[Bit API Hub] How do you feel about our new startup? Ideas?

[BitAPIHub]

I'd like to get your opinion on a new business I'll be opening in the up and coming months, Bit API Hub. I'm talking to other key people who will form the founding team for the business, but right now the only guaranteed member is myself. It's always a great idea for any company to check if there's a market for a product or service before diving right into creating a business and that's the premise of this thread. I want to know exactly how you feel about the service, what concerns you have, and if you have any recommendations as to what should be included in our services.

Who are you?

So, first let me introduce myself. I'm Rick Mac Gillis and I have over 12 years of experience as a web developer and I specialize in custom cryptographic security methods. If you'd like to know more about me, check out my Linked In profile and feel free to shoot me a message.

What are you creating?

We'll be hosting an API proxy service.

Bit API Hub will allow developers to integrate hundreds of APIs in the Bitcoin market by simply calling our API using our one page SDK and writing very little code. Our server will act as a gateway to the third party API servers and where available, you will make calls using our API keys so that you don't need to even sign up with the 3rd-party API services. If the remote server speaks XML, JSON, or SOAP, you will receive the response as a JSON response in order to allow you to avoid having to convert the responses on your own. In the event that the remote server speaks another language, you'll be able to receive the response in it's native tongue.

We will have three package levels. Our free plan gives you access to everything that we get for free and sometimes even more. Tier 1 allows you to gain access to APIs that 3rd-parties charge for, and Tier 2 allows you to make custom API calls to any API on the entire planet. Aside from just allowing access to single API calls, developers can make what we call a "Data Call." Simply enter the name of the Data Call in your code and the response could be anything from ready to display charts to streamlined responses from remote APIs to save you bandwidth and and many lines of code.

An example of what you can expect to write (in psudo-code) is as follows.

Code:

<?PHP

require_once("../src/bitapihub.php");
$api = new BitAPIHub;
$api->api_url = $api_url;
$api->SigningPassword	= $PrivKeyPass;
$api->PrivateKey		= $PrivKey;
$api->api_key		= "Your Bit API Hub API Key";
$request_data = array(

	"api"			=> "counterpartybe",
	"api-call"		=> "assetlist"
	
);
$request = $api->Call($request_data);

?>

As you can see, you can put most of that inside of a function and just write the

Code:

$request = $api->Call($request_data);

line for each call that you wish to make to the server along with it's accompanying array of data.

The API is cryptographically secure from Tier 1 on up and it checks to make sure that your OpenSSL private key truly signed the request submitted to the server. Without a proper signature, the request will not be used and changing the data sent will require a fully new signature to be generated. As the OpenSSL verification is a fairly intensive process, free members do not have access to signature checking. However, as we use our own API key for any static calls (call data that always stay the same for every call) and non-user-specific calls, you never have to worry about your keys being stolen by anyone on any plan that you use.

Our API will be hosted over HTTPS with a certificate signed by a major brand, most likely GoDaddy, so you'll always be sure that your data is encrypted to us. Our open source SDK implements cURL and forces certificate verification for our server. If a MitM attack is present, your call will simply fail. You can be sure that you will always be speaking to our servers when making a call with our SDK.

What does the future hold for Bit API Hub?

Before we even open our doors, we'll host a Bug Stomp and bounty competition. The announcement thread will give the Bitcoin payout address along with a signed message from that address so that you can be sure that we really own it. Our contest will feature a hackathon, design competitions,and an Easter egg hunt with prizes ranging from 0.001 BTC up to 0.1 BTC. We'll look to you to verify that our services are secure and up to your standards. Any necessary corrections will be made, and once there aren't any more bug reports, we'll stop the event. Afetr the event, we'll wait one week for every hacker to realize that the event is over and we'll place a notice on all of our URLs stating as such. After the week, we'll open for business.

What makes you think that hackers won't continue after the Bug Stomp?

Within 15 minutes of coming online, any computer is subject to attack. Hackers don't always hack computers manually, they use bot-nets to do a lot of the work. Therefore, you can we sure that hacker will try to hack our systems non-stop. Bitcoin companies are some of the hottest targets right now, but mainly hackers are interested in one thing, money. As we don't store any cash on our servers in any form, they have much less incentive to hack our server, but they will certainly try to do so.

