Clone wiki

Infinity-Economics / Handle Deposits

XIN Exchange Handle deposits
Infinity Foundation July, 2017, v1

Content:

1. Handle deposits and create new user accounts in 7 simple steps using the XIN API.

Ports:
Mainnet: 23457
Testnet: 9876

Node:
Testnet: 185.35.138.140
Production: localhost (your local node)

1. Generate a string of 50+ chars. This is your master passphrase. It must be very strong. For this example, let’s assume it’s “secret”.
2. When a user wants to deposit token, you generate a unique ID. You can use a userID returned by your database for instance or any other unique identifier.

3. Use “secret”+userID to generate a passphrase for the deposit account. For example: “secret1234567890”.

4. Use this API call to create an account number: http://185.35.138.140:9876/api?requestType=getAccountId&secretPhrase=secret1234567890. This call will return the account number/details.

{
“accountRS”: “XIN-SNR5-7KB3-M3HU-B6C3Y”,
“publicKey”: “a5ef64367c284087fc3209b7932201e30d5d36e03b2a9b2c94d87a9aa86f7368”,
“requestProcessingTime”: 1,
“account”: “11458639784060932835” }

5. Check to see if the generated account number is a collision with an existing account by issuing this call: http://185.35.138.140:9876/api?requestType=getAccountPublicKey&account=XIN-SNR5-7KB3-M3HU-B6C3Y.

5.1 If the account does not exist yet, this call will return: {} This means the account has no outbound transaction and the publicKey isn’t known by the chain.

5.2 If the account exists AND outbound transactions have been made, the query will return the public key for the account like: {“publicKey”:“a5ef64367c284087fc3209b7932201e30d5d36e03b2a9b2c94d87a9aa86f7368”}

5.3 While the call 'getAccountPublicKey’ is checking for a known publicKey it is recommended to make a second call to be sure this account hasn’t either an inbound transaction: http://185.35.138.140:9876/api?requestType=getAccount&account=XIN-SNR5-7KB3-M3HU-B6C3Y

This returns: { “errorDescription”: “Unknown account”, “accountRS”: “XIN-SNR5-7KB3-M3HU-B6C3Y”, “errorCode”: 5, “account”: “11458639784060932835” } “Unknown account” shows that this account hasn’t had any inbound transactions too. In this case the account is fully validated and ready to used as a clean, new deposit account. Or you will get a response with a balance. In this case the account is a used account and has had at least one inbound transaction. { “forgedBalanceTQT”: “0”, “balanceTQT”: “100000000”, “accountRS”: “XIN-SNR5-7KB3-M3HU-B6C3Y”, “unconfirmedBalanceTQT”: “100000000”, “requestProcessingTime”: 0, “account”: “11458639784060932835” }

6. If the previous step reveals that a public key already exists or a balance is shown for the account number, an account collision has occurred, and you should generate a new “secret” and a new account number.

7. Store the generated password and account number securely into your database and hash/salt it. Associate the new account with the site user’s local userID. Depending on the type of service you are building, you may also need to give the account number to the user to allow them to deposit funds.

Notes:

Periodically check the account for any or new incoming transactions:

http://185.35.138.140:9876/api?requestType=getBlockchainTransactions&account=XIN-SNR5-7KB3-M3HU-B6C3Y&executedOnly=true×tamp=0

The timestamp parameter indicates “seconds since the genesis block”, so a value of 0 will show you
all transactions for the associated account. The executedOnly parameter will exclude phased
transactions that have not yet been executed. When you get enough confirmations, you can increase
the user’s balance in your software. 10 confirmations are recommended, but you can use whatever
value you prefer.

Blocks can become orphaned and transactions can be cancelled, so pay attention to the timestamp
and deadline values of a transaction. Timestamp is measured in seconds since the genesis block
(10th of Jan, 2017 12:00:00 UTC). The transaction deadline is measured in minutes.

A transaction expires when timestamp + deadline * 60 greater current time. It can’t be included into a
block with a timestamp greater than timestamp (of the transaction) + deadline * 60. The current
time can be obtained with:
http://185.35.138.140:9876/api?requestType=getTime

To make sure that you won’t lose the transaction you should check that a user uses a large deadline
and doesn’t try to cheat you by setting a timestamp too far in the past. Until a transaction gets
720 confirmations you should check to be sure it’s still confirmed. If not (due to blockchain reorg),
rebroadcast the transaction to the network using:

http://185.35.138.140:9876/api?requestType=broadcastTransaction&transactionBytes=ba6b7c0d1…;

Transaction bytes can be obtained by this call, taking the transaction ID:

http://185.35.138.140:9876/api?requestType=getTransactionBytes&transaction=6435479644061479565.

Example return:

{
“unsignedTransactionBytes”: “00107b37eb003c00a0f71792358ca7043e86dcb8d7c904749e8b5a6c788c41
be19e105a92e73af42e3521c522c44059f00e1f5050000000000e1f5050000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000009d2a0200a99263917d97f135”,
“requestProcessingTime”: 1,
“confirmations”: 5,
“transactionBytes”: “00107b37eb003c00a0f71792358ca7043e86dcb8d7c904749e8b5a6c788c41b
e19e105a92e73af42e3521c522c44059f00e1f5050000000000e1f50500000000000000000000000000000
0000000000000000000000000000000000000000000949f453a49d93471c9dcdba8b55e64bcbfe9a437958
8360953cac010d2ca400eddc276a75e9c30dd95b76996d392c6fd0808602ca872228b026093e2b59186510
00000009d2a0200a99263917d97f135
}

Updated