliably loaded. If it's just sending, then Bitcoin Core's RPC has a couple of ways to interact with the wallet/node: https://bitcoincore.org/en/doc/27.0.0/
3 Reply Quote Share

Related topics