Request for Comment

Do you have any questions, comments, or concerns? Are you interested in a service of this caliber? Let me know what you think about the new company.

[Orangina]

Pretty nice project I would say, Like that

the Api will be available only on PHP ? no other languages ?

[BitCoinDream]

I'd like to get your opinion on a new business I'll be opening in the up and coming months, Bit API Hub. I'm talking to other key people who will form the founding team for the business, but right now the only guaranteed member is myself. It's always a great idea for any company to check if there's a market for a product or service before diving right into creating a business and that's the premise of this thread. I want to know exactly how you feel about the service, what concerns you have, and if you have any recommendations as to what should be included in our services.

Who are you?

So, first let me introduce myself. I'm Rick Mac Gillis and I have over 12 years of experience as a web developer and I specialize in custom cryptographic security methods. If you'd like to know more about me, check out my Linked In profile and feel free to shoot me a message.

What are you creating?

Bit API Hub will allow developers to integrate hundreds of APIs in the Bitcoin market by simply calling our API using our one page SDK and writing very little code. Our server will act as a gateway to the third party API servers and where available, you will make calls using our API keys so that you don't need to even sign up with the 3rd-party API services. If the remote server speaks XML, JSON, or SOAP, you will receive the response as a JSON response in order to allow you to avoid having to convert the responses on your own. In the event that the remote server speaks another language, you'll be able to receive the response in it's native tongue.

We will have three package levels. Our free plan gives you access to everything that we get for free and sometimes even more. Tier 1 allows you to gain access to APIs that 3rd-parties charge for, and Tier 2 allows you to make custom API calls to any API on the entire planet. Aside from just allowing access to single API calls, developers can make what we call a "Data Call." Simply enter the name of the Data Call in your code and the response could be anything from ready to display charts to streamlined responses from remote APIs to save you bandwidth and and many lines of code.

An example of what you can expect to write (in psudo-code) is as follows.

Code:

<?PHP

require_once("../src/bitapihub.php");
$api = new BitAPIHub;
$api->api_url = $api_url;
$api->SigningPassword	= $PrivKeyPass;
$api->PrivateKey		= $PrivKey;
$api->api_key		= "Your Bit API Hub API Key";
$request_data = array(

	"api"			=> "counterpartybe",
	"api-call"		=> "assetlist"
	
);
$request = $api->Call($request_data);

?>

As you can see, you can put most of that inside of a function and just write the

Code:

$request = $api->Call($request_data);

line for each call that you wish to make to the server along with it's accompanying array of data.

The API is cryptographically secure from Tier 1 on up and it checks to make sure that your OpenSSL private key truly signed the request submitted to the server. Without a proper signature, the request will not be used and changing the data sent will require a fully new signature to be generated. As the OpenSSL verification is a fairly intensive process, free members do not have access to signature checking. However, as we use our own API key for any static calls (call data that always stay the same for every call) and non-user-specific calls, you never have to worry about your keys being stolen by anyone on any plan that you use.

Our API will be hosted over HTTPS with a certificate signed by a major brand, most likely GoDaddy, so you'll always be sure that your data is encrypted to us. Our open source SDK implements cURL and forces certificate verification for our server. If a MitM attack is present, your call will simply fail. You can be sure that you will always be speaking to our servers when making a call with our SDK.

What does the future hold for Bit API Hub?

Before we even open our doors, we'll host a Bug Stomp and bounty competition. The announcement thread will give the Bitcoin payout address along with a signed message from that address so that you can be sure that we really own it. Our contest will feature a hackathon, design competitions,and an Easter egg hunt with prizes ranging from 0.001 BTC up to 0.1 BTC. We'll look to you to verify that our services are secure and up to your standards. Any necessary corrections will be made, and once there aren't any more bug reports, we'll stop the event. Afetr the event, we'll wait one week for every hacker to realize that the event is over and we'll place a notice on all of our URLs stating as such. After the week, we'll open for business.

