BTCPay - Max Fang's Notes

# BTCPay Server *BTCPay Server is an open-source, self-hosted payment processor for Bitcoin and other cryptocurrencies.* - [Website](https://btcpayserver.org/) - [Docs](https://docs.btcpayserver.org/Guide/) - [Blog](https://blog.btcpayserver.org/) - [Chat](https://chat.btcpayserver.org/) - [GitHub org](https://github.com/btcpayserver) - [Main repo](https://github.com/btcpayserver/btcpayserver) (C#) ## [Docs - Introduction](https://docs.btcpayserver.org/Guide/) ### Features - Direct, peer-to-peer Bitcoin payments - No transaction fees (other than the [network fee (opens new window)](https://en.bitcoin.it/wiki/Miner_fees)) - No processing fees - No middleman - No KYC - Non-custodial (complete control over the private key) - Enhanced privacy - Enhanced security - Self-hosted - SegWit support - Lightning Network support (LND, c-lightning, Eclair and Ptarmigan) - Tor support - Opt-in [altcoin](https://docs.btcpayserver.org/Development/Altcoins/) integrations - Full compatibility with BitPay API (easy migration) - Process payments for others - Easy-embeddable Payment buttons - Point of sale app - Crowdfunding app - Payment Requests - Internal, full-node reliant wallet with [hardware wallet integration](https://docs.btcpayserver.org/HardwareWalletIntegration/) - [Payjoin Support](https://docs.btcpayserver.org/Payjoin/) ## [Lightning Network and BTCPay](https://docs.btcpayserver.org/LightningNetwork/) Links: [[Lightning|Lightning Network]] After deploying BTCPay Server, you may want to experiment with an innovative second-layer payment system built on top of Bitcoin protocol - the [Lightning Network (opens new window)](https://en.bitcoin.it/wiki/Lightning_Network). This guide will show you how to **set up your Lightning Network node in BTCPay** and guide you through the basics. ## [Third-party hosting]() *BTCPay Server is free, open-source, self-hostable software. BTCPay Server is not a company. To use BTCPay Server, [deploy](https://docs.btcpayserver.org/Deployment/) your own instance, or use a [third-party host](https://docs.btcpayserver.org/Deployment/ThirdPartyHosting/).* A **third-party host** is an individual or a business which **self-hosts a BTCPay Server instance and enables other users to register and use the server**. On a self-hosted server, the owner can add an unlimited amount of users and stores and allow those users to manage their stores independently and receive payments to their own wallets. While this feature in BTCPay Server exists for complex multi-store business management, community enthusiasts use it to help other users (mostly beginners), sometimes skip an overwhelming step of **deploying a self-hosted BTCPay server**. Users who want to test or develop applications on top of BTCPay Server also use **instances hosted by third-parties**. Some hosts try to spread the adoption of cryptocurrencies by allowing their local merchants to receive payments for free or for a small sign-up fee. In layman words, think of this feature as a payment processor factory which allows anyone to deploy a server and help others receive payments which are validated via the server owners' [full Bitcoin node (opens new window)](https://en.bitcoin.it/wiki/Full_node). **Third-party hosts** play an important role in the ecosystem since they provide an easy and cost-effective **way for users to try and use BTCPay Server**. The role of honest hosts who provide free service to others is essential in the early phase of BTCPay Server adoption. However, users should be familiar with the pros, cons and potential risks involved when using a trusted third-party. Find the optimal balance between your use-case, cost, and privacy/security trade-offs. Some of the hosts are entirely free to use and maintain the server cost from donations of their users. If you've been using a reliable free host for a while, you should consider donating to them to support them. ### Advantages and disadvantages **Pros** - Easy and quicker setup - Cheaper and in most cases free (depending if the host is premium or free) - Receive payments directly to your wallet - Private key never required (if it is, it's a scam!) **Cons** - Security concerns - Privacy concerns - Limitation of features - No control over a server - Have to trust the owner of the server ### Security Concerns [Trusted third parties are security holes (opens new window)](https://nakamotoinstitute.org/trusted-third-parties/#selection-7.6-6.2). By relying on someone else to manage a server for you, you are potentially exposing yourself to a certain attack vector. The most significant attack vector when using a third-party host is the chance that this host will gain access to the management of your funds. This can occur in two ways. First, a host may allow you to create [hot wallets (opens new window)](https://en.bitcoin.it/wiki/Hot_wallet)on their server. This gives the host complete access to your funds. They will act as a custodian of your private keys and thus your funds. This means you must trust they will not spend your funds. This type of wallet is NOT recommended for use with third-party hosts. Secondly, a malicious and technically skilled host can create a forked version of BTCPay Server and modify it to be able to either spy on your transactions or replace your [extended public key (opens new window)](https://en.bitcoin.it/wiki/Deterministic_wallet_tools#Risks_of_Sharing_an_Extended_Public_Key_.28xpub.29)with their own. This means that future payments made to you may end up in this malicious party's wallet. While a wallet connected with an extended public key IS recommended for use with third-party hosts, It's impossible to know for certain, if the third party host is using a malicious fork. If you don't trust the third party host it is best to do the following: - Do not use hot wallet on the third party server, use an extended public key - Use it mainly for testing, learning and getting started with BTCPay - Do not use it