Requests to the BitPay REST API follow a RESTful convention using standard HTTP verbs against various BitPay resources to return JSON formatted responses. Once again the mechanics of this exchange may be simplified through the use of one of the BitPay libraries.
Each request should include in the HTTP headers:
Content-Type: application/jsonX-Accept-Version: 2.0.0
Depending on the facade used, API requests may need to be signed and include the following headers:
X-Identity: the hexadecimal public key generated from the client private key. Required depending on the type of API token being used.X-Signature: header which is cryptographically computed as described below. Required depending on the type of API token being used.
To make an API request send an HTTP request with a HTTP method to a resource URI and include in the body JSON parameters of the following (plus any additional parameters needed):
token(obtained during client registration process above)guid(an optional parameter to enforce idempotence for POST requests)
For more information about specific resource URIs and parameters, please visit the Resource section.
Signing your request
Depending on the facade used, API requests may need to be signed The X-Signature HTTP header is the ECDSA signature of the full request URL concatenated with the request body, signed with your private key. So if you are sending a request to:
https://bitpay.com/invoices
And your request body is:
{"price":500,"currency":"USD","token":"MqA2wX15qHCbG7FBtJZRAxQunrRjAvGBRVJedsiTnZY"}
The string you will sign is:
https://bitpay.com/invoices{"price":500,"currency":"USD","token":"MqA2wX15qHCbG7FBtJZRAxQunrRjAvGBRVJedsiTnZY"}
The result should be included as the value of the X-Signature request header.
Cross-Origin Resource Sharing
The BitPay REST API supports CORS, so that you may send requests directly from the client, however remember to never expose your private key. If your key becomes compromised, you will want to disable your old Client ID and register a new one.