Difference between revisions of "Lazy API"

From Bitcoin Wiki
Jump to: navigation, search
(Use BBE API pages)
(removing explicit address mention)
 
(36 intermediate revisions by 14 users not shown)
Line 1: Line 1:
For the incredibly lazy and/or incompetent web developer, I present the lazy man's bitcoin API (copied from [http://www.bitcoin.org/smf/index.php?topic=4324.msg77187#msg77187 a forum post]):
+
For the incredibly lazy and/or incompetent web developer, present is the lazy man's bitcoin API (copied from [https://bitcointalk.org/index.php?topic=4324.msg77187#msg77187 a forum post]):
  
'''Problem:'''
+
==Problem==
  
Lazy web designer (me) wants to use bitcoins without dealing with installing bitcoin on a server, installing a shopping card interface, or using ugly merchant services with callbacks.
+
Lazy web designer wants to use bitcoins without dealing with installing bitcoin on a server, installing a shopping cart interface, or using ugly merchant services with callbacks.
  
'''Solution for sending bitcoins:'''
+
==Solution for receiving bitcoins==
 
 
Use the [https://mtgox.com/support/tradeAPI MtGox API]
 
 
 
'''Solution for receiving bitcoins:'''
 
 
# Input a list of bitcoin receiving addresses to your database
 
# Input a list of bitcoin receiving addresses to your database
 
# Give a bitcoin address to a potential customer
 
# Give a bitcoin address to a potential customer
# Have the customer tell you when they have sent the coins and have at least 1 confirmation
+
# Have the customer tell you when they have sent the coins and have at least 1 confirmation (you can choose a number higher than 1 if you are worried about double-spending)
# Check blockexplorer to see if they sent the right amount (i.e. http://blockexplorer.com/q/getreceivedbyaddress/19hMEAaRMbEhfSkeU4GT8mgSuyR4t4M6TH)
+
# Check blockexplorer to see if they sent the right amount
# Wait for more blocks (confirmations) if paranoid  (look for the latest block number to go up here: http://blockexplorer.com/q/getblockcount)
 
 
# Give them what they paid for
 
# Give them what they paid for
# After a reasonable amount of time has passed, you can re-use the address for another customer
 
  
You could avoid having a list of addresses and reusing them if one of the wallet services someday lets you get a new address via API call, but this will work for now.
+
==Risks==
 +
 
 +
===External Service===
 +
 
 +
BlockExplorer is a service that is provided by a private party.  There is no guarantee that the information provided by BlockExplorer matches the blockchain.
  
'''Bad idea:'''
+
There have not been any reports that BlockExplorer has reported transaction data incorrectly.
  
Selling bars of gold this way (owner of blockexplorer.com could rip you off)
+
===Double Spending===
  
'''Good(?) idea:'''
+
A merchant is exposed to a [[double-spending]] attack when recognizing a payment before it has been [[confirmation|confirmed]] with a sufficient number of blocks.
  
Selling naked pictures of your grandma this way (owner of blockexplorer.com won't bother)
+
For an attacker to be successful with this double spend tactic a significant effort is required and thus the risk of this attack being made against the typical retail merchant is pretty minimal.  It would not be advisable for a merchant with little to no recourse against an attacker to accept payment without a sufficient number of confirmations however.
  
'''Shameless begging:'''
+
Note that this attack can be performed no matter which API or client is being used.
  
If this info is useful to you, please consider a donation: 19hMEAaRMbEhfSkeU4GT8mgSuyR4t4M6TH
+
[[de:API_für_Faule]]
  
 
[[Category:Developer]]
 
[[Category:Developer]]

Latest revision as of 16:23, 3 July 2017

For the incredibly lazy and/or incompetent web developer, present is the lazy man's bitcoin API (copied from a forum post):

Problem

Lazy web designer wants to use bitcoins without dealing with installing bitcoin on a server, installing a shopping cart interface, or using ugly merchant services with callbacks.

Solution for receiving bitcoins

  1. Input a list of bitcoin receiving addresses to your database
  2. Give a bitcoin address to a potential customer
  3. Have the customer tell you when they have sent the coins and have at least 1 confirmation (you can choose a number higher than 1 if you are worried about double-spending)
  4. Check blockexplorer to see if they sent the right amount
  5. Give them what they paid for

Risks

External Service

BlockExplorer is a service that is provided by a private party. There is no guarantee that the information provided by BlockExplorer matches the blockchain.

There have not been any reports that BlockExplorer has reported transaction data incorrectly.

Double Spending

A merchant is exposed to a double-spending attack when recognizing a payment before it has been confirmed with a sufficient number of blocks.

For an attacker to be successful with this double spend tactic a significant effort is required and thus the risk of this attack being made against the typical retail merchant is pretty minimal. It would not be advisable for a merchant with little to no recourse against an attacker to accept payment without a sufficient number of confirmations however.

Note that this attack can be performed no matter which API or client is being used.