What makes you think that hackers won't continue after the Bug Stomp?

Within 15 minutes of coming online, any computer is subject to attack. Hackers don't always hack computers manually, they use bot-nets to do a lot of the work. Therefore, you can we sure that hacker will try to hack our systems non-stop. Bitcoin companies are some of the hottest targets right now, but mainly hackers are interested in one thing, money. As we don't store any cash on our servers in any form, they have much less incentive to hack our server, but they will certainly try to do so.

Request for Comment

Do you have any questions, comments, or concerns? Are you interested in a service of this caliber? Let me know what you think about the new company.

Your project can be very useful, but please note that, u r competing blockchain.info, who are almost synonymous to blockchain in the bitcoin world. Saying that, I would primarily request u to come up with 2 basic API...

1. Send API (required to send bitcoin from one address to other including the ability of send to many)

2. Receive API (required to generate an address to receive a payment and get notified by a callback)

Both are already offered by BlockChain.info, but they're going down every now and then and it seems they dont care !!!

[BitAPIHub]

Pretty nice project I would say, Like that

the Api will be available only on PHP ? no other languages ?

The API on our end will be developed in PHP. Our first SDK (used to connect to our servers) will be written in PHP and a bounty will be available to people who wish to translate it into other languages. The bounty won't be part of the Bug Stomp as we need to ensure that everything is secure, so if the SDK turns out to be flawed, we want to make sure that the translations won't have the same flaws.

Your project can be very useful, but please note that, u r competing blockchain.info, who are almost synonymous to blockchain in the bitcoin world. Saying that, I would primarily request u to come up with 2 basic API...

1. Send API (required to send bitcoin from one address to other including the ability of send to many)

2. Receive API (required to generate an address to receive a payment and get notified by a callback)

Both are already offered by BlockChain.info, but they're going down every now and then and it seems they dont care !!!

We won't compete with Blockchain.info, but we will integrate their API as one of the APIs that our customers have access to. We will also be integrating a lot of other online wallet services. Think of our API as more of a proxy where you talk through us, not to us.

[gweedo]

I created the first bitcoin api as a service or better known as a PaaS. It isn't easy, choose right now are you hungry or not.

First off be fast, this isn't easy I had to rip half of the guts out of the bitcoind. Second know your database, i would recommend building your own blockchain database, speed is key. Also you up again gem, and chain, they both have money and chain has a lot of it. Start thinking of ways to spilt you from that pack. I added proof of assets api which was one of my heavy used apis.

I also before shutdowning the service, was working on a multi-sig wallet api. I suggest you do the same from your send api, or add send raw transaction hex, that can't be changed once signed. Make yourself trustless.

ALSO NEVER NEVER NEVER EVER hold coins on behalf of someone, that end your business in a second.

Good luck if you want some more advice let me know I have a lot of it. Especially in this area.

[BitAPIHub]

I created the first bitcoin api as a service or better known as a PaaS. It isn't easy, choose right now are you hungry or not.

First off be fast, this isn't easy I had to rip half of the guts out of the bitcoind. Second know your database, i would recommend building your own blockchain database, speed is key. Also you up again gem, and chain, they both have money and chain has a lot of it. Start thinking of ways to spilt you from that pack. I added proof of assets api which was one of my heavy used apis.

I also before shutdowning the service, was working on a multi-sig wallet api. I suggest you do the same from your send api, or add send raw transaction hex, that can't be changed once signed. Make yourself trustless.

ALSO NEVER NEVER NEVER EVER hold coins on behalf of someone, that end your business in a second.

Good luck if you want some more advice let me know I have a lot of it. Especially in this area.

Thank you for the advice! I really appreciate it. We will never hold any money on our servers as there isn't a reason for us to and we'll never hold money anywhere for anyone. When people order from us, they will pay with places like BitPay or GoCoin. As we're a proxy, we will have third party APIs integrated into our API.

[gweedo]

I created the first bitcoin api as a service or better known as a PaaS. It isn't easy, choose right now are you hungry or not.

