0

is it possible to add arguments such as BTC amount to a bip 70 URI, something like:

bitcoin:?r=http://127.0.0.1:8000/paymentobject/?amount=10

I already tried with the backwards compatible URI:

bitcoin:?amount=10&r=http://127.0.0.1:8000/paymentobject/

But the client doesnt seem to register anything other than the 'r=' param.

Any help greatly appreciated :)

EDIT: Added function from django views.py for extra explenation-

def protoresponse(request):
    xpo = payments_pb2.ParseFromString(request)

    returnaddress = xpo.Payment.refund_to
    transactions = xpo.transactions
    memo = xpo.Payment.memo

    xpa = payments_pb2.PaymentACK
    xpa.payment = xpo.SerializeToString()
    xpa.memo = u'success, i think'
    return HttpResponse(xpa.SerializeToString(), content_type="application/octet-stream")

Note, the function is defined as protoresponse because we have optional string payment_url = 6; in the payments.proto file.

Nick ODell
  • 29,184
  • 11
  • 69
  • 129
derrend
  • 696
  • 5
  • 16

2 Answers2

1

The purpose of the BIP70 is to provide a secondary URL, which, when visited by your client wallet, will provide all the details to make the transaction, and a whole lot more. It was designed to be linked to POS systems which would generate the information and produce a unique URL.

In the standard Bitcoin URI scheme, it is possible to pass the amount, but you also need to pass the pay-to address.

T9b
  • 1,334
  • 1
  • 11
  • 16
  • Thanks or the response. My problem is that I would like to be able to pass the payment amount via the bip 70 URI so that I can just have a fixed URI that supplies a standard bip template rather than having to create a new one for each customer with a different amount in it. I understand this is achievable by keeping the amount at 0 which will then prompt the customer to enter amount but this isn't functional in the current bitcoin client due to a bug so i was looking for a way around it. – derrend Jun 09 '14 at 01:58
  • You might find it useful to visit this page https://bitcoincore.org/~gavin/createpaymentrequest.php useful, to help you understand how to construct the full URI. I created one for you bitcoin:mfxg9RL47G3rManb7UcYHr95EJ1CtG3SKH?r=https%3A%2F%2Fbitcoincore.org%2F%7Egavin%2Ff.php%3Fh%3D60b13b2fe3c6fad30a7216aacd6e06cc&amount=10 – T9b Jun 09 '14 at 21:54
  • Thank you. But the problem still persists I'm afraid because the user still has to declare the amount in advance where as I am trying to do it dynamically. The 'amount' at the end of the URI you generated for instance is irrelevant because even if I change it to something other than 10 I am still prompted to pay 10 because it's set in stone on the server side. I'm looking for a dynamic work around since it isn't possible to set the amount to zero and prompt the user because there is a bug in the bitcoin-qt 0.9 client that prevents this. I need a way to pass the value on the fly somehow :) – derrend Jun 09 '14 at 23:47
  • Can you give a practical example of what you are trying to do - a use case. I still don't understand what you are trying to achieve. Your original example would not work because it does not contain the pay-to address. So a bit more information would be useful. – T9b Jun 10 '14 at 19:20
  • I have tried it with a pay to address such as `bitcoin:adDr3s5?amount=10&r=http://uri.com` but reading the documentation it states that when a bip 70 compatible wallet sees the `r=` param then it doen't see anything else, no address, no amount. Use case - a customer clicks a button that generates a btc address and a corresponding qrcode, it also generates a link to fetch a payment request object but when the link is clicked how will it know what btc address to attach to the payment request if I can't pass the information over the URI? – derrend Jun 10 '14 at 21:28
  • Firstly customers do not ever generate anything on behalf of the merchant. I think this is where you are going wrong. Try re-thinking your use case and work it from the merchant's point of view. That's what BIP70 was intended to do. For the rest, I have no idea why a customer would determine where to send the funds, because these must be linked to another party's private key. – T9b Jun 10 '14 at 21:38
  • Thanks for the speedy response :) it's hard to explain but when you want to send crypto to an exchange you first must click a button and generate an address, this is what I am doing only i want to give customers the option to either scan a qr code or click a bip 70 link but these two methods will result in two different addresses since I can only figure out how to generate an address and perform operations on it `after` the URI is clicked. I'm trying to make my django instance available for live viewing so I could show you but my router's having none of it :( – derrend Jun 10 '14 at 22:12
  • "but these two methods will result in two different addresses" - no they should not! A QR Code is a URL. That same address can be used in either a standard Bitcoin URL or a BIP70 one. – T9b Jun 10 '14 at 22:27
  • also the address you generate on an exchange is not YOUR address, because the exchange holds the private keys. – T9b Jun 10 '14 at 22:30
  • lol, yes but how? if this is my bip 70 URI `bitcoin:?r=http://127.0.0.1:8000/paymentobject/` then where does the address go? It doesn't seem to work if I put it before the `?`, I will post a copy of the view in the original question in case that helps at all :) – derrend Jun 10 '14 at 22:33
  • 1
    @derrend: With BIP 70 the payment address doesn't go in the URL at all. It's sent as part of the response when the user requests the URL, so your script `paymentobject` needs to generate it. The whole point of BIP 70 is that all sensitive information, including the address, is only sent over HTTPS (so your URL needs to be https, not http, and you need an SSL-enabled webserver running on localhost). That way an man-in-the-middle attacker cannot, for example, alter the payment address so the payment goes to the attacker instead. – Nate Eldredge Jun 11 '14 at 00:56
  • @Nate: Thank you for the input, I'm beginning to understand it now :) If you copy and paste your comment as the answer I'll mark it as solved. – derrend Jun 11 '14 at 01:54
0

Quoted from 'Nate Eldredge' in the comments above:

The whole point of BIP 70 is that all sensitive information, including the address, is only sent over HTTPS (so your URL needs to be https, not http, and you need an SSL-enabled webserver running on localhost). That way an man-in-the-middle attacker cannot, for example, alter the payment address so the payment goes to the attacker instead.

derrend
  • 696
  • 5
  • 16