Introduction

Welcome to 1BitPay API, you can use our API to manage transactions, automate signatures, manage assets, etc., and more functions will come soon.

Quick Start

Step by step

Create an API Key, IP whitelist can be set as needed.
Learn about API Authentication and General Info.
Use Sandbox Environment for testing
Access the interface of Get Rate and Create Order,Response to Order Callback.
Download the PK Shard, Learn about the rules of the MPC Co-Singer Signature Algorithm.
Read the list to be signed regularly, 2 minutes/time is recommended, and sign in time according to the actual situation.
And regularly collect funds, it is recommended to 5 minutes / time
After the test is completed, contact us to release the live.
Demo

Create an API Key

Please log in to the merchant system, open "ApiKey" in the left navigation, click Add, and create an API Key. After the API Key is successfully created, you can use the API Key to access the 1BitPay API.

IP whitelist

If you set a whitelist when creating the API Key, when calling the 1BitPay API, only requests from the IP whitelist addresses you set are allowed.

API Authentication

Merge public parameters with business parameters, remove Sign parameters, and empty parameters.
After sorting the Keys of the parameter set according to ASCII, connect them with "=".
Splice the concatenated string with the merchant's API Secret parameter.
Make the generated string into 32-bit md5 (lowercase) to generate the parameter Sign.

Authentication example

For example business parameters:

{ "orderNo": "Or12898771811", "name":"John Li" }

Merge business parameters with public parameters and remove Sign to get the following results:

{ "orderNo": "Or12898771811", "name": "John Li", "TimeStamp": 1566781991111, "Nonce": "dnasja1N", "MerchantNo": "meraojiasdoa123", "Lang": "en", "SignType": "1", "ApiKey": "asdhuasdaosd" }

After the Keys of the parameters are sorted by ASCII, the result obtained by connecting them with "=" is as follows:

ApiKey=asdhuasdaosd&Lang=en&MerchantNo=meraojiasdoa123&name=John Li&Nonce=dnasja1N&orderNo=Or12898771811&SignType=1&TimeStamp=1566781991111

Assuming that API Secret=merasdasd, the result obtained in the previous step is stitched together with the API Secret to get the result as follows:

ApiKey=asdhuasdaosd&Lang=en&MerchantNo=meraojiasdoa123&name=John Li&Nonce=dnasja1N&orderNo=Or12898771811&SignType=1&TimeStamp=1566781991111merasdasd

Perform md5 on the result obtained in the previous step to get the Sign result as follows:

md5(ApiKey=asdhuasdaosd&Lang=en&MerchantNo=meraojiasdoa123&name=John Li&Nonce=dnasja1N&orderNo=Or12898771811&SignType=1&TimeStamp=1566781991111merasdasd)

Note that the last step is 32-bit lowercase md5

General Info

Base URL *

https://api.1bitpay.io

Public Parameters

The public request parameters are the request parameters that each interface needs to use. Each request needs to carry these parameters in order to initiate the request normally.The initial letters of the public request parameters are uppercase,In this way, it is distinguished from ordinary interface request parameters, and public parameters need to be placed in the Header.

Parameters	Type	Description
Nonce	Int	Random combination of 6 characters or numbers
TimeStamp	Int	13-digit millisecond-level timestamp
MerchantNo	String	Merchant ID
SignType	Int	The signature type to take. 1: MD5; 2: HASH; currently only supports MD5
Lang	Strng	language. en: English; zh: Chinese
Sign	String	Signature value, see signature rule description for specific rules
ApiKey	String	Merchant API Key

Public Response

The public response parameters are as follows, code is the status code, data is the business response parameter, and message is the response result

Parameters	Type	Description
code	Int	200 Success, See status description for details
message	String	Success
data	Object	The specific business will display different data structures, please refer to the specific business for details

Sandbox Url

https://sandbox.1bitpay.io

Demo

C2C

Get Rate

HTTP Request

POST /api/otc/rate

Request Method

Method: POST
Content-Type: application/json

Query Parameters

Parameters	Type	Required	Description
cryptoCurrency	String	Y	Transaction currency
legalCurrency	String	Y	Payment currency

Request example:

{
  "cryptoCurrency":"USDT",
  "legalCurrency":"CNY"
}

Response Parameters

The data parameter is as follows:

Parameters	Type	Description
buyRate	Decimal	The latest rate for buy orders
sellRate	Decimal	The latest rate for sell orders

