1 BTC = 1203.51 EUR
1 BTC = 1203.51 EUR

Cashila API

Create something amazing.

Usage

Two types of methods exist:
  • public
  • private, used to perform actions on behalf of user, must include these headers:
    API-User: user token
    API-Nonce: always increasing integer
    API-Sign: Message signature
Message signature should be computed as:
signature = hmac-sha512(http_method + path + sha256(nonce + payload), secret)
Where:
  • http_method (GET,POST,...), uppercased
  • path must include everything after api version (including preceding /), eg. everthing in bold https://www.cashila.com/api/v1/billpay
  • nonce must be always increasing integer
  • payload is complete request body, if there is one
  • base64 decoded user secret, returned along with token after authentication

PUT /api/v1/recipients HTTP/1.1
Host: www.cashila.com
Content-Type: application/json;
Content-Length: 192;
API-User: bab911ab-3437-44c2-825f-08270d1fbe6e
API-Nonce: 1436347260769
API-Sign: up6dAEUGsxCxroyqKBxb6sLF5VqCJ+WdcSY9qamxLF4cOBwhomdGuACC/T7dRXSjkMpcUqKAdmhrtrP6cJ8ODQ==

{
  "name": "Brúcë Waynê",
  "address": "1007 Mòúntain Drive",
  "postal_code": "123",
  "city": "Gothåm",
  "country_code": "AT",
  "iban": "AT963804180946872058",
  "bic": "AAAABB00"
}
Notes:
  • For example above, token secret is lcV2NDbp5iHHllioXEWCyX3oKIXLne5ohIo7CokfIXI2wPKwpUxI9YshAZnWN7B5EMoa3hM/8EZwii30gG+Mzw==
  • When calculating sign, decimal representation of nonce should be taken, e.g. for 1436347260769 '1436347260769' should be used
  • JSON payload should be UTF-8 encoded

If you wish to develop on our platform, drop us a line and we will provide you with client id.

Sandbox

We provide you with testing environment, where you can safely develop and test your applications. Here TESTNET coins are used instead of real MAINNET bitcoins. To use it, direct your api calls to:
https://sandbox.cashila.com

Authentication

Is done in two steps using BitID protocol:
  1. Pairing user’s bitcoin address with cashila user
    User logs in Cashila and scan BitID qr code. Client makes POST request on specified url as defined by protocol. This step is needed only first time, after that Cashila user and wallet are paired.
  2. Requesting auth token and secret
    First app requests signing uri from API by calling method bitid/request-token, sign it with wallet private key (same as at step 1) and makes POST request on specified url which returns user token and user secret key.

Notes:
  • Only one user can be paired with one wallet (btc address).

Create account

Is done in two (three is BitID is needed) steps.
  1. Requesting access token by making request on request-signup. Method returns access token needed to create new account
  2. (optional) Request BitID url by making request on bitid/request-signup. Method returns BitID url
  3. Make PUT request on account, signed with access token received by first method with account details (email, verification). If BitID pairing is needed then BitID signature should also be included.

Web-hooks

Webhooks allow your client to receive information about certain events. You can define url, which will be notified by calling account/web-hook.
Events
verification_approved called, when verification was approved
verification_rejected called, when verification was rejected
payment_received called, when bitcoins for payment were received (0th confirmation) payload contains payment id
payment_confirmed called, when payment was confirmed (3rd confirmation) payload contains payment id
{
  'token'=>'az12...',
  'event'=>'verification_approved
}