Need shopping cart module that uses pre-generated address list

[btc4ever]

Hi, I prefer to accept bitcoins for myself rather than depending on a 3rd party processor  ( even one that uses multisig ).

Of course, it is a bad idea to keep a hot wallet that generates new addresses, and also maintaining a running bitcoind or btcd instance is tiresome and adds another possible point of failure locally.  been there, done that.

So what I'm looking for are shopping cart modules for accepting bitcoin that:

  1) Can use a pre-generated address list.   ( or XPUB from HD-Wallet, even better )
         ( so that private keys are never stored on server. )

  2) Can query a blockchain APIs to determine if a payment has been made.

  3)  ideally it would use a pluggable API interface, so it could query against blockchain.info, insight, toshi, bitcoind, btcd, etc.   automatic failover would be great.

(1) and (2) are requirements.  (3) is nice-to-have.

Anyone know of such a thing?    I would hope there would be several, for different shopping carts. 

I've been looking at some of them from this page:
  https://en.bitcoin.it/wiki/Category:Shopping_Cart_Interfaces

But so far the one's I've looked at seem to be old and either the docs are too vague or they are clearly just hot wallets relying on bitcoind.

If I receive multiple responses that match the requirements I will consolidate them into a list in the OP.

I'm also interested in your experiences good/bad with the various bitcoin shopping cart plugins.

thanks.

[1714921178]

1714921178

[1714921178]

1714921178

[coinableS]

XPUB from HD-Wallet, even better ...  query a blockchain APIs ... query against blockchain.info

Blockchain.info has a receive payments API that uses bip32 xpub keys, so you can use your xpub key from multibitHD and utilize it with blockchain.info's API. That way your PK is not with blockchain, you are just using them to generate the index keys and handle the callbacks when payments are received.

https://blockchain.info/api/api_receive

[Xambu571]

Can confirm that the blockchain is one of the best methodes to process bitcoin payments. Fast, easy and save!

[btc4ever]

that's pretty good.  Anyone else providing a similar service that accepts XPUBs and provides notifications?   For a robust solution, at least one fallback/failover is needed.

I must say, after going through most of the shopping cart interfaces linked to on the wiki, I'm rather disappointed.   It doesn't seem like there is really any activity or updates, so I guess most everyone is relying on third parties rather than running local instances.   :-(   that, or people are rolling their own private solutions with bitcoind, something I've done in the past.

[unamis76]

Isn't Electrum integration an option? I think it does what you require.

[fbueller]

I wrote one a while ago in PHP, but haven't had the time to keep it up to date and secure.

It used a full node for blockchain information, accepted xpub's from admins/merchants/buyers, and generated multisig addresses. Private keys weren't stored or generated by the system, but eventually for usability, I allowed users to generate private keys using a passphrase in javascript. Convenience/Security trade off, but that's how it goes.

It lets users paste in signed raw transactions, or use the javascript thing to generate it in the browser if the user went that route. I'd love to revisit it, but it's a full featured site, not a module.

[unamis76]

I wrote one a while ago in PHP, but haven't had the time to keep it up to date and secure.

It used a full node for blockchain information, accepted xpub's from admins/merchants/buyers, and generated multisig addresses. Private keys weren't stored or generated by the system, but eventually for usability, I allowed users to generate private keys using a passphrase in javascript. Convenience/Security trade off, but that's how it goes.

It lets users paste in signed raw transactions, or use the javascript thing to generate it in the browser if the user went that route. I'd love to revisit it, but it's a full featured site, not a module.

Any online websites with a demo of that?

[btc4ever]

Sounds like a good starting point for a module if some of the code can be broken out.

I've done a pretty thorough review of the available open source options and am saddened to report that there doesn't seem to be anything out there that:

• provides for funds to be paid directly to the merchant
• avoids use of hot wallet  (via XPub or even pre-generated keys)
• avoids reliance on third parties, eg blockchain.info

I found gourl which has plugins for many popular shopping carts but they receive/forward and take a cut.  I haven't looked at their code yet... it may be possible to fork and replace the naughty bits.

I don't have much time just at the moment either, but I'm contemplating writing something that would meet the above requirements in the coming months.

The way I see it, there could be a single core logic library and then multiple customizations for plugging into various popular shopping carts.

fbueller, I'm already familiar with your bitwasp php lib.  If you could find some time to break out the relevant bits of your code, then perhaps that could help me get a running head start.  Even if just as an incomplete example/reference.   If not, no worries...   should be straightforward enough.

I wrote one a while ago in PHP, but haven't had the time to keep it up to date and secure.

It used a full node for blockchain information, accepted xpub's from admins/merchants/buyers, and generated multisig addresses. Private keys weren't stored or generated by the system, but eventually for usability, I allowed users to generate private keys using a passphrase in javascript. Convenience/Security trade off, but that's how it goes.

It lets users paste in signed raw transactions, or use the javascript thing to generate it in the browser if the user went that route. I'd love to revisit it, but it's a full featured site, not a module.

[fbueller]

A module would be great, cos preparing the transactions is a client-side issue.

It would be super easy if you wanted to use an API! BitWasp parsed every transaction in every block looking for outputs. It didn't handle reorgs, so an API that pings you after confirmations would be great.

You don't have to connect to the bitcoin network again until your users have crafted a valid transaction. You might have several proposed transactions if it gets to the dispute stages, where the buyer/seller might agree a refund, but that's a matter of checking signatures & other particulars. Once complete, push and it'll go out.

You force the seller to sign first if you want escrow, where he indicates the item has been 'shipped' and the buyer signs (tx gets broadcast) when he receives the goods.
If you want up front payment, the buyer signs release to the vendor immediately, and the seller signs (tx gets broadcast), when he dispatches the goods.

The UX is should allow for refunds, disputes and a successful outcome. The admin shouldn't really have to get involved. I never liked having the admin use javascript, because it'd be a nightmare if his key was stolen. But again, a UX issue if you're building a module.

A simple module might be:
 - look for payment/amounts on an address (by passing BIP70 payment requests?)
 - callback when a payment is received
(order stuff happens)
 - push payment to network

@unamis: only the code https://github.com/Bit-Wasp/BitWasp