The above command returns JSON structured like this:

{
  "code": 200,
  "message": "Success",
  "data": {
    "buyRate":"6.47",
    "sellRate":"6.9"
  }
}

Create Order

HTTP Request

POST /api/otc/create

Request Method

Method: POST
Content-Type: application/json

Query Parameters

Parameters	Type	Required	Description
userName	String	Y	User name
areaCode	String	Y	User phone area code
phone	String	Y	User phone number
syncUrl	String	N	Synchronous callback address
asyncUrl	String	N	Asynchronous callback address
cryptoAmount	Decimal	Y	Buy or sell quantity
cryptoCurrency	String	Y	Transaction currency
legalCurrency	String	Y	Payment currency
idCardType	Int	Y	Type of certificate. 1: ID card; 2: Passport
idCard	String	Y	ID number
kyc	Int	Y	KYC level, currently KYC level pass 2
merchantOrderNo	String	Y	Merchant order number
orderType	Int	Y	Order Type. 1: buy ; 2: sell
payWay	Int	Y	payment method. 1: bank card; 2: Alipay; 3: WeChat payment. User sell order currently only supports 1: bank card
bank	String	N	Account opening bank for user's receiving payment, required for selling orders
bankAccount	String	N	The user's receiving account, which is required for selling orders
bankBranch	String	N	Account opening sub-branch for user collection
h5	Bool	Y	Cash register display type. true: mobile ; false: PC

Request example:

{
  "userName":"Chen",
  "areaCode":"+86",
  "phone":"18848820305",
  "syncUrl":"https://example.com",
  "asyncUrl":"https://example.com",
  "cryptoAmount":"10",
  "cryptoCurrency":"USDT",
  "legalCurrency":"CNY",
  "idCardType":1,
  "idCard":"412627288918989891",
  "merchantNo":"mer1c92b0319ef5b794",
  "merchantOrderNo":"1231222112d8",
  "orderType":1,
  "payWay":"1",
  "bank":"建设银行",
  "bankAccount":"6217229282829299111",
  "bankBranch":"建设支行",
  "h5":false
}

Response Parameters

The data parameter is as follows:

Parameters	Type	Description
url	String	Cash register address
isNew	Bool	Is it a new order
orderNo	String	Order number

The above command returns JSON structured like this:

{
  "code": 200,
  "message": "Success",
  "data": {
      "url": "http://sanbox.1bitpay.io/1bitpay-open-api-h5/otc.html?t=02d457b0ced0576a69282054911585aa&o=335793449653514240&l=zh",
      "isNew": true,
      "orderNo": "335793449653514240"
  }
}

Order Callback

HTTP Request：

POST asyncUrl defined by the Create Order

Request Method

Method: POST
Content-Type: application/json

Query Parameters

Parameters	Type	Required	Description
status	Int	Y	Order status, -2: Matching failed; -1: Canceled; 9: Completed
dealAmount	Decimal	Y	buy or sell amount
merchantOrderNo	String	Y	Merchant order number
orderNo	String	Y	1BitPay order number
orderType	Int	Y	Order Type. 1: buy; 2: sell
signature	String	Y	Signature: See API Authentication for details

Request example:

{
  "status":1,
  "dealAmount":10.11,
  "orderNo":"1231222112d8123",
  "merchantOrderNo":"1231222112d8",
  "orderType":1,
  "signature":"12312asdjaisldajlsdkasasdajksdjkasjdkas"
}

Response Parameters

The data parameter is as follows:

Parameters	Type	Description
code	Int	200 Success, other codes are considered failure
message	String	Success

The above command returns JSON structured like this:

{
  "code": 200,
  "message": "Success"
}

MPC Co-Signer

Overview

The full name of MPC is Secure Multi-Party Computation. Through MPC, the private key is available and invisible throughout the entire life cycle from generation, use, and storage. 1BitPay uses MPC technology to transform the traditional single private key into distributed private key sharding, which can effectively avoid the single-point risk brought by a single private key, realize the joint management of funds by multiple people in the team, and support social recovery. For detailed private key management scheme, please refer to Private key management.

Download the PK Shard

According to 1BitPay Private key management, after the user creates a wallet, the private key is divided into three parts, and the fragment 1 is stored in the user Device, PK Shard 2 is backed up to iCloud or Google Drive, PK Shard 3 is saved in 1BitPay SGX trusted server, when you need to use the MPC Co-Signer function, you need to apply for downloading the private key PK Shard in the merchant background -> ApiKey module, After the APP confirms the approval, it is allowed to download the encrypted private key fragment 1 stored on the user device.

