I'm working on a platform which requires users to have access and control of bitcoins that they deposit. I figured it would be better to generate an address per user, rather than a whole wallet.
I need to create a transaction where I can specify the sending address as well as a receiving address. Is this even possible with Blocktrail? If so, how?
This is all being done in PHP.
Related
Explanation
I have an API running on Laravel 5.8 that uses Nexmo Verify API in order to send a code by SMS for two things :
(1) User account creation (check phone number before creating the
account)
(2) Forgotten password (check code sent before entering a new
password)
This PHP API is used by an iOS Application and an Android Application.
In the first case (1), I have to check that the phone number does not exist before sending a SMS.
In the second case (2), I have to check that the phone number exists before sending a SMS.
So, I may have two API routes :
One checks if a phone number already exists, so that the mobile applications can display the next page or display an error.
The other one simply sends a sms code to a phone number.
Problem
The problem is that we can have a route that looks like /api/phone/sendcode and anyone can call this route directly without using the mobile application if they find what the endpoint is (it's just an API after all). It can be easy to use this route to spam.
Or, they also could call a route api/phone/exists tons of time to try to get all existing users.
Question
How can I secure the endpoints in order to avoid people using them directly to SPAM or to check in a loop if an account exists ?
I already have a throttling system to block a specific IP address to request an endpoint more that X times in a minute, but I think this is not enough and can be bypassed (using a proxy or whatever).
Also, I prefer to avoid using Captcha.
I want to create a website which will automatically create an email address for my domain name whenever my visitor opts for my product. I had tried with manually but it is a TDS work so I want to automate the same.
for eg:
adam123 signs up to my member's site.
The website should run a script where the email address is created automatically.
Email to adam123#my-domain.com goes to johns email address: adam123#hotmail.com and mymail#my-domain.com
To create an email address and a forwarder you need to have access to the underplaying administrator API from your email environment. Depending on your hoster this might not be possible and there might be legal security reasons why this isn´t possible. Additional you might need a special API to control the unterlaying email environment and there is no general one. As you didn´t specify which email environment you are using its not really possible to provide you something.
So for example if your server is running Plesk you might wish to try to use the Plesk API and the manage email API from it.
I'm programming the back-end for an ecommerce solution, Bitcoind API gives me one way of sending money to a bitcoin address: sendfrom <fromaccount> <tobitcoinaddress> <amount>
If I understood well, this will transfer money from one account to an address, but I don't see any way of sending from address to address. I didn't implemented accounts on my backend system, and don't want to do it as it's an aditional layer of complexity that I don't want to deal with right now.
So, I supose this will grab money from whatever address/addresses asociated to the account and send them to the bitcoin address provided. Any way of doing what I want to do?
Check getaccount <bitcoinaddress>: "Returns the account associated with the given address." You give it a bitcoin address, receive the corresponding account, and can then use that account to sendfrom.
However, for security reasons, I advise against sending payments directly from PHP running on a web server. You may want to introduce at least one additional layer of validation before actual payment, and that layer is probably running on a separate machine. For example, have PHP write the payment orders to the database for another application elsewhere to poll and process. Both applications will have access to the database, but no direct link between them; and the PHP side will not (have to) be authorized to access the BTC wallet at all. Also consider using hot and cold wallets.
Twitter and Facebook invite new users to send an invitation to everyone in their Gmail, Hotmail, or Yahoo Mail accounts.
Is it easy to add this functionality to a website?
Thanks,
John
Last I checked you basically have to pretend to be a web browser then programatically log in to the site, scrape the contacts, then compose/send the message. It isn't difficult, but it is time consuming as each of these services works differently.
I does, however, look like people have written script for some of this though: example.
Yes!
What they generally do is to send in the email a special URL that contain a code, for example:
www.mysite.com?UserCode=ABC
That code (ABC) is associated to the email of the user so the application undestand which user is trying to subscribe. You must keep in a database the pair: email, code.
HTH
All of the above answers are correct, here is a summary and some more explanation:
You first need to get the user's login for each service you want to get contacts from (I personally don't understand why people would do that - I would never give my GMail password to Facebook, let along some little known web site).
Then you can simulate a login to the said website and grab their contact list as an export (all serious email services allow you to export the contact list as CSV or something). You can implement this yourself or use some external library such as contactgrabber mentioned by Haim.
You then go over their list of contacts and for each contact you generate a key (you want to generate a unique key for each email you send so you'd know who responded to you). Generating the keys is easy - take some info like the current user's email plus the target email address, add the current time and pass everything to a hashing function like SHA1 - should do the trick.
Now store in a database table for each contact you got: the inviting user's ID, the email address being invited and the key you generated.
Lastly send a nice email to each contact with a URL to your website's "invitation activation page" with the correct key applied - like so: http://www.somesite.com/invited?key=123456780abcdefgh
when that page is accessed, get the key from the URL and find it in the table - that would give you the email address that activated the invite and the user that invited them. From here you can take it to where ever you want.
I realize they have an API but some of
the questions I have wouldn't be
answered by it, and it would be great
to receive feedback from others who
have integrated it before.
I basically am working with a web site where visitors may choose to sell a used item to the site owner.
If the user decides to sell, he can enter in the specifications of the item and be given a quote. Then he'll proceed to enter in his address, which I assume I'll have to verify using the Fedex API before or during the part where it creates a shipping label.
So assuming the address is verified, it looks like the script in the API I have to interact with is /Ship/Ground/Domestic/ShipGroundDomestic.php5 ( since we will not integrate any other type of shipment type yet ).
Is this is the script that actually creates the shipment and charges the account setup, assuming all goes well it returns a xml response with the status?
Since it's SOAP based - I realize there are options for a pdf and png shipping label type, it looks like it generates the label but where is it actually stored, is it just temporary?
In the script it specifies options for a API Key, password, account #, and Meter # - so I would have to actually know the site owners credentials, since it charges for creating shipments/labels I can't use a normal account that doesn't have a CC setup, can I?
I can't actually test anything without contacting them and telling them to make my account go into test mode? Or is there an extra parameter for test mode?
I should store all shipments in a local database to pull them up, right? Or should I solely rely on Fedex for storing all the information? If I use a local database I can map shipments to users and use a Fedex provided script to look up the delivery status so I would think I have to do that.
If I were to have a feature that automatically emailed customers with status updates of a delivery, I would have to use some type of cron job to look and see if there were any updates made, I can't do this any other way?
If you are using the the Fedex Web Services API you get a test key by going to https://www.fedex.com/wpor/wpor/editConsult.do
(You may need to be already signed in).
The label it generates it just dumps into the current directory. That is obviously not acceptable for production code, since it does not even generate a unique file name, but the php file is example code. Modify the code they give to do whatever you want with the returned label.
You would want a local database.
Why would you want to send users updates? Is there any reason they cannot just use the tracking number and look it up themselves? I mean it would be possible to call the tracking API periodically and generate emails, but do users really want these emails?