DEV Community: Blockonomics The latest articles on DEV Community by Blockonomics (@blockonomics). https://dev.to/blockonomics https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3941646%2F625858ee-0043-41fb-8cd3-4e2e3d8529f0.png DEV Community: Blockonomics https://dev.to/blockonomics en Accept Bitcoin payments in Node.js with Blockonomics: a complete non-custodial guide Blockonomics Wed, 27 May 2026 04:19:44 +0000 https://dev.to/blockonomics/accept-bitcoin-payments-in-nodejs-with-blockonomics-a-complete-non-custodial-guide-5f9m https://dev.to/blockonomics/accept-bitcoin-payments-in-nodejs-with-blockonomics-a-complete-non-custodial-guide-5f9m <p>In this tutorial you'll build a working Bitcoin checkout in Node.js using the Blockonomics API. Customers pay you in BTC, the payment lands directly in your wallet (Blockonomics never holds the funds), and your server gets notified via a webhook. No KYC, no custodian, no fiat conversion middleman. If you've tried adding crypto payments to a Node app before, you've probably hit the same wall I did: every "Bitcoin payment gateway" turns out to be a custodian. They hold the coins, they hand you fiat, and the moment something goes wrong with their bank rails, your customers get stuck mid-checkout.</p> <p>This guide takes the other path. We're going to wire up a payment flow where:</p> <ul> <li>The customer's BTC goes <strong>straight to your wallet</strong> — Blockonomics generates fresh receive addresses derived from an extended public key (xpub) you control.</li> <li>Your server is <strong>notified by webhook</strong> the moment a payment hits the mempool, and again on confirmation.</li> <li>There's <strong>no KYC</strong>, no custody, no chargebacks.</li> </ul> <p>We’ll cover three key components: <code>POST /api/new_address</code>, <code>GET /api/price</code>, and the callback notification system. We’ll wrap up by building a complete checkout example running directly on mainnet.</p> <p>The full tutorial is roughly 25 minutes of reading and 45 minutes of coding. Let's go.</p> <h2> What you'll build </h2> <p>A minimal Express server with three responsibilities:</p> <ol> <li> <strong><code>POST /checkout</code></strong> — accepts an order (e.g. one t-shirt for £30 GBP), asks Blockonomics for a fresh BTC address, converts £30 to BTC at the current rate, stores the order, and returns a payment page URL.</li> <li> <strong><code>GET /pay/:orderId</code></strong> — a simple HTML page showing the BTC address, the exact amount due in BTC, a QR code, and a live payment status that updates as the transaction confirms.</li> <li> <strong><code>GET /webhook/blockonomics</code></strong> — receives callbacks from Blockonomics as the payment progresses through status=0 (unconfirmed), status=1 (partial), status=2 (confirmed).</li> </ol> <p>We'll persist everything in SQLite so a callback arriving 20 minutes later can be matched back to the right order.</p> <h3> Prerequisites </h3> <p>Before writing any code, you need three things:</p> <h4> <strong>1. A Bitcoin wallet that gives you an extended public key (xpub)</strong> </h4> <p>Blockonomics is non-custodial, which means it derives receive addresses from your wallet's xpub — your private keys never leave your wallet. Nearly every modern Bitcoin wallet provides this xpub:</p> <ul> <li> <strong>Electrum</strong>: Wallet → Information → Master Public Key</li> <li> <strong>BlueWallet</strong>: Wallet → Settings → Show wallet xpub</li> <li> <strong>Sparrow / Ledger / Trezor</strong>: each has a similarly named export option</li> </ul> <p>Copy that string (it starts with xpub, ypub, or zpub depending on the address format) — you'll paste it into the Blockonomics dashboard, not into your code.</p> <p><strong>Never paste your seed phrase or private key anywhere.</strong> Only the xpub. The xpub allows us to safely generate new receiving addresses for your customers, but it has zero spending power.</p> <h4> 2. A Blockonomics account and an API key </h4> <p>Sign up at <a href="https://www.blockonomics.co/" rel="noopener noreferrer">blockonomics.co</a>, then:</p> <ol> <li>Go to Dashboard → <a href="https://www.blockonomics.co/dashboard#/store" rel="noopener noreferrer">Stores</a> </li> <li>Your API key is shown directly in the Stores section. Copy it.</li> <li>In the same Stores section, attach your wallet by pasting in your xpub.