I need to verify that user from my database has sent btc to my wallet.
Ideally I want to generate a unique address for each user transaction and then track all those addresses but I suppose it will be difficult to implement due to address gap limit, so I decided to just ask users for their bitcoin address and then expecting tx with funds transfer from that address to my wallet so I can verify funds were sent by them.
So let's say I want to track all txs just to my wallet address using my own bitcoin node .
As I understand, when I connect to node in live network I'll be notified about all txs that are happening in the network?
How can I validate transactions with transferring funds only to my wallet and decode address from which funds were transferred?
Are there some easy ways to implement this and maybe some code/project examples?
You should use ElectrumX protocol, its based on Satoshis Simple Payment Verification.
Its a server were you can subscribe to a Public Key so the client will receive a notification when the status of the 'script hash' changes using this method:
blockchain.scripthash.subscribe(scripthash)
You can read more on: https://electrumx.readthedocs.io/en/latest/index.html
Related
How can I send a transaction to pay for gas and send a second transaction in the same block to transfer tokens?
I see that it can be done. My wallet was stolen and I can’t take tokens from it because I put money on it and the scammer immediately withdraws from it.
enter image description here
I am using google cloud functions to execute the node.js code which creates a payment-intent and passes the client-secret to the client (i.e browser) in this case. However when a payment is completed i am getting ip address of google's server which are most likely hosting the code of google cloud functions.
I need to pass the ip address of the browser somehow so that client who is making the payment's ip address is visible and not the ip address of google's server.
I tried looking into stripe's documentation but cannot find any way on how to achieve this.
Note: It is recommended to create payment intent on server side and not on client side by stripe.
The reason you're seeing your server's ip address is likely that you are creating the PaymentMethod server-side. This means your server gets that raw card details which puts you in the highest scope for PCI compliance, SAQ D.
The IP address here should instead come from the browser where you would collect card details securely via Stripe.js client-side. The idea is that you would be using Elements, collect their card details and then create a PaymentMethod (or a Token for legacy integrations) and then use that id server-side to confirm a PaymentIntent or create a Charge.
If you have to pass raw card details server-side, you should talk to Stripe's support team instead to discuss your integration.
I am developing app where transfer money from platform to connect when completing some task.
And then my app customers can get money in their stripe account.
I think they need to get receipt for getting earning when using my app but I can't see how to send receipts to customer's email for transferring.
I know it can by specifying receipts_email when charing and refund but no such stuff in transfer object.
How can my app send receipt to customer for transferring ?
if it's impossible what is providing instead in stripe?
Really I need to get help.
Thank you.
The email receipt feature is only available for Charges which happen when you charge a Customer's card. This is documented here: https://stripe.com/docs/receipts
Stripe does not send email receipts when you transfer funds to a connected account or when funds are sent to their own bank accounts. This is something that you would need to build on your side instead based on the funds you're sending to them.
I'm developing an application using react native and Stripe api in order to handle all the sensitive information about the users and their credit cards.
I'm trying to manage a digital wallet inside the application: one user can add/delete or see a list of their own cards (directly inside the mobile app). I am very confused about this point. For now I'm using my server side as an intermediate between my application and Stripe.
For example to add a credit card I give the possibility to insert card information using a form, then i create the token, and finally I send that token to my server-side (POST /users/cards body:{tokenId}) endpoint which, using stripe.createSource({ customerId, tokenId }), I can save a card into a customer object (In my DB I store only the customer ID).
For delete a card I use this endpoint of my server: DELETE users/user_id/cards/card_id and this endpoint use stripe.deleteCard({ customerId, cardId }) to delete the specified card from customer.
For get the list of cards: GET users/cards/ and the endpoint use stripe.listCards(customerId). My questions are: Can I do this? Is there a better solution? Is this PCI compliance? Can i use my server as an intermediate between my clients and Stripe?
The second point is simple: in a checkout phase (in the client side) how can I let the user to choose which credit cards use for the payment and create a token with that? Can I send the cardId to my server in a POST request? Is it secure?
Say I want to create a Bitcoin exchange or an e-wallet service and make it as secure as possible. Assuming the nature of the service results in more Bitcoin deposits coming in then Bitcoin leaving the system out, yet the need to allow instant withdrawals of Bitcoins out of the service, I thought of the following scheme or scenario.
Create on a separate computer a list of 1000 Bitcoin addresses using Multibit. Transfer those 1000 public keys to DB on web server using a USB, to a table holding a pool of free/non-used addresses. When a member creates an account I assign a free Bitcoin deposit address to make member account funding possible. Since the private key for these 1000 deposit addresses is not on the web server or DB (generated on another computer and only public keys were imported using USB) I am pretty much secure that all funds coming into the system as deposits are safe.
When a member wishes to trade with another member, I simply maintain my own balance accounting system, by creating tables and logging transfers from one member account to another.
When a member wishes to withdraw his Bitcoins, I will use a Hot wallet which would only accept requests from the web server IP address, check my internal accounting system to make sure member has enough balance left and make payments from the hot wallet to whatever external Bitcoin address withdrawal has been requested to. By making sure I keep no more than, say, 5% of overall balance on the hot wallet, any security breach will not result in 100% loss of site funds.
How secure is this scheme? Would you suggest I do things otherwise?
Yes, you can use such scheme, but make sure you're keeping those private keys for 1000 wallets in secure place. I would recommend encrypting all of those initial 1000 private keys with some master password which you'll never forget. Also think about storing those keys on offline storage/computer - you can use those offline storage to sign transactions in the emergent cases when you'll need to access those wallets.