Crypto.bg API (beta)

General principles

Public and private endpoints

The API provides one public endpoint, returning the exchange rates for https://crypto.bg. All other endpoints are private and require authentication. The common pattern of authentication is sending an API key as a header along with the request. Some endpoints require additional submission of hashed checksum, as described below.

Example:

# sending Authentication header from command line curl:
curl -X POST http://my.url.com  -H 'Authorization: Token token="my-api-token-here"'

Note: the header syntax: the header name is Authorization; the header value is Token followed by a variable assignment token="..."

Basic URL, methods

• The basic URL for all calls in this version of the API is https://crypto.bg/api/v1/ followed by the endpoint name and any optional params
• The API follows the restful convention, meaning you use GET requests for obtaining data, POST requests for creating records, PUT requests for updating records, etc.

Getting an API key

• To get your API key you must be an approved merchant/exchange client, affiliated with crypto.bg. To have your merchant client account created, please send an email to info@crypto.bg. As part of your account, you will receive 2 keys: your api key and your data key. Keep those safe and private, you'll need both to use the full API functionality.

Getting exchange rates

Public crypto.bg rates

• These are the current generic exchange rates for crypto.bg. They are not client specific.
• This endpoint is public and requires no authentication
• These rates can be obtained by sending a GET request with no additional parameters to https://crypto.bg/api/v1/public_rates

Example:

# Example request:
curl https://crypto.bg/api/v1/public_rates

# Example response
{
    "rates": {
        "bitcoin": {
            "bid": "571.328897",
            "ask": "2008.701740"
        },
        "litecoin": {
            "bid": "5.905970",
            "ask": "6.277923"
        }
    }
}

Private Client rates

• These are the client specific / customisable rates
• This endpoint is private and requires API key authentication
• These rates can be obtained with an authenticated GET request to https://crypto.bg/api/v1/rates

Example:

# Request
 curl https://crypto.bg/api/v1/rates -H 'Authorization: Token token="my-api-token"'

# Response
{
    "rates": {
        "bitcoin": {
            "bid": "503.808209",
            "ask": "2008.701740"
        },
        "litecoin": {
            "bid": "5.728791",
            "ask": "6.277923"
        }
    }
}

Getting client information

• The current client information can be fetched by sending an authorised GET request to https://crypto.bg/api/v1/client

Example:

# Request
 curl https://crypto.bg/api/v1/client -H 'Authorization: Token token="my-api-token"'

# Response
{
    "client": {
        "id": 3,
        "name": "test",
        "url": "http: //ima.net",
        "euro_rate": "1.95",
        "bitcoin_buy_margin": "3.0",
        "bitcoin_sell_margin": "3.0",
        "litecoin_buy_margin": "3.0",
        "litecoin_sell_margin": "3.0",
        "dogecoin_buy_margin": "3.0",
        "dogecoin_sell_margin": "3.0",
        "description": null,
        "created_at": "2014-09-30T21: 15: 55.542Z",
        "updated_at": "2014-09-30T21: 15: 55.542Z",
        "hedge_buy": false,
        "hedge_sell": false,
        "client_type": "merchant"
    }
}

Creating orders

• Orders are created by sending an authenticated POST request to https://crypto.bg/api/v1/order
• This request contains the following elements: a JSON set of the new order parameters parameters (see below), an api key, sent as a header, a control checksum (see below), an optional set of additional arbitrary merchant attributes, to be stored and accessed alongside the order (such as invoice number, customer name, etc, etc).
• Since the data is posted as a JSON an additional Content-Type / JSON header is recommended: -H "Content-Type: application/json"

Posted data structure

The posted JSON object has the following structure: order as a root element, then the data subset containing the order parameters, then the checksum entry and finally the optional merchant_attributes subset.

Example JSON data:

{
    "order": {
        "data": {
            "buy_sell": "buy",
            "blockchain": "bitcoin",
            "sum_levs": "30",
            "payment_method": "epay",
            "email": "ima@nema.net",
            "user_address": "1HRFjhvtpxftxzj6BycEBRFfpWvW1WH777"
        },
        "checksum": "182b9b0320b0e1912d06a88620002e37720e7637",
        "merchant_attributes": {
            "atr1": "val1",
            "attr2": "vall2"
        }
    }
}