</li> <li>Set your <strong>HTTP Callback URL</strong> to where your server's webhook lives. For local development you'll want something like <a href="https://abc123.ngrok.io/webhook/blockonomics?secret=YOUR_SECRET" rel="noopener noreferrer">https://abc123.ngrok.io/webhook/blockonomics?secret=YOUR_SECRET</a> — more on the secret in the webhook section.</li> </ol> <p>📍 <strong>Where exactly is the API key?</strong> Dashboard → Stores. This is the current location as of November 2025. If a tutorial or LLM tells you to look under "Wallet Watcher" or "Merchants → API", that's outdated. The Stores section is the canonical place — and it's also where you rotate the key with the 🔄 button.</p> <h4> <strong>3. Node.js 18+ and the project skeleton</strong> </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>blockonomics-checkout <span class="o">&amp;&amp;</span> <span class="nb">cd </span>blockonomics-checkout npm init <span class="nt">-y</span> npm <span class="nb">install </span>express axios better-sqlite3 qrcode dotenv npm <span class="nb">install</span> <span class="nt">--save-dev</span> nodemon </code></pre> </div> <p>Create a .env file in the project root:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env</span> <span class="nv">BLOCKONOMICS_API_KEY</span><span class="o">=</span>your_api_key_from_the_blockonomics_dashboard <span class="nv">CALLBACK_SECRET</span><span class="o">=</span>any_long_random_string_you_make_up <span class="nv">PORT</span><span class="o">=</span>3000 <span class="nv">PUBLIC_URL</span><span class="o">=</span>http://localhost:3000 </code></pre> </div> <p>The <code>CALLBACK_SECRET</code> is a value you invent and include in your webhook URL — Blockonomics will echo it back to you on every callback, so you can verify the request actually came from them and not a random scanner hitting your endpoint.</p> <h2> Step 1: Generate a payment address </h2> <p>This is the single most important call in the entire integration. When a customer starts checkout, you ask Blockonomics for a fresh receive address derived from your xpub.</p> <p>The endpoint is:</p> <p><code>POST https://www.blockonomics.co/api/new_address</code></p> <p>Authorization: Bearer YOUR_API_KEY</p> <p>Query parameters:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><strong>Param</strong></th> <th><strong>Required</strong></th> <th><strong>Notes</strong></th> </tr> </thead> <tbody> <tr> <td>match_callback</td> <td>yes</td> <td>A string Blockonomics will use to match against your configured callback URL. Partial matches work — you don't need to paste the full URL.</td> </tr> <tr> <td>crypto</td> <td>no</td> <td> <code>BTC</code> (default) or <code>USDT</code>.</td> </tr> <tr> <td>reset</td> <td>no</td> <td> <code>0</code> (default) generates a new address on each call; <code>1</code> reuses the last one. Must be the integer 0 or 1, <strong>not</strong> true/false.</td> </tr> </tbody> </table></div> <p>Here's the wrapper, in src/blockonomics.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="c1">// src/blockonomics.js</span> <span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">axios</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">BASE</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://www.blockonomics.co/api</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">apiKey</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">BLOCKONOMICS_API_KEY</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">baseURL</span><span class="p">:</span> <span class="nx">BASE</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">});</span> <span class="cm">/** * Generate a fresh BTC receive address. * * @param {string} matchCallback - substring of your callback URL used to identify the store * @returns {Promise&lt;{address: string}&gt;} */</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">newAddress</span><span class="p">(</span><span class="nx">matchCallback</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/new_address</span><span class="dl">"</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">match_callback</span><span class="p">:</span> <span class="nx">matchCallback</span><span class="p">,</span> <span class="na">crypto</span><span class="p">:</span> <span class="dl">"</span><span class="s2">BTC</span><span class="dl">"</span><span class="p">,</span> <span class="na">reset</span><span class="p">:</span> <span class="mi">0</span> <span class="p">},</span> <span class="p">});</span> <span class="c1">// Successful response shape: { address: "bc1q...", reset: 0 }</span> <span class="k">return</span> <span class="p">{</span> <span class="na">address</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">address</span> <span