How-To:Handle Deposits

From Nxt Wiki
Jump to: navigation, search
This page contains changes which are not marked for translation.

Developers have provided some insights into good methods for implementing features in your software. This tip was created by Come-from-Beyond.

For more information on the API calls referenced here, check our high-level API documentation.

One way to handle deposits

  1. Generate a string of 50+ chars. This is your master passphrase. It must be very strong. For this example, let's assume it's "secret".
  2. When a user wants to deposit coins, you generate a unique ID. You can use a userID if it's not necessary to create a new address for each deposit.
  3. Use "secret"+ID to generate a passphrase for the deposit account. For example: "secret8475347836".
  4. Use this API call to create an account number: http://localhost:7876/nxt?requestType=getAccountId&secretPhrase=secret8475347836. This call will return the corresponding account number.
  5. Check to see if the generated account number is a collision with an existing account by issuing this API call: http://localhost:7876/nxt?requestType=getAccountPublicKey&account=6975576163363041725.
    • If the account already exists but no outgoing transactions have been made, this query will return {}
    • If the account exists AND outgoing transactions have been made, the query will return the public key for the account, e.g. {"publicKey":"5aa041670bc0b45c283c988b7f2f17735209cbabde5d5ce8a849b0d63a3a4422"}
    • If the account does not yet exist, this call will return: {"errorCode":5,"errorDescription":"Unknown account"}
  6. If the previous step reveals that a public key already exists for the account number, an account collision has occurred, and you should generate a new "secret" and a new account number.
  7. Store the generated password and account number securely, and associate them with the site user's local userID. Depending on the type of service you are building, you may also need give the account number to user to allow them to deposit funds.
  8. Periodically check to see if the address has any incoming transactions: use http://localhost:7876/nxt?requestType=getBlockchainTransactions&account=6975576163363041725&executedOnly=true&timestamp=0
    • the timestamp parameter indicates "seconds since the genesis block", so a value of 0 will show you all transactions for the associated account.
    • the executedOnly parameter will exclude phased transactions that have not yet been executed.
  9. When you get enough confirmations (10 confirmations are recommended, but you can use whatever value lets you sleep at night), you can increase the user's balance in your software.

Some very important things

  • Blocks can become orphaned and transactions can be cancelled, so pay attention to the timestamp and deadline values of a transaction. Timestamp is measured in seconds since the genesis block (24th of Nov, 2013 12:00:00 UTC). The transaction deadline is measured in minutes.
  • A transaction expires when timestamp + deadline * 60 < current time. It can't be included into a block with a timestamp greater than timestamp (of the transaction) + deadline * 60. The current time can be obtained with http://localhost:7876/nxt?requestType=getTime
  • To make sure that you won't lose the transaction you should check that a user uses large deadline and doesn't try to cheat you by setting a timestamp too far in the past.
  • Until a transaction gets 720 confirmations you should check to be sure it's still confirmed. If not (due to blockchain reorg), rebroadcast the transaction it to the network using http://localhost:7876/nxt?requestType=broadcastTransaction&transactionBytes=f11234bd3a2fc19c2ba6b7c0d108deea9fcbafda5f544e4648c651ec4ed34ed2. Transaction bytes can be obtained via http://localhost:7876/nxt?requestType=getTransactionBytes&transaction=83492836836338756.
Retrieved from "https://nxtwiki.org/mediawiki/index.php?title=How-To:Handle_Deposits&oldid=52683"