As discussed briefly in another bitcoinmonitor thread, some form of standard for HTTP Post notifications would be beneficial for all.
The goal with this thread, is to agree on a minimum subset of variables, and signature generation, that all services will implement, so that no matter which service you use, the basic function is the same.
This would allow shops to pick a payment module, and payment notification service(s) independently.
The standard will need to define which fields are mandatory, and which fields are used in the calculation of signature, in which sequence and how the signature is calculated.
To start off, heres my bid for mandatory fields
The names are only suggestions.
- to_address
- amount (in satoshi to avoid any radix point confusion)
- confirmations (Number of confirmations at the time of the notification, not necessary the requested amount)
- txhash (the hash of the transaction that contains the payment)
- block (height of the block that contained the tx, -1 if unconfirmed)
- signature (see below)
- service (name of the service, could be used in shops where 2 of 3 notifications are needed, before its accepted)
- IP (public ip of the service, since this is included in the signature, a replay attack has to be done from the same IP (yes it can be spoofed))
If we can agree on a hashing algorithm, thats cool.
But since we may not, and any algorithm in time could become obsolete, I think a field to specify the used algorithm is useful, also this could allow services to make a easier CRC, for the "internet of things", like xor/crc8.
- algorithm (sha1, md5, crc32, etc.)
To keep it simple to implement, we should only list the ones that are likely to be used, since any payment system will need to implement all, so if possible, we should keep to the most standard ones, that are likely to be available.
I would suggest using PHP as the reference, since its pretty popular, and contains quite a few hashing systems.
I hope we can agree on a sequence, so that the system does not need to load a list of fields to calculate the signature.
After security checks, a signature validation could be performed in PHP
if ($_SERVER['REMOTE_ADDR'] == $ip &&
$$algorithm($to_address.$amount.$confirmations.$txhash.$block.$ip.$secret) == $signature)
The service name does not need to be included in the calculation, since it would be used to lookup the secret value, so if its changed the validation will fail.
Any service can add extra fields, like btc_amount, from_addresses, datetime, etc.
Since the signature does not include those fields, the same code can still be used.
If those fields contain data, a middle-man would have interest in modifying, a second signature could be added.
This is only my suggestion, please feel free to comment and explain your view on how it can/should be done.