Signature Algorithm

The parameters involved in the signature are as follows:

Parameters	Type	Required	Description
id	Int	Y	Pending signature list id
from	String	N	Pending signature list fromAddress: Transfer-out address
to	String	N	Pending signature list toAddress: transfer address
value	String	N	Pending signature list amount: Transfer amount
chainId	String	N	Pending signature list chainId: chainId
status	String	Y	Sign status. 1: approved; 2: rejected

Signature steps:

Obtain the merchant MPC private key and download it from the merchant background
Encrypt the string of the parameter JSON structure with the MPC private key.
The signature parameter data generated in the previous step is passed to the apprvoe interface together with the business data for transaction signature

Signature example:

For example, the json structure of the data signObject whose id is 1 is as follows:

signObject:{ "id":1, "from":"TGGh3cGp9P21Ebvg9JitjHoeJaKqrg3bRg", "to":"TFMQrPdFWuPzFRXb42sxB22ABCVL6xSopV", "value":"4.1", "chainId":"56", "status":1 }

Convert the json structure in the previous step to json string to get signObjectString

signObjectString = toString(signObj)

At this time, use the private key file to encrypt the signObjectString string to obtain data

data = "HUSDISJDSNDJSJDKSDJSIDJISOADIASLJDALSIDJISALDHAUSIDHA\ASDUAKSD|ADSADAdasdYGYASDHASDJASID"

import base64
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.serialization import pkcs12
pfx_password = "1bitpay" + Merchant ID
srcSouse = "data to be encrypted"
with open("/1bitpay.pfx", "rb") as f:
  pfx, *_ = pkcs12.load_key_and_certificates(f.read(), pfx_password.encode())
cipher = Cipher(algorithms.TripleDES(pfx[:24]), modes.ECB()).encryptor()
bytes = cipher.update(srcSouse.encode()) + cipher.finalize()
data = base64.b64encode(pfx.sign(bytes, padding.PKCS1v15(), pfx.private_bytes(
    encoding=serialization.Encoding.DER,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption(),
))).decode()

import java.io.InputStream
import java.crypto.Cipher;
import java.security.KeyStore;
import java.security.PrivateKey;
import sun.misc.BASE64Encoder;

InputStream inputStream = new FileInputStream("/1bitpay.pfx"); // Convert private key file to file stream
KeyStore  store = KeyStore.getInstance("PKCS12", "BC"); // Define the key store
store.load(inputStream, pfxPassword.toCharArray()); // Load the private key, pfxPassword = "1bitpay" + merchant ID
PrivateKey privateKey = (PrivateKey) store.getKey("1BitPay", pfxPassword.toCharArray()) // Get the private key object
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); // Get the private key Cipher object
cipher.init(Cipher.ENCRYPT_MODE, privateKey);  // Initialize Cipher
byte[] bytes = cipher.doFinal(srcSouse.getBytes("UTF-8")); // start encryption
String data = encryptBASE64(bytes); // base64 encoding to get the signature string

Get list of pending signatures

HTTP Request

POST /api/transaction/pending

Request Method

Method: POST
Content-Type: application/json

Query Parameters

Parameters	Type	Required	Description
pageNum	Int	Y	Page number
pageSize	Int	Y	Page size

Request example:

{
  "pageNum":1,
  "pageSize":20
}

Response Parameters

The data structure is as follows:

Parameters	Type	Description
total	Int	The total amount
list	List	Pending signature list

The list structure is as follows:

Parameters	Type	Description
id	Int	ID
fromAddress	String	from Address
toAddress	String	to Address
amount	Decimal	Amount of the transaction
chainId	String	Chain Id

The above command returns JSON structured like this:

{
  "code": 200,
  "message": "Success",
  "data": {
     total:25,
     list:[
      {
        "id":1,
        "fromAddress":"TGGh3cGp9P21Ebvg9JitjHoeJaKqrg3bRg",
        "toAddress":"TFMQrPdFWuPzFRXb42sxB22ABCVL6xSopV",
        "amount":"4.1",
        "chainId":"56"
      }
     ]
  }
}

Sign

HTTP Request

POST /api/transaction/approve

Request Method

Method: POST
Content-Type: application/json

Query Parameters

Parameters	Type	Required	Description
id	Int	Y	Pending signature list id
from	String	N	Pending signature list fromAddress: Transfer-out address
to	String	N	Pending signature list toAddress: transfer address
value	String	N	Pending signature list amount: Transfer amount
chainId	String	N	Pending signature list chainId: chainId
status	String	Y	Sign status. 1: approved; 2: rejected
data	String	Y	Signature data, use private key shard for signing, refer to Signature Algorithm.

