Merchant Howto: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Sgornick (talk | contribs)
→‎Manual: Add caveat for Double spending.
first stab at removing pointless crappy spam
 
(119 intermediate revisions by 49 users not shown)
Line 1: Line 1:
This page is intended as a guide to assist merchants learn how to accept bitcoins for payment.
{{merge|How to accept Bitcoin, for small businesses}}


==Manual==
Accepting Bitcoins is easy, and there are several ways to do it.
 
==Manually==
# Download a bitcoin client
# Download a bitcoin client
# When a customer wants to buy something issue them with a bitcoin address
# When a customer wants to buy something, send them a Bitcoin address where their payment should be sent.
#* You can do this by clicking "New.." next to your address in the bitcoin client and sending that address to the customer
#* You can do this by clicking "New.." next to your address in the Bitcoin client and sending that address to the customer.
# When payment comes in from that address send the goods to your customer.  Depending on your risk tolerance and the value of the purchase, you may wish to wait until the payment shows enough confirmations to protect against [How_bitcoin_works#Double_spending double spending]].
# When payment comes in to that address, send the goods to your customer.  Depending on the value of what you're selling, you may wish to wait until the payment shows Confirmed.
# If you ever need to refund a customer send the bitcoins they sent back to the from address you recieved the bitcoins from.
# To issue a refund, obtain from the customer the [[Address|bitcoin address]] where the refund payment should be sent.  The refund address will likely be different from the address used when the customer sent payment, especially if an [[EWallet]] was used by the customer.


==Automated==
==Automated==
Setup a system (pointers to easy-to-use packaged systems should be added) that:
===Pre-generating Bitcoin addresses===
# When a customers orders something on your website it records
You can accept Bitcoins on your website without needing to use Bitcoin APIs or third party services if you pre-generate a large number of receiving Bitcoin addresses and store them in a database on your web server, and dispense them one-by-one to customers when they are ready to pay.  This way, your web server never actually handles the bitcoins - it simply gives out addresses belonging to a wallet you maintain elsewhere.  By using a unique address per order, you will always know which payment belongs to which order.  [https://www.casascius.com Example of website using this method]
 
To pre-generate addresses, use a tool such as [[Pywallet]] (which can generate a wallet.dat file) or [[Bitcoin Address Utility]] (which can generate a CSV file).  In both cases, you will be generating a list of [[Address|Bitcoin address]]es along with their corresponding [[private key]]s.  Only the Bitcoin addresses (not the private keys) should be loaded on the web server.
 
If you are shipping goods manually, you can use the Bitcoin software to check for incoming payments, or alternately consider using [[Block Explorer]] or [[Abe]] to verify payment when you're about to ship.  To make this easy, make your website provide you a full hyperlink that includes the proper receiving address:  ht<nowiki>tp://www</nowiki>.blockexplorer.com/address/ADDRESSGOESHERE.
 
If you are delivering digital goods or services and want to be able to deliver instantly upon payment and/or confirmation, you can use a third-party service such as [[Bitcoin Notify]] to tell your website when a payment has been received.  This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.
 
If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion.  Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, however, this is a [[Deterministic_wallet|relatively controllable risk]].
 
===Using offchain payment networks===
 
[[Off-Chain_Transactions|Off chain]] networks provides various benefits to Bitcoin, such as instant confirmations and protection against double spending.
 
===Using a third-party plugin===
You can use an existing [[:Category:Shopping Cart Interfaces|shopping cart interface]] from a 3rd party to automatically handle all Bitcoin payments on your website.  If you want to develop the system yourself, you can utilize the Bitcoin client's [[API tutorial (JSON-RPC)|JSON-RPC API]] to automatically accept payments.
 
Things to note if you build it yourself:
# When a customer orders something on your website it records:
#* Bitcoin address that payment should be sent to
#* Bitcoin address that payment should be sent to
#* Order details (delivery address etc.)
#* Order details (delivery address etc.)
#* Customer's refund address (optional - if you wish you can ask for this later, only in cases a refund is required)
#* Payment amount
#* Payment amount
# When payment arrives, checks that they have paid the correct amount (and refunds the from address otherwise) and informs you
# When payment arrives, checks that they have paid the correct amount or not, and informs you
#* You dispach the goods to the customer and mark the order as fulfilled
#* You dispatch the goods to the customer and mark the order as fulfilled
#* If you cannot dispach the goods you mark the order as denied and the system sends the customer a refund
#* If you cannot dispatch the goods you mark the order as denied and ask the customer for a refund address (unless you already have it from earlier) to send a refund.
# Pays money made to your bitcoin address
# Forwards the funds to bitcoin address of your choice
 
===Businesses that mail invoices===
Does your business send out invoices to customers?  Adding one line may make a huge impact for the Bitcoin economy.  Perhaps you list it as a payment option just after Visa, MasterCard, and American Express, even if that means your customer must call or e-mail to make a payment. However it is possible to create automated invoices by using known payment systems supporting invoicing, and recurring invoice setup.
 
