Website integration for bitcoin

I've been working on a project inspired by a suggestion (and the offer of bounty ) over from another thread. I thought I should stop derailing that thread and start my own project thread.

Basically, the idea of the project is an easy way for websites to integrate bitcoin payment. How it works is the user runs a website on their local machine, which is only accessible to them, then when the shop wants a user to pay some money, they simply send them to this local site, which handles sending the money and then redirects back to the shop site to finish the transaction.

So at the moment, I have a test of this running on my PC, visiting this URL:

http://127.0.0.1:8080/BitcoinSalepoint/LandingPage?continue=http://www.google.co.uk&paymentname=testaddress&address=1DoMXge6kToHZN8m4B2my43anCPbD4rJgE&amount=0.25

will simply send 0.25BC to my laptop from my PC, and then redirect me to google.

My todo list:
-> Add some stylesheets for prettiness
-> Add a confirm/deny button
-> Add a way to communicate to the shop if the transaction succeeded or failed (mostly done)
-> Look into packaging the program up into a simple executable which you can run instead of bitcoin, and it will run in the background and kill itself when the bitcoin process dies.

Suggestions (and donations) very welcome

Good point! I hadn't thought about that as 8080 is just the default test port. I'll see about changing to port 18011 tomorrow

And alternatively, the JSON API itself can be password secured; would there be a man in the middle attack possible, though?

Lots of security issues to address, but great stuff. I can't wait to see this in action!

This is definately a temporary solution, ideally this functionality would be built into the client itself.

A temporary solution could be to use a password which the user has to enter, that way the website connects to the bitcoin client (via https), the user enters a password to prove their identity and onlythen everything will work. However, that requires https support from the client - either way the client needs some work to make anything like this properly secure.

Of course, for now, bitcoin probably isn't popular enough to be targeted by a trojan.

Security through obscurity?


3 things I can think of
- Allow sellers to specify the value of their goods and services easily.
-Have a message section for the buyers when making payment to allow for such things as contact details and postage etc...
- ping bitmarket for the latest exchange prices to allow automatic conversion between currencies.

you could still create a new address for any transaction,
if only one person knows that address, it's pretty obvious where bitcoins came from.

true that you can't get a list of all transactions from JSON yet, but from received credits by addresses, or labels,
no need to know about generated coins on a payment-system, or about sending, when your system is only supposed to accept payments.

Absolutely, I realised a while after posting that you can simply have a unique address per transaction.


It is, I hope that ultimately this is just a proof of concept, and once it's shown to work it can be integrated into the client (using the same port and URLs).

I've been trying to encourage someone to write and release some sample Python code showing the recommended way to do the typical accounting stuff, but to no avail.  It would be nice if you didn't have to re-invent the wheel like you're doing here.  Search on getnewaddress and you should find a thread where I gave a small fragment of sample pseudocode.