Merchant Howto: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Casascius (talk | contribs)
No edit summary
Casascius (talk | contribs)
Line 18: Line 18:
If you are delivering digital goods or services, you can use a third-party service such as [[Bitcoin Notify]] to tell your website when a payment has been received.  This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.
If you are delivering digital goods or services, you can use a third-party service such as [[Bitcoin Notify]] to tell your website when a payment has been received.  This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.


If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion.  Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, which is a much more controllable risk.
If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion.  Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, however, this is a much more controllable risk.


===Using a third-party API===
===Using a third-party API===

Revision as of 17:29, 17 September 2011

This page is intended as a guide to assist merchants learn how to accept bitcoins for payment.

Manual

  1. Download a bitcoin client
  2. When a customer wants to buy something send them a bitcoin address where their payment should be sent.
    • You can do this by clicking "New.." next to your address in the bitcoin client and sending that address to the customer.
  3. When payment comes in from that address send the goods to your customer. Depending on your risk tolerance and the value of the purchase, you may wish to wait until the payment shows enough confirmations to protect against double spending.
  4. To issue a refund, obtain from the customer the bitcoin address where the refund payment should be sent. The refund address will likely be different from the address used when the customer sent payment, especially if an EWallet was used by the customer.

Automated

Simple

You can accept Bitcoins on your website without needing to use Bitcoin APIs or third party services if you pre-generate a large number of receiving Bitcoin addresses and store them in a database on your web server, and dispense them one-by-one to customers when they are ready to pay. This way, your web server never actually handles the bitcoins - it simply gives out addresses belonging to a wallet you maintain elsewhere.

To pre-generate addresses, use a tool such as Pywallet (which can generate a wallet.dat file) or Bitcoin Address Utility (which can generate a CSV file). In both cases, you will be generating a list of Bitcoin addresses along with their corresponding private keys.

If you are shipping goods manually, you can use the Bitcoin software to check for incoming payments, or alternately consider using Block Explorer or Abe to verify payment when you're about to ship. To make this easy, make your website provide you a full hyperlink: http://www.blockexplorer.com/address/ADDRESSGOESHERE.

If you are delivering digital goods or services, you can use a third-party service such as Bitcoin Notify to tell your website when a payment has been received. This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.

If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion. Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, however, this is a much more controllable risk.

Using a third-party API

You can use an existing shopping cart interface or utilize the Bitcoin client's JSON-RPC API to automatically accept payments.

Setup a system that:

  1. When a customer orders something on your website it records
    • Bitcoin address that payment should be sent to
    • Order details (delivery address etc.)
    • Customer's refund address (optional - if you wish you can ask for this later, only in cases a refund is required)
    • Payment amount
  2. When payment arrives, checks that they have paid the correct amount or not, and informs you
    • You dispach the goods to the customer and mark the order as fulfilled
    • If you cannot dispach the goods you mark the order as denied and ask the customer for a refund address (unless you already have it from earlier) to send a refund.
  3. Forwards the funds to bitcoin address of your choice

Common Errors

It has been observed several times that businesses try to funnel all orders through the same bitcoin address, and ask people to send some BTC, then send email describing the timing and the amount of the transaction to 'claim' it. This is not secure, since anyone can see the transaction details using a tool such as Block Explorer, or by inspecting the block chain database directly, and then try to claim someone else's transaction as theirs. Do not do this - give each customer a unique bitcoin address, as suggested in the manual section of this page.

Listing your business on the Bitcoin Trade page

Anyone can add and update a listing on the trade page. Just register if you haven't and add to the appropriate category. If you'ld like assistance, perhaps someone in the #bitcoin-marketing IRC channel would be willing to assist.

See Also