Content Comparison

This option is currently available for BitBayCoin (BAY), Bitcoin Cash (BCH), Bitcoin (BTC), Dash (DASH), Ethereum (ETH), Litecoin (LTC), Monero (XMR), and Ripple (XRP). Coins implemented via extensions with support for IPaperWallet can be edited to support PDF wallets as well (undocumented).

Overview:

1. CAS version 20241001 (or newer) must be installed.

2. A one-time CAS setting must be deployed by the Administrator.

3. The feature is enabled for each BATM in Terminal details.

4. Your customers will have the option to complete a purchase using the PDF wallet.

5. The customer is then forced to scan and receive their coin to the new PDF wallet.

...

The CAS base configuration must be changed to offer PDF wallets. The webhook you create here will be sent to your customers and will (essentially) be exposed to the public. Choose carefully.

1. Determine the URL path. In this example we’ll use: https://yourcasdomain.com/pdf_wallet

   1. It must include the domain for your CAS (e.g. yourcasdomain.com).

   2. Any arbitrary path can be used, BUT

      1. it MUST be used consistently, and

      2. it cannot conflict with another path,

      3. e.g. https://yourcasdomain.com/terminals would conflict.

   3. The protocol must include (and support) HTTPS.

2. Create/edit the /batm/config/webhooks file and place the URL path as a setting:

...

Now that the configuration has been created, you must expose this URL to the world. Installation (or modification) of NGINX is described in this article: https://generalbytes.atlassian.net/wiki/x/AQBlrw

...

A working & tested NGINX server block:

server {
    listen       8701 ssl;
    server_name wallets;

    ssl_certificate /etc/letsencrypt/live/yourcasdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourcasdomain.com/privkey.pem;

    location / {
        proxy_pass https://10.3.2.1:7743/api/v1/crypto-wallets/;
        access_log /var/log/nginx/wallets_access.log;
        error_log /var/log/nginx/wallets_error.log;
    }
}

• Change the ssl_certificate settings to point to your actual certificate files.

• Save the server block in a file, e.g. /etc/nginx/conf.d/wallets.conf and restart NGINX.

• This server block will expose the PDF wallets at https://yourcasdomain.com:8701

• Open up port 8701 in your firewall, and direct your DNS record (for a subdomain) to that port.

Cloudflare

You can use Cloudflare Zero-Trust tunnels: https://generalbytes.atlassian.net/l/cp/VLSWb0XA

• Point the tunnel to HTTPS 127.0.0.1:8701 and make sure to use the NGINX config above (also).

  • Enable “No TLS Verify” in Additional application settings → TLS

• TURN OFF PROXY for the subdomain. This will expose your IP, but otherwise Cloudflare will sniff the wallet - and since it can only be read once - the wallet will be invalid and thereafter won’t be usable.

• The pdfWalletLinkUrl should match the new tunnel subdomain+domain.

• test URL example: https://wallets.yourcasdomain.com/test

• Yet another (undocumented) option: ngrok: https://ngrok.com/product/secure-tunnels

The URL path in any case must translate/point to: https://{master_bind_ip}:7743/api/v1/crypto-wallets

Testing

Append “/test” to the end of the exposed URL. Navigate to the URL using a web browser.

...

1. The customer initiates a BUY.

2. Customer selects the button “DON’T HAVE A WALLET?”, or

   1. if the Travel Rule is employed, the “CREATE NEW WALLET” option may be offered.

...

3. The Customer chooses “DOWNLOAD WALLET AS PDF”.

...

6. The Customer uses the Public Key in the PDF to receive their coin.

Example PDF:

...

...

NGINX Specific Details

Your settings should contain entries such as these.