Difference between revisions of "Lazy API"
m (Fixed broken link)
|Line 1:||Line 1:|
For the incredibly lazy and/or incompetent web developer, present is the lazy man's bitcoin API (copied from [
For the incredibly lazy and/or incompetent web developer, present is the lazy man's bitcoin API (copied from [://.org/index.php?topic=4324.msg77187#msg77187 a forum post]):
Revision as of 21:42, 18 January 2013
For the incredibly lazy and/or incompetent web developer, present is the lazy man's bitcoin API (copied from a forum post):
Lazy web designer wants to use bitcoins without dealing with installing bitcoin on a server, installing a shopping cart interface, or using ugly merchant services with callbacks.
Solution for sending bitcoins
Use the MtGox API
Solution for receiving bitcoins
- Input a list of bitcoin receiving addresses to your database
- Give a bitcoin address to a potential customer
- Have the customer tell you when they have sent the coins and have at least 1 confirmation (you can choose a number higher than 1 if you are worried about double-spending)
- Check blockexplorer to see if they sent the right amount (i.e. http://blockexplorer.com/q/getreceivedbyaddress/19hMEAaRMbEhfSkeU4GT8mgSuyR4t4M6TH/1) - the /1 is the number of confirmations you require
- Give them what they paid for
- After a reasonable amount of time has passed, you can re-use the address for another customer
You could avoid having a list of addresses and reusing them by getting a new address via API call from one of the wallet services that support this feature (e.g. https://instawallet.org/static/api).
BlockExplorer is a service that is provided by a private party. There is no guarantee that the information provided by BlockExplorer matches the blockchain.
There have not been any reports that BlockExplorer has reported transaction data incorrectly.
For an attacker to be successful with this double spend tactic a significant effort is required and thus the risk of this attack being made against the typical retail merchant is pretty minimal. It would not be advisable for a merchant with little to no recourse against an attacker to accept payment without a sufficient number of confirmations however.