Merchant Howto

From Bitcoin Wiki
Revision as of 03:12, 17 May 2012 by Sgornick (talk | contribs) (Add entry to See Also for Securing online services article.)
Jump to navigation Jump to search

Accepting Bitcoins is easy, and there are several ways to do it.

Manually

  1. Download a bitcoin client
  2. When a customer wants to buy something, send them a Bitcoin address where their payment should be sent.
    • You can do this by clicking "New.." next to your address in the Bitcoin client and sending that address to the customer.
  3. When payment comes in to that address, send the goods to your customer. Depending on the value of what you're selling, you may wish to wait until the payment shows Confirmed.
  4. To issue a refund, obtain from the customer the bitcoin address where the refund payment should be sent. The refund address will likely be different from the address used when the customer sent payment, especially if an EWallet was used by the customer.

Automated

Pre-generating Bitcoin addresses

You can accept Bitcoins on your website without needing to use Bitcoin APIs or third party services if you pre-generate a large number of receiving Bitcoin addresses and store them in a database on your web server, and dispense them one-by-one to customers when they are ready to pay. This way, your web server never actually handles the bitcoins - it simply gives out addresses belonging to a wallet you maintain elsewhere. By using a unique address per order, you will always know which payment belongs to which order. Example of website using this method

To pre-generate addresses, use a tool such as Pywallet (which can generate a wallet.dat file) or Bitcoin Address Utility (which can generate a CSV file). In both cases, you will be generating a list of Bitcoin addresses along with their corresponding private keys. Only the Bitcoin addresses (not the private keys) should be loaded on the web server.

If you are shipping goods manually, you can use the Bitcoin software to check for incoming payments, or alternately consider using Block Explorer or Abe to verify payment when you're about to ship. To make this easy, make your website provide you a full hyperlink that includes the proper receiving address: http://www.blockexplorer.com/address/ADDRESSGOESHERE.

If you are delivering digital goods or services and want to be able to deliver instantly upon payment and/or confirmation, you can use a third-party service such as Bitcoin Notify to tell your website when a payment has been received. This sort of service requires no significant API implementation - they will simply make a POST to your website or send you an e-mail when a payment has been received on one of your addresses.

If you keep Bitcoins off your web server, this ensures your wallet cannot be stolen if your web server experiences a security intrusion. Your risk becomes limited to the possibility that a successful intruder could add his own addresses to your address pool and steal funds from a few incoming orders until you detect the problem, however, this is a relatively controllable risk.

Using a third-party plugin

You can use an existing shopping cart interface from a 3rd party to automatically handle all Bitcoin payments on your website. If you want to develop the system yourself, you can utilize the Bitcoin client's JSON-RPC API to automatically accept payments.

Things to note if you build it yourself:

  1. When a customer orders something on your website it records:
    • Bitcoin address that payment should be sent to
    • Order details (delivery address etc.)
    • Customer's refund address (optional - if you wish you can ask for this later, only in cases a refund is required)
    • Payment amount
  2. When payment arrives, checks that they have paid the correct amount or not, and informs you
    • You dispatch the goods to the customer and mark the order as fulfilled
    • If you cannot dispatch the goods you mark the order as denied and ask the customer for a refund address (unless you already have it from earlier) to send a refund.
  3. Forwards the funds to bitcoin address of your choice

Common Errors

It has been observed on occasion that a business funnels all its orders through the same Bitcoin address, and asks people to send some BTC, then send email describing the timing and the amount of the transaction to 'claim' it. This is not secure, since anyone can see the transaction details using a tool such as Block Explorer, and then try to claim someone else's transaction as theirs.

Do not do this. Give each customer a unique Bitcoin address.

Listing your business on the Bitcoin Trade page

Anyone can add and update a listing on the trade page. Just register if you haven't and add to the appropriate category. If you'ld like assistance, perhaps someone in the #bitcoin-marketing IRC channel would be willing to assist.

See Also