Lazy API: Difference between revisions
→See Also: Add description |
m →Double Spending: Make reference to double spending a link to the article. |
||
Line 29: | Line 29: | ||
===Double Spending=== | ===Double Spending=== | ||
A merchant is exposed to a double spending attack when recognizing a payment before it has been [[confirmation|confirmed]] with a sufficient number of blocks. | A merchant is exposed to a [[double spending]] attack when recognizing a payment before it has been [[confirmation|confirmed]] with a sufficient number of blocks. | ||
For an attacker to be successful with this double spend tactic a significant effort is required and thus the risk of this attack being made against the typical retail merchant is pretty minimal. It would not be advisable for a merchant with little to no recourse against an attacker to accept payment without a sufficient number of confirmations however. | For an attacker to be successful with this double spend tactic a significant effort is required and thus the risk of this attack being made against the typical retail merchant is pretty minimal. It would not be advisable for a merchant with little to no recourse against an attacker to accept payment without a sufficient number of confirmations however. |
Revision as of 17:12, 18 June 2012
For the incredibly lazy and/or incompetent web developer, present is the lazy man's bitcoin API (copied from a forum post):
Problem
Lazy web designer wants to use bitcoins without dealing with installing bitcoin on a server, installing a shopping cart interface, or using ugly merchant services with callbacks.
Solution for sending bitcoins
Use the MtGox API
Solution for receiving bitcoins
- Input a list of bitcoin receiving addresses to your database
- Give a bitcoin address to a potential customer
- Have the customer tell you when they have sent the coins and have at least 1 confirmation (you can choose a number higher than 1 if you are worried about double-spending)
- Check blockexplorer to see if they sent the right amount (i.e. http://blockexplorer.com/q/getreceivedbyaddress/19hMEAaRMbEhfSkeU4GT8mgSuyR4t4M6TH/1) - the /1 is the number of confirmations you require
- Give them what they paid for
- After a reasonable amount of time has passed, you can re-use the address for another customer
You could avoid having a list of addresses and reusing them if one of the wallet services someday lets you get a new address via API call, but this will work for now.
Risks
External Service
BlockExplorer is a service that is provided by a private party. There is no guarantee that the information provided by BlockExplorer matches the blockchain.
There have not been any reports that BlockExplorer has reported transaction data incorrectly.
Double Spending
A merchant is exposed to a double spending attack when recognizing a payment before it has been confirmed with a sufficient number of blocks.
For an attacker to be successful with this double spend tactic a significant effort is required and thus the risk of this attack being made against the typical retail merchant is pretty minimal. It would not be advisable for a merchant with little to no recourse against an attacker to accept payment without a sufficient number of confirmations however.
See Also
- BitAddress Generate address and private key pairs for an offline wallet
- BitcoinNotify Register addresses and receive email or SMS alerts when a payment to that address occurs