Parameters

• buy_sell - Order type; possible values: buy or sell
• blockchain - Crypto currency; possible values: bitcoin or litecoin
• sum_coins - Exchange amount in coins. Use dot as decimal separator i.e. "0.25". Max precision is 4.
• sum_levs - Exchange amount in levs. Use dot as decimal separator, i.e. "45.50". Max precision is 2.
• email - User email. Mandatory field.
• payment_method - Desired method for making the payment when buying coins or receiving the payout when selling coins. Possible values when buying: easypay, atm. Possible values when selling: easypay, epay.
• ep_receiver_names - 3 names as per ID of the recipient when requesting Easypay payout (see below)
• ep_egn - EGN / UCN of the recipient when requesting Easypay payout (see below)
• epay_account - Epay account number (KIN) of the recipient when requesting Epay payout
• user_address - Recipients crypto address (when buying coins)

Mandatory parameters

• buy_sell, blockchain, payment_method, email are always mandatory
• sum_coins and sum_levs are mutually exclusive (you can't specify both in the same request), but having one of them in the request is mandatory
• ep_receiver_names and ep_egn are mandatory with order type "sell" and payment method "easypay"
• epay_account is mandatory with order type "sell" and payment method "epay"
• user_address is mandatory with order type "buy"

Checksum generation

To generate the control checksum, follow the steps:

1. Construct a string consisting of the following parameters, separated by semicolon (no spaces): api_key, email, buy_sell, sum_coins or sum_levs (depending on the order type)
2. Execute a HMAC sha1 hashing of this string, encoded with your data key
3. The resulting hash is your control checksum string that you should include in your request

Example string

# Raw string
string = "37891471897dycuhf818f4831:my@email.com:buy:0.18"

# Encoding the string in Ruby:
client_data_key = "4r98cu1f891u4958u"
checksum = OpenSSL::HMAC.hexdigest('sha1', client_data_key, string) #=> "20263128e7931d55d05eb74c25a5fbe35513e0d3"

Constructing the request:

With all elements combined, an order creation request will look similar to this:

curl -X POST https://crypto.bg/api/v1/order
  -H 'Authorization: Token token="my-api-token-here"'
  -d '{"order":{"data": {"buy_sell": "buy", "blockchain": "bitcoin",
  "sum_levs": "30", "payment_method": "epay", "email": "ima@nema.net",
  "user_address": "1HRFjhvtpxftxzj6BycEBRFfpWvW1WH777"}, "checksum":
  "182b9b0320b0e1912d06a88620002e37720e7637", "merchant_attributes":
  {"atr1": "val1", "attr2": "vall2"}}}' -H "Content-Type: application/json"

Simple Merchant Integration Use Case

A typical implementation of our API is for merchants, who want to receive bitcoin payments from their customers. The flow in this case goes like this:textile the customer makes bitcoin payment to us, based on an order the merchant has created programmatically in our system through the API, we process the received bitcoin payment on behalf of the merchant and pay the merchant the due amount depending on the contract arrangements.

The steps to follow in this case are as follows:

• The merchant contacts us to discuss the contractual details and to receive their API and DATA keys
• The merchant sends a simplified sell order request via the API as described above. For this case however not all the details are required: for example we don't request the blockchain or payment_method fields. A request such as this will suffice:

Example:

{
    "order": {
        "data": {
            "buy_sell": "sell",
            "sum_levs": "10",
            "email": "ima@nema.net"
        },
        "checksum": "843dfc50445a98c217358de60b7b2dd2f254bfc5",
        "merchant_attributes": {
          "attr1": "val1",
          "attr2": "val2"
        }
    }
}

• After the order creation the merchant receives the new order details, including the precise calculated bitcoin amount based upon the exchange rate at the time of the order creation and a bitcoin address provided by us, to which the bitcoins should be sent by the customer
• The merchant can display this information to the customer in any convenient way, i.e. by generating a QR code, etc. This part of the implementation is up to the merchant
• All newly created orders are good for 10 minutes: if no bitcoin payment is received within 10 minutes of the order creation, any subsequent bitcoin transfer to the address specified will still be asociated with the order, but will be treated as "late payment", triggering either a recalculation of the amount, based on the current exchange rate or a refund of the coins transferred. The exact scenario is arranged in advance between us and the merchant, with the refund being the more logical/frequent option.
• The customer sends the bitcoin amount to the specified bitcoin address: this triggers the processing of the order on our end and its status changes from "new" to "pending". This can be treated as an indication to the merchant that the order and payment is good as far as the merchant is concerned and the merchant can proceed with finalizing the order on their end. Technically on our end we don't consider the order completed until at least 1 blockchain confirmation of the bitcoin transaction is received which can take a while, that's why initially the order status changes to "pending" and only later on to "completed". For all intents and purposes of the merchant though, the payment can be treated as completed/successful as soon as the status changes from "new" to "pending": this means we have received the coins
• The merchant can poll at their own conveneince for the order status changes as described in the generic documentation below.
• The merchant attributes section of the JSON request is a completely optional array of key-value pairs, where the merchant can write and submit (for their own reference) some extra information about the order on their own end, i.e. the id of the order in the merchant's system or a description such as "a pizza and an icecream". Whatever: the point being that we return the merchant attributes in the response after the order creation and thereafter on all polling requests, so this extra information might be something the merchant can make use of.

