Merchant Howto

From Bitcoin Wiki
Revision as of 20:20, 17 September 2011 by Casascius (talk | contribs)
Jump to navigation Jump to search

This page is intended as a guide to assist merchants learn how to accept bitcoins for payment.

Manual

  1. Download a bitcoin client
  2. When a customer wants to buy something send them a bitcoin address where their payment should be sent.
    • You can do this by clicking "New.." next to your address in the bitcoin client and sending that address to the customer.
  3. When payment comes in from that address send the goods to your customer. Depending on your risk tolerance and the value of the purchase, you may wish to wait until the payment shows enough confirmations to protect against double spending.
  4. To issue a refund, obtain from the customer the bitcoin address where the refund payment should be sent. The refund address will likely be different from the address used when the customer sent payment, especially if an EWallet was used by the customer.

Automated

Simple

You can accept Bitcoins on your website without needing to use Bitcoin APIs or third party services if you pre-generate a large number of receiving Bitcoin addresses and store them in a database on your web server, and dispense them one-by-one to customers when they are ready to pay. This way, your web server never actually handles the bitcoins - it simply gives out addresses belonging to a wallet you maintain elsewhere. By using a unique address per order, you will always know which payment belongs to which order. Example of website using this method

To pre-generate addresses, use a tool such as Pywallet (which can generate a wallet.dat file) or Bitcoin Address Utility (which can generate a CSV file). In both cases, you will be generating a list of Bitcoin addresses along with their corresponding private keys. Only the Bitcoin addresses (not the private keys) should be loaded on the web server.

If you are shipping goods manually, you can use the Bitcoin software to check for incoming payments, or alternately consider using Block Explorer or Abe to verify payment when you're about to ship. To make this easy, make your website provide you a full hyperlink that includes the proper receiving address: http://www.blockexplorer.com/address/ADDRESSGOESHERE.

If you are delivering digital goods or services and want to be able to deliver instantly upon payment and/or confirmation, you can use a third-party service such as Bitcoin Notify to tell your website when a payment has been received. This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.

If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion. Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, however, this is a relatively controllable risk.

Using a third-party API

You can use an existing shopping cart interface or utilize the Bitcoin client's JSON-RPC API to automatically accept payments.

Set up a system that:

  1. When a customer orders something on your website it records:
    • Bitcoin address that payment should be sent to
    • Order details (delivery address etc.)
    • Customer's refund address (optional - if you wish you can ask for this later, only in cases a refund is required)
    • Payment amount
  2. When payment arrives, checks that they have paid the correct amount or not, and informs you
    • You dispatch the goods to the customer and mark the order as fulfilled
    • If you cannot dispatch the goods you mark the order as denied and ask the customer for a refund address (unless you already have it from earlier) to send a refund.
  3. Forwards the funds to bitcoin address of your choice

Common Errors

It has been observed several times that businesses try to funnel all orders through the same bitcoin address, and ask people to send some BTC, then send email describing the timing and the amount of the transaction to 'claim' it. This is not secure, since anyone can see the transaction details using a tool such as Block Explorer, or by inspecting the block chain database directly, and then try to claim someone else's transaction as theirs. Do not do this - give each customer a unique bitcoin address, as suggested in the manual section of this page.

Listing your business on the Bitcoin Trade page

Anyone can add and update a listing on the trade page. Just register if you haven't and add to the appropriate category. If you'ld like assistance, perhaps someone in the #bitcoin-marketing IRC channel would be willing to assist.

See Also