How-To:Automate Nxt for your website

From Nxt Wiki
Jump to: navigation, search

For creating and testing your automated system you can take advantage of Testnet server*= before you publish it to public net server*=http://localhost:7874. To get testNxt simply post your testNet address on the main forum, developers who are constantly testing features will send you some.

1 a) Generate account and deposit funds

  1. Generate a string of 50+ chars, preferably without human intervention by using cryptographically secure generator. This is your master “Master secretPhrase”. It must be very strong and only YOU know what it is. Choose any letters, numbers, symbols, capital/lower case and make this password strong. When a user wants to deposit coins to your website, you have to generate Nxt account number for each user with a unique “User secretPhrase” for each user that can be used to obtain Nxt account number. Combine “Master secretPhrase” + “User secretPhrase”  and create Nxt account for that user. For example: you can use a userID/email/something unique for each user plus master secretphrase or use "Master secretPhrase"+ID to generate a passphrase for the deposit account. example "secret8475347836".
  2. Use this API call to create an account ID:
    server*/nxt?requestType=getAccountId&secretPhrase=secret8475347836 will return the corresponding account id. You should give this ID to the user.
  3. Store the generated password and account number securely, and associate them with the site user's local userID.
  4. Check to see if the generated account is a collision with an existing account by issuing this API call:
    server*/nxt?requestType=getAccountPublicKey&account=6975576163363041725 if account exist but no outgoing transactions or exist with outgoing/withdraw transactions, query returns {} or {"publicKey":"5aa041670bc0b45c283c988b7f2f17735209cbabde5d5ce8a849b0d63a3a4422"} If the account does not yet exist, this call should return error code 5, "unknown account", in a JSON object.
    {"errorCode":5,"errorDescription":"Unknown account"}
  5. Periodically check to see if the address has an incoming transactions: use
    server*/nxt?requestType=getAccountTransactionIds&account=6975576163363041725&timestamp=0 timestamp=0 - returns get all transactions
    {"transactionIds":["3988685842404561744","17488654975990478062"]} transactions are ordered as 1st one is the oldest/first transaction, last one is the latest.
  6. For each Transaction ID in the list, you can get transaction info:
  7. Periodically check account for transaction and when you get enough confirmations (at least 10) for that transaction, you can increase the user's balance in your software and note latest transaction. Next time when user deposit fund again you can easily find latest transaction by comparing with your note.

2 b) One way to handle withdrawals

  1. Use this :
  2. This request will return transaction ID and transaction bytes.
  3. Save both these values and periodically check that transaction is still in the blockchain.
  4. If it becomes unknown or unconfirmed, then rebroadcast it via broadcastTransaction (Transaction bytes can be obtained using getTransactionBytes
  5. Once the transaction reaches 720 confirmations, it's safe.
  6. If a claim is made that a transaction was not sent, do not use sendMoney again without making sure that the original transaction wasn't modified. This is a transaction malleability issue.

3 Some very important notes

Blocks can become orphaned and transactions can be cancelled, so pay attention to the timestamp and deadline values of a transaction. Timestamp is measured in seconds since the genesis block (24th of Nov, 2013 12:00:00 UTC). The transaction deadline is measured in minutes. A transaction expires when timestamp + deadline * 60 < current time. It can't be included into a block with a timestamp greater than timestamp (of the transaction) + deadline * 60. The current time can be obtained with


To make sure that you won't lose the transaction you should check that a user uses large deadline and doesn't try to cheat you by setting a timestamp too far in the past.

Also, until a transaction gets 720 confirmations you should check it's still confirmed. If not (due to blockchain reorg), rebroadcast the transaction as in section b.4.

Note, it is important to test your automation in public net, after you done testing it on testnet. More API documentation can be found at:

Check How to guides at:

merged by fmiboy, credits Come-from-Beyond, joefox