Returned JSON order object

Upon a successful order creation, a JSON object of the newly created order is returned. Otherwise a JSON error message is returned. The returned attributes are as follows:

Always returned

• id - the public ID of the order, to be used for reference, and for obtaining the order details
• status - public status, possible values: new, pending, finalized, refunded
• buy_sell
• blockchain
• sum_coins
• sum_levs
• user_address
• transaction_id - the block chain txid of the incoming transaction (when selling coins, or of the outgoing transaction when buying coins)
• payment_method

Returned when type is "buy"

• merchant - merchant code, to be used for atm/easypay payments
• epay_code - spay code, to be used for atm/easypay payments

Returned when type is "sell"

• merchant_address - the crypto address to be used for sending coins when selling

Еxample response when creating a sell order

# Response
{
    "order": {
        "id": "1b4256",
        "status": "new",
        "buy_sell": "sell",
        "blockchain": "bitcoin",
        "sum_coins": "0.1019",
        "sum_levs": "55.0",
        "user_address": "",
        "transaction_id": "",
        "payment_method": "epay",
        "merchant_address": "1LCA7GmhdELhrLXRGTM3PhQGbDa8m2erk7"
    },
    "merchant_attributes": {
      "attr1": "val1",
      "attr2": "val2"
    }
}

Getting order details

• The details for an individual order can be queried by sending an authenticated GET request to the following endpoint: https://crypto.bg/api/v1/order/id where id is the public id of the order.
• The returned params match the ones returned after an order creation

Example

# Request
curl https://crypto.bg/api/v1/order/1b4859 -H 'Authorization: Token token="my-api-token"'

# Response
{
    "order": {
        "id": "1b4256",
        "status": "finalized",
        "buy_sell": "buy",
        "blockchain": "bitcoin",
        "sum_coins": "0.1019",
        "sum_levs": "55.0",
        "user_address": "1LCA7GmhdELhrLXRGTM3PhQGbDa8m2erk7",
        "transaction_id": "7dba6943461a9ac557bc73a0214817caf2170edf7ec3ed97d7ad86ea74c448cb",
        "payment_method": "atm",
        "merchant": "60000",
        "epay_code": "8285829282"
    },
    "merchant_attributes": {
      "attr1": "val1",
      "attr2": "val2"
    }
}

Orders scoped per client

• This endpoint retrieves a listing of the latest 200 orders with status different from "new", scoped per client. These are orders that have had some lifecycle acitivty since their creation: they are either finalized, or are being processed / handled. New orders with no follow-up payments or any other further development are not included in this list.
• The listing can be queried by sending an authenticated GET request to the following endpoint: https://crypto.bg/api/v1/client/orders
• The client is deduced from the submitted API key
• A json orders hash is returned, with params correpsonding to the ones returned when pulling an individual order

Example

# Request
curl https://crypto.bg/api/v1/client/orders -H 'Authorization: Token token="my-api-key"'

# Response
{
    "orders": {
        "order": {...}

    }
}

Creating customer numbers

• Customer numbers are used to generate BTC deposits (buy/purchase orders) vie CashTerminal or Easypay
• Customer numbers are created by sending an authenticated POST request to https://crypto.bg/api/v1/create_customer_number
• This request contains the following elements: a JSON set of the following customer data: email, bitcoin address (see below for details and examples).
• Since the data is posted as a JSON an additional Content-Type / JSON header is recommended: -H "Content-Type: application/json"

Posted data structure

The posted JSON object has the following structure: customer_data as a root element, then the mandatory fields of the email and bitcoin_address values and an optional field foreign_key to enable associating our number record with a customer record in the remote application

Example JSON data:

