Following requirements are needed to integrate PAY WITH PAXFUL button into your website
API requirements for Pay with Paxful
API-key and API-secret can be created under your Paxful account settings. Treat your API-secret as passwords, don’t store it in plain. For example keep it encrypted in your database.
After you have generated your API-key and API-secret pair you have to sign up as merchant here.
You have to pass POST or GET request with following parameters
merchant (type: char, length: 11): client designated merchant ID (unique)
apikey (type: char, length: 32): client designated API-key (unique)
apiseal (type: char, length: 40): signature (digest) of the request params passed through a HMAC-SHA256 construct
nonce (type: char): a random integer that must be incremented in every request (common practice to use Unix time)
to (type: char): your website’s bitcoin address where user has to send payment
track_id (type: char): your unique transaction tracking code. This is passed back with a callback if transactions are successful and you can release purchased items.
amount (type: number): bitcoin amount how much user has to pay
saveaddress (type: number): optionally add saveaddress=1. This means if a user who is paying 1 bitcoin, but has balance only 0.3 bitcoins, it won’t redirect him to buying bitcoin widget, but it will actually tell him to send his whole balance of 0.3 bitcoins. This is really useful for sportsbetting and account refilling websites, where the exact amount is not necessary and any amount to send can work.
API seal creation
The process of calculating the required apiseal parameter involves using a HMAC-SHA256 construct. The result is a digest, which in turn serves as a MAC for server-side validation in regards to data integrity and authenticity. You would need to concatenate all request parameters (i.e., apikey, nonce, to, amount) that are passed to the server when making a request, except for the apiseal parameter itself. The provided API-secret is used as the corresponding secret cryptographic key. Example
Passing this string with secret to your HMAC function will return API-seal that you pass to the PAY WITH PAXFUL URL.
echo -n "merchant=jozDqmvd7mW&apikey=6bSxoS3gd2vdO458EU0UZANWyiMmKnyo&nonce=1386178459&to=1CkSCqyWGtVjok5A5xeGKKyMvpeZMnfEbq&amount=0.5" | openssl dgst -sha256 -hmac 98276117589486d823930f29dd0b8f3e
If query string is correct the Paxful wallet page send out dialog will open for user with your specified bitcoin address and amount pre-filled and user has to make just 1 click –CONFIRM SEND
While you are developing the button, in case of incorrect parameters or incorrect HMAC calculation clicking the link will open Paxful wallet page with detailed error message(s).
Pay with Paxful solution can be configured to provide callbacks to an outside address on a successful transaction.
Configuration can be set up on your Merchant dashboard, under “Advanced: Open Customization Callbacks Panel“.