with high volume payments or extremely valuable transactions In BTCPay Server, a private key is never _required_. This means that funds are safe even if the server is hacked, but a malicious host can intercept future payments and steal those funds. If you follow your transactions via a watch-only wallet, you should be able to detect such attack quickly and notice that your orders are being marked as paid, whereas you don't see the transactions in your wallet. ### Privacy Concerns BTCPay Server does not allow server hosts to view the stores of other users nor have access to any personal data (except for registration email address). The extended public key and even balances of other users can't be seen. However, as mentioned, a malicious third-party could modify that by creating a fork that can look like BTCPay Server on the front but be something completely different in reality. The biggest concern, which happens when using a third-party host (even if the owner of a self-hosted server is not malicious) comes from the nature of the Bitcoin itself. If a user is not running a full node but instead relies on someone else's node, his transactions can be listened to by the owner of that node. Running a full node is not just a convenience that gives you features and enables privacy, it gives you better security and the right to "vote" and validate all the transactions yourself. Don't trust, verify. ### What does the trusted third-party host know about their users? Third party hosts (non-malicious) can see the following: - Total number of users - The email and username of those users Note: If additional features are enabled such as non-admin lightning wallet, hot wallets or transmuter, the server admin can see additional information related to those features. **Since it's impossible to know if the third party host is using a malicious fork**, it's best to assume they may know all details about your BTCPay Server usage. If you are worried about the information a third party host knows about you, please consider [deploying your own](https://docs.btcpayserver.org/Deployment/) self-hosted server. ## [BTCPay Server Apps](https://docs.btcpayserver.org/Apps/) The primary purpose of BTCPay Server is to remove dependencies on trusted third-parties. The Apps are built in applications that obsolete central-authorities and allow users an easy way to extend the [use case](https://docs.btcpayserver.org/UseCase/) of the software. Users can self-host all sorts of customizable applications that work out of the box. To create an app, go to Apps > Create a new app. Apps are store-dependent, which means that each app needs to be connected to a store. ### Point of Sale App The **web-based PoS app** allows users with brick and mortar stores to readily **accept cryptocurrencies without fees or a third-party**, directly to their wallet. The **PoS** can be displayed easily on tablets or any other devices which support web browsing. Users can easily create a homescreen shortcut for a quick access to the web-app. ![[Pasted image 20220304014456.png]] Adding new products is easy. The app has a **shopping cart feature**, **tips**, **product inventory**, **custom payment options** and more. The **Point of sale app** can also be used to receive donations, tips or even as a small e-commerce shop, depending on the options or customizations applied. Curently, the **Point of Sale app** supports three different views: - A `Static` view representing only the items for sale. - A `Cart` view including items for sale and a cart for checkout. - A `Light` view consisting only of a keypad for easy and quick payments (Starting from [v1.0.5.6 (opens new window)](https://blog.btcpayserver.org/btcpay-server-1-0-5-6/#simplePOS)). To get your first **Point of Sale app** running, follow theses few simple steps: 1. Go to `Apps` and `Create a new app` 2. Add a `name` for your app 3. Choose `app type` > Point Of Sale 4. Select the `store` to associate with the app. 5. Customize your PoS by choosing a `view` (Static, Cart, Light), adding your own `items` with prices, photos, and a description. 6. Click `Save Settings`. 7. Click `View App` to view your PoS (Your customers can access the PoS through that link). You can change the appearance of your **Point of Sale app** by following the [theme customization guide](https://docs.btcpayserver.org/Development/Theme/). ## Crowdfunding App **Crowdfunding** is an application which you can launch from BTCPay Server interface that allows you to create a **self-hosted funding campaign**, similar to Kickstarter or Indiegogo. Unlike traditional **crowdfunding platforms**, the creator of the campaign is the owner of the platform. Funds go directly to the creator’s wallet **without any fees**. 1. Go to > Apps 2. Add a name of your app 3. Choose app type > Crowdfund 4. Select the store to associate with the app. 5. Customize your Crowdfund by adding your own perks with prices, photos, and description. 6. Check the box > Allow crowdfund to be publicly visible 7. Click "Save Settings". 8. Click "View App" to view your Crowdfund (Contributors can access the crowdfund through that link). ![[Screen Shot 2022-03-04 at 1.45.15 AM.png]] If you would like to provide digital or physical products to the backers of your **crowdfunding campaign**, you can [integrate WooCommerce store into it](https://docs.btcpayserver.org/FAQ/Apps/#how-to-integrate-woocommerce-store-into-a-btcpay-crowdfund-app). You can also set limits on contribution perks using the inventory feature. ### Payment Button Easily-embeddable HTML and highly-customizable **payment buttons** allow users to receive tips and donations. Online stores can also integrate payment buttons. When a site visitor clicks on the button, BTCPay displays the **invoice**. 1. Go to > Store > Settings > Pay Button 2. Allow anyone to create invoices 3. Customize your button 4. Copy the generated form and embed it on your website. ![[Screen Shot 2022-03-04 at 1.45.45 AM.png]]