First off be fast, this isn't easy I had to rip half of the guts out of the bitcoind. Second know your database, i would recommend building your own blockchain database, speed is key. Also you up again gem, and chain, they both have money and chain has a lot of it. Start thinking of ways to spilt you from that pack. I added proof of assets api which was one of my heavy used apis.

I also before shutdowning the service, was working on a multi-sig wallet api. I suggest you do the same from your send api, or add send raw transaction hex, that can't be changed once signed. Make yourself trustless.

ALSO NEVER NEVER NEVER EVER hold coins on behalf of someone, that end your business in a second.

Good luck if you want some more advice let me know I have a lot of it. Especially in this area.

Thank you for the advice! I really appreciate it. We will never hold any money on our servers as there isn't a reason for us to and we'll never hold money anywhere for anyone. When people order from us, they will pay with places like BitPay or GoCoin. As we're a proxy, we will have third party APIs integrated into our API.

My next question is how do I know my connection from me to your api, and from your api to the end api is all safe?

[BitAPIHub]

My next question is how do I know my connection from me to your api, and from your api to the end api is all safe?

Your connection to our server is secured with HTTPS and our official SDK will not allow you to connect to us if the SSL cert fails it's verification. Doing things this way mitigates MitM attacks. Tier 1 and higher can opt to have their transmission data verified by attaching an OpenSSL signature which must be created with your private key which they generate. (The SDK can generate them and there's an example file that you can just run and have one instantly created.) The signature is checked with the public key that you upload to our server in your account area.

The connection from our server to the the remote server is secured with HTTPS when available, plus we use as much security as the remote server allows us to. (For instance, Blockchain.info has the option of requesting an API key to use for access to certain features. This helps to make sure that all of our calls can be traced back to our server.) In the event that someone misbehaves on our system and it could impact other users, all of our requests include our contact information in the user agent field for the request, as well as the ID of the user who called that remote server. (The ID is just a number from our database (Such as 48754) and it doesn't leak private information.)

Aside from any information that you deliberately tell our proxy to relay to the other server, we only give your account ID just like major companies do when they allow for mass mailings through email. (Mandrill does this for example. The ID is useless to anyone except for us. It's not used in identifying your account in any way except for our customer service can locate you with it.

[gweedo]

My next question is how do I know my connection from me to your api, and from your api to the end api is all safe?

Your connection to our server is secured with HTTPS and our official SDK will not allow you to connect to us if the SSL cert fails it's verification. Doing things this way mitigates MitM attacks. Tier 1 and higher can opt to have their transmission data verified by attaching an OpenSSL signature which must be created with your private key which they generate. (The SDK can generate them and there's an example file that you can just run and have one instantly created.) The signature is checked with the public key that you upload to our server in your account area.

The connection from our server to the the remote server is secured with HTTPS when available, plus we use as much security as the remote server allows us to. (For instance, Blockchain.info has the option of requesting an API key to use for access to certain features. This helps to make sure that all of our calls can be traced back to our server.) In the event that someone misbehaves on our system and it could impact other users, all of our requests include our contact information in the user agent field for the request, as well as the ID of the user who called that remote server. (The ID is just a number from our database (Such as 48754) and it doesn't leak private information.)

Aside from any information that you deliberately tell our proxy to relay to the other server, we only give your account ID just like major companies do when they allow for mass mailings through email. (Mandrill does this for example. The ID is useless to anyone except for us. It's not used in identifying your account in any way except for our customer service can locate you with it.

Ok good! Do you have a beta site that developers can check out or is there more to read about your service?

[BitAPIHub]

Ok good! Do you have a beta site that developers can check out or is there more to read about your service?

Right now the business is still being developed, but once it's live, it'll be at https://bitapihub.com. We're looking to have everything ready by next month some time and before we formally open for business, we'll host a bug stomp for people to test our security measures. The purpose of this thread is to see just how much of a market there is for this and to see if anyone can find any flaws in our plans before we develop it. It also serves to educate the community about our new start up and to see if there are any features that the community would like added that we haven't yet thought of.