{
    "customer_data": {
        "email": "your_email@here.com",
        "bitcoin_address": "your_btc_address_here",
        "foreign_key": "some_foreign_id"
    }
}

Parameters

• email - Mandatory field. Valid email address to be associated with the customer number
• bitcoin_address - Mandatory field. Valid bitcoin address to receive the coin payouts from the deposits
• foreign_key - Optional field. ID or key (string) to associate with the record

Constructing the request:

With all elements combined, an customer number generation request will look similar to this:

curl -X POST https://crypto.bg/api/v1/create_customer_number
  -H 'Authorization: Token token="my-api-token-here"'
  -d '{"customer_data": {"email": "my@email.com",
    "bitcoin_address": "1CUyH1sdrM1xeL18YSNpsVGheJFsSJghn2",
    "foreign_key": "some_foreign_id"}}'
  -H "Content-Type: application/json"

A successful request will result in a repsonse containing the generated customer number and the associated email and bitcoin_address fields:

{"customer_number": {"value": "123456789", "bitcoin_address": "1CUyH1sdrM1xeL18YSNpsVGheJFsSJghn2", "email": "i_have@email.com", "foreign_key": "your-foreign-key"}}

Whenever JSON or data errors are detected in the request, an error response will be returned, such as:

{"error": {"message": "Invalid request"}}
{"error": {"message": "Invalid crypto address"}}
{"error": {"message": "Invalid email"}}

Creating customer bitcoin addresses

• Customer bitcoin addresses are permanent system addresses, associated with a particular customer and payout method. They are used to generate BTC sell orders without the need to go through the interface flow for each new order. Possible payout methos are epay and easypay
• Customer bitcoin addresses are created by sending an authenticated POST request to https://crypto.bg/api/v1/create_customer_bitcoin_address
• This request contains the following elements: a JSON set of the following customer data: email, payout method, payout-specific details (name, egn, kin) (see below for details and examples).
• Since the data is posted as a JSON an additional Content-Type / JSON header is recommended: -H "Content-Type: application/json"

Posted data structure

The posted JSON object has the following structure: customer_data as a root element, then the mandatory fields of the email and payout_method values and an optional field foreign_key to enable associating our address record with a customer record in the remote application. Each payout method has specific required fields:

• epay_kin is required when using the epay payout method
• name and egn are required when using the easypay payout method

Example JSON data:

{
    "customer_data": {
        "email": "your_email@here.com",
        "payout_method": "epay",
        "epay_kin": "123456789",
        "foreign_key": "some_foreign_id"
    }
}

{
    "customer_data": {
        "email": "your_email@here.com",
        "payout_method": "easypay",
        "name": "My Name",
        "egn": "7001052312",
        "foreign_key": "some_optional_foreign_id"
    }
}

Parameters

• email - Mandatory field. Valid email address to be associated with the bitcoin address
• payout_method - Mandatory field. Valid payout method: possible vlaues are epay or easypay
• epay_kin - Mandatory field for the epay payout method. This is the epay customer identifier
• name - Mandatory field for the easypay payout method. Name, patronym and surname are required, as spelled in the ID card
• egn - Mandatory field for the easypay payout method. As displayed on the ID card
• foreign_key - Optional field. ID or key (string) to associate with the record

Constructing the request:

With all elements combined, an customer number generation request will look similar to this:

curl -X POST https://crypto.bg/api/v1/create_customer_bitcoin_address
  -H 'Authorization: Token token="my-api-token-here"'
  -d '{"customer_data": {"email": "ima@nema.net", "payout_method": "easypay",
        "egn": "7506079999", "name": "My name", "foreign_key": "test key",
        "epay_kin": "123456789"}}'
  -H "Content-Type: application/json"

A successful request will result in a repsonse containing the generated customer number and the associated email and bitcoin_address fields:

{"customer_bitcoin_address": {"bitcoin_address": "mgSYHJHqtmPtAhYuJWy5hEFSfzo467o5fT", "payout_method": "easypay", "name": "My name", "email": "ima@nema.net","egn": "7506079999","epay_kin": "123456789", "foreign_key": "test key"}}

Whenever JSON or data errors are detected in the request, an error response will be returned, such as:

{"error": {"message": "Invalid request"}}
{"error": {"message": "Invalid payout method: possible values are: epay, easypay"}}
{"error": {"message": "Epay KIN is required for epay payouts"}}
{"error": {"message": "Name and EGN are required for easypay payouts"}}