/
PDF Wallet Generation

PDF Wallet Generation

Owned by Charles Wernicke
Last updated: Mar 21, 2025
5 min read

This option is currently available for BitBayCoin (BAY), Bitcoin Cash (BCH), Bitcoin (BTC), Dash (DASH), Ethereum (ETH), Litecoin (LTC), Monero (XMR), and Ripple (XRP). Coins implemented via extensions with support for IPaperWallet can be edited to support PDF wallets as well (undocumented).

PDF Wallets are required to comply with the Travel Rule when printed wallets cannot be deployed at the BATM. See: Travel Rule

  • If you have a BATMTwo with no printer, then

  • you must enable PDF wallets to comply with the Travel Rule.

PDF Wallets can only be viewed ONCE.

After a wallet is viewed once, further viewing attempts will fail, reporting “Invalid key”!

  • Some customer QR scanning methods may read the URL and accidentally invalidate it.

  • Apps that “preview” the URL, or fetch the website icon - will inadvertently invalidate the link.

  • Examine the NGINX access log when faced with this issue. The log will reveal which app is previewing the link - and you can then intelligently inform your customer.

Overview:

  1. CAS version 20241001 (or newer) must be installed.

  2. A one-time CAS setting must be deployed by the Administrator.

  3. The feature is enabled for each BATM in Terminal details.

  4. Your customers will have the option to complete a purchase using the PDF wallet.

  5. The customer is then forced to scan and receive their coin to the new PDF wallet.

1. Configure NGINX

You must expose a URL to your customers. This section gives an example to try. Detailed installation (or modification) of NGINX is described in this article: https://generalbytes.atlassian.net/wiki/x/AQBlrw

This is an NGINX server block. It will expose your PDF wallets at https://yourcasdomain.com:8701/pdf-wallet

server { listen 8701 ssl; server_name wallet; access_log /var/log/nginx/wallets_access.log; error_log /var/log/nginx/wallets_error.log; ssl_certificate /etc/letsencrypt/live/yourcasdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourcasdomain.com/privkey.pem; location /pdf-wallet { proxy_pass https://10.3.2.1:7743/api/v1/crypto-wallets; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

  • Change the ssl_certificate settings to point to your actual live certificate files.

  • Access attempts (using this block) are saved at: /var/log/nginx/wallets_access.log

  • Port 8701 is demonstrated, and must be exposed, see: Configuring Server Firewalls

    • You may use any other legal, unique, unused port number if 8701 is a problem.

  • The location pdf-wallet is used in this example. Any simple location name can be used, but it must not conflict with another path, for example https://yourcasdomain.com/terminals would conflict.

  • Save the server block in a file, e.g. /etc/nginx/conf.d/8701-wallets.conf and restart NGINX.

Cloudflare adjustments

This API supports Cloudflare Zero-Trust tunnels: https://generalbytes.atlassian.net/l/cp/VLSWb0XA

  • Point the tunnel to HTTPS 127.0.0.1:8701 and use the same NGINX config shown above.

    • Enable “No TLS Verify” in Additional application settings → TLS

  • Set the pdfWalletLinkUrl (below) to match the tunnel subdomain, e.g. https://wallet.yourcasdomain.com

  • Yet another (undocumented) option? ngrok: https://ngrok.com/product/secure-tunnels

2. Configure CAS

Create/edit webhooks

The CAS base configuration must be changed to offer PDF wallets. The webhook you create here will be sent to your customers and will (essentially) be exposed to the public. Choose carefully.

  1. Assign the URL. In the previous step we configured: https://yourcasdomain.com:8701/pdf-wallet

    1. https:// (SSL/TLS) must be supported by the server.

    2. yourcasdomain.com is the domain of the server demonstrated in this article.

    3. 8701is the arbitrary port we exposed using the NGINX reverse proxy (see above: Step 1).

    4. pdf-wallet is the arbitrary path we exposed using the NGINX reverse proxy (see above: Step 1).

  2. Create/edit the /batm/config/webhooks file and place the URL in the setting:

sudo nano /batm/config/webhooks

  • Add the setting pdfWalletLinkUrl=https://yourcasdomain.com:8701/pdf-wallet

image-20250320-152545.png

  • Press CTRL-X to save the file and exit (choose “y”, and leave the filename unchanged).

  • The setting will automatically be updated within CAS in approximately 30 seconds.

  • PDF Wallets are now available for Terminals that allow PDF Wallets (see: Step 4 below ).

3. Testing

Append “/test” to the end of the exposed URL. Navigate to the URL using a web browser.

  • example: https://yourcasdomain.com:8701/pdf-wallet/test

    • If tunneling, use the subdomain and no port, e.g. https://wallets.yourcasdomain.com/pdf-wallet/test

  • Navigating to that URL should result in a simple web page stating “Invalid key”.

image-20250320-155619.png

4. Enable the Feature per Terminal

Navigate to your Terminal Settings (or Terminal Template) and enable the option in Printing Settings.

image-20241112-184933.png

Adjust the PDF text (optional)

Adjust the content & layout of the PDF document with this Custom String.

Navigate to the appropriate Crypto Setting - CUSTOM STRINGS:

image-20241115-162209.png

Example BUY

  1. The customer initiates a BUY.

  2. Customer selects the button “DON’T HAVE A WALLET?”, or

    1. if the Travel Rule is employed, the “CREATE NEW WALLET” option may be offered.

Screenshot_20241112_125125.png

  1. The Customer chooses “DOWNLOAD WALLET AS PDF”.

image-20241112-185541.png

  1. The Customer downloads the PDF file from the link provided.

  1. The Customer confirms that they have downloaded the PDF (by pressing the button).

    1. The link may only be used ONCE!

    2. After the link has been used, the message “Invalid key” will be displayed thereafter.

6. The Customer uses the Public Key in the PDF to receive their coin.

Example PDF:

image-20241112-121117.png

 

Related content

Copyright © 2020-2024 General Bytes USA LLC