==Common Errors==
It has been observed on occasion that a business funnels all its orders through the same Bitcoin address, and asks people to send some BTC, then send email describing the timing and the amount of the transaction to 'claim' it. This is '''not''' secure, since anyone can see the transaction details using a tool such as [[Block Explorer]], and then try to claim someone else's transaction as theirs.
 
Do not do this.  Give each customer a unique Bitcoin address.
 
See also [[Why Your Business Should Use a Full Node to Accept Bitcoin]]


[[Category:ECommerce]]
==See Also==
* [[In-store Transactions]]
* [[:Category:Shopping Cart Interfaces|Shopping Cart Interfaces]]
* [[:Category:Payment_Processors|Payment Processors]]
* [[Securing online services]]
* [[Converter|Bitcoin Javascript Converter]] displays a price in BTCs after converting from USDs.
* [[How to accept Bitcoin, for small businesses]]
* [[:Category:Marketing|Marketing]]
* [[URI Scheme]]
* [[Promotional graphics]], buttons and logos
* [https://github.com/cryptoapi/Payment-Gateway GoUrl Bitcoin Payment API] open source php payment api on Github.com
* [[Lazy API]] The lazy (and possibly easiest?) way to accept bitcoin payments on your website

Latest revision as of 16:20, 3 July 2017

It has been suggested that this article is merged with How to accept Bitcoin, for small businesses.

Accepting Bitcoins is easy, and there are several ways to do it.

Manually

  1. Download a bitcoin client
  2. When a customer wants to buy something, send them a Bitcoin address where their payment should be sent.
    • You can do this by clicking "New.." next to your address in the Bitcoin client and sending that address to the customer.
  3. When payment comes in to that address, send the goods to your customer. Depending on the value of what you're selling, you may wish to wait until the payment shows Confirmed.
  4. To issue a refund, obtain from the customer the bitcoin address where the refund payment should be sent. The refund address will likely be different from the address used when the customer sent payment, especially if an EWallet was used by the customer.

Automated

Pre-generating Bitcoin addresses

You can accept Bitcoins on your website without needing to use Bitcoin APIs or third party services if you pre-generate a large number of receiving Bitcoin addresses and store them in a database on your web server, and dispense them one-by-one to customers when they are ready to pay. This way, your web server never actually handles the bitcoins - it simply gives out addresses belonging to a wallet you maintain elsewhere. By using a unique address per order, you will always know which payment belongs to which order. Example of website using this method

To pre-generate addresses, use a tool such as Pywallet (which can generate a wallet.dat file) or Bitcoin Address Utility (which can generate a CSV file). In both cases, you will be generating a list of Bitcoin addresses along with their corresponding private keys. Only the Bitcoin addresses (not the private keys) should be loaded on the web server.

If you are shipping goods manually, you can use the Bitcoin software to check for incoming payments, or alternately consider using Block Explorer or Abe to verify payment when you're about to ship. To make this easy, make your website provide you a full hyperlink that includes the proper receiving address: http://www.blockexplorer.com/address/ADDRESSGOESHERE.

If you are delivering digital goods or services and want to be able to deliver instantly upon payment and/or confirmation, you can use a third-party service such as Bitcoin Notify to tell your website when a payment has been received. This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.

If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion. Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, however, this is a relatively controllable risk.

Using offchain payment networks

Off chain networks provides various benefits to Bitcoin, such as instant confirmations and protection against double spending.

Using a third-party plugin

You can use an existing shopping cart interface from a 3rd party to automatically handle all Bitcoin payments on your website. If you want to develop the system yourself, you can utilize the Bitcoin client's JSON-RPC API to automatically accept payments.

Things to note if you build it yourself:

  1. When a customer orders something on your website it records:
    • Bitcoin address that payment should be sent to
    • Order details (delivery address etc.)
    • Customer's refund address (optional - if you wish you can ask for this later, only in cases a refund is required)
    • Payment amount
  2. When payment arrives, checks that they have paid the correct amount or not, and informs you
    • You dispatch the goods to the customer and mark the order as fulfilled
    • If you cannot dispatch the goods you mark the order as denied and ask the customer for a refund address (unless you already have it from earlier) to send a refund.
  3. Forwards the funds to bitcoin address of your choice

Businesses that mail invoices

Does your business send out invoices to customers? Adding one line may make a huge impact for the Bitcoin economy. Perhaps you list it as a payment option just after Visa, MasterCard, and American Express, even if that means your customer must call or e-mail to make a payment. However it is possible to create automated invoices by using known payment systems supporting invoicing, and recurring invoice setup.

Common Errors

It has been observed on occasion that a business funnels all its orders through the same Bitcoin address, and asks people to send some BTC, then send email describing the timing and the amount of the transaction to 'claim' it. This is not secure, since anyone can see the transaction details using a tool such as Block Explorer, and then try to claim someone else's transaction as theirs.

Do not do this. Give each customer a unique Bitcoin address.

See also Why Your Business Should Use a Full Node to Accept Bitcoin

See Also