Request example:

{
  "id":1,
  "from":"TGGh3cGp9P21Ebvg9JitjHoeJaKqrg3bRg",
  "to":"TFMQrPdFWuPzFRXb42sxB22ABCVL6xSopV",
  "value":"67.2",
  "chainId":"20",
  "status":1,
  "data":"dahsudiasdoaasidoasdaosdasd9as8d9a0s8d90as8d9a0s8d09asduashdkasdjaksdajksdasjdhakjdha"
}

The above command returns JSON structured like this:

{
  "code": 200,
  "message": "Success"
}

Fund collection

HTTP Request

POST /api/transaction/assets/collect

Request Method

Method: POST
Content-Type: application/json

Query Parameters

Parameters	Type	Required	Description
isMain	Int	Y	Whether the collection is the main chain currency. 1: yes; 0: no
data	String	Y	Signature data, use private key shard for signing, refer to Signature Algorithm. The encrypted parameters here are:{"isMain":1}

Request example:

{
  "isMain":1,
  "data":"HDOASJDISADLASDSAODASIDJAISLDJIASDU|ASDUADSASDIASDASDASDASLDASDJASDADOAAS"
}

The above command returns JSON structured like this:

{
  "code": 200,
  "message": "Success"
}

MPC WaaS

MPC WaaS, coming soon！

Errors

The 1BitPay API uses the following error codes:

Error Code	Meaning
400	Bad Request -- Your request is invalid.
401	Unauthorized -- Your API key is wrong.
403	Forbidden -- The kitten requested is hidden for administrators only.
404	Not Found -- The specified kitten could not be found.
405	Method Not Allowed -- You tried to access a kitten with an invalid method.
406	Not Acceptable -- You requested a format that isn't json.
410	Gone -- The kitten requested has been removed from our servers.
418	I'm a teapot.
429	Too Many Requests -- You're requesting too many kittens! Slow down!
500	Internal Server Error -- We had a problem with our server. Try again later.
503	Service Unavailable -- We're temporarily offline for maintenance. Please try again later.
50000	Real name is not allowed to be empty!
50001	The API capability ID cannot be empty!
50002	Cell phone area code is not allowed to be empty!
50003	Mobile phone number is not allowed to be empty!
50004	Synchronous callback address is not allowed to be empty!
50005	Asynchronous callback address is not allowed to be empty!
50006	Both digital currency amount and fiat currency amount are not allowed to be empty!
50007	Digital currency type is not allowed to be empty!
50008	Fiat currency is not allowed to be empty!
50009	Certificate is not allowed to be empty!
50010	The document type is not allowed to be empty!
50011	KYC level is not allowed to be empty!
50012	Merchant ID is not allowed to be empty!
50013	Signature type is not allowed to be empty!
50014	Signature is not allowed to be empty!
50015	Merchant order number is not allowed to be empty!
50016	The order type cannot be empty
50017	apiKey is not allowed to be empty
150017	Incorrect order type
150018	The certificate type is incorrect
150019	Incorrect encryption rules
150020	The API capability ID does not exist
150021	The merchant has not activated this API capability, please contact customer service!
150022	The phone number is incorrect
150023	Incorrect KYC level
150024	Merchant API_KEY information does not exist
150025	Incorrect request signature
150026	Digital currency does not exist
150027	Digital currency has been banned from buying and selling coins
150028	Digital currency has been banned from buying coins
150029	Digital currency has been banned from selling coins
150030	Signature exception
150031	Trading currency pair does not exist
150031	The transaction volume is higher than the maximum transaction volume limit
150032	The transaction volume is lower than the minimum transaction volume limit
150033	Payment in fiat is disabled
150034	Payment fiat does not exist
150035	The customer has been disabled and cannot OTC
150036	The client has been blacklisted and cannot be OTC
50037	Cashier has expired
50038	Order creation failed, please contact the platform for processing
50039	Customer information does not exist
50040	Order fetching exception, please try again later
50041	The order status is incorrect, please contact the platform for processing
50042	The apiKey is incorrect