class="p">};</span> <span class="p">}</span> <span class="cm">/** * Get current price of 1 BTC in a given fiat currency. * * @param {string} currency - "GBP", "USD", "EUR", etc. * @returns {Promise&lt;number&gt;} - price of 1 BTC in that currency */</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">btcPrice</span><span class="p">(</span><span class="nx">currency</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">GBP</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/price</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">params</span><span class="p">:</span> <span class="p">{</span> <span class="na">crypto</span><span class="p">:</span> <span class="dl">"</span><span class="s2">BTC</span><span class="dl">"</span><span class="p">,</span> <span class="nx">currency</span> <span class="p">},</span> <span class="p">});</span> <span class="c1">// Response shape: { price: 127866.85 }</span> <span class="k">return</span> <span class="nx">data</span><span class="p">.</span><span class="nx">price</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>A few things worth noting that the API docs make explicit:</p> <ul> <li>The address is <strong>derived from your xpub</strong> — Blockonomics doesn't custody it. Funds sent to it land in your wallet.</li> <li>Calling new_address again without reset=1 will give you the <strong>next</strong> address in the derivation chain. Each customer gets their own address. This is what makes order reconciliation clean: address ↔ order is one-to-one.</li> <li>If you accidentally lose track of an address client-side (e.g. browser crashes mid-checkout), reset=1 gives you the <strong>most recent</strong> address back without burning a new one.</li> </ul> <h2> Step 2: Convert fiat price to BTC </h2> <p>Bitcoin prices move every second, so you can't hard-code a BTC amount on your product. Instead, you fetch the live BTC/GBP (or USD, EUR, etc.) rate at the moment of checkout and lock in the BTC amount for that order.</p> <p>The btcPrice() helper above wraps GET /api/price. To work out how much BTC a £30 order costs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">pricePerBtc</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">btcPrice</span><span class="p">(</span><span class="dl">"</span><span class="s2">GBP</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// e.g. 52000</span> <span class="kd">const</span> <span class="nx">btcAmount</span> <span class="o">=</span> <span class="o">+</span><span class="p">(</span><span class="mi">30</span> <span class="o">/</span> <span class="nx">pricePerBtc</span><span class="p">).</span><span class="nf">toFixed</span><span class="p">(</span><span class="mi">8</span><span class="p">);</span> <span class="c1">// 0.00057692 BTC</span> </code></pre> </div> <p>Bitcoin has 8 decimal places (1 BTC = 100,000,000 satoshis), so we round to 8. Store both the fiat amount and the BTC amount on the order — you'll need the BTC amount to verify the customer paid enough, and the fiat amount for your accounting.</p> <h2> Step 3: The order endpoint </h2> <p>Now we tie steps 1 and 2 together. When the user clicks "Pay with Bitcoin" on your site, your frontend POSTs to <code>/checkout</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="c1">// src/server.js</span> <span class="k">import</span> <span class="dl">"</span><span class="s2">dotenv/config</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">crypto</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">node:crypto</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">express</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">btcPrice</span><span class="p">,</span> <span class="nx">newAddress</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./blockonomics.js</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createOrder</span><span class="p">,</span> <span class="nx">getOrder</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./db.js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/checkout</span><span class="dl">"</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">amountFiat</span> <span class="o">=</span> <span class="mi">30</span><span class="p">,</span> <span class="nx">currency</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">GBP</span><span class="dl">"</span><span class="p">,</span> <span class="nx">productName</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">T-shirt</span><span class="dl">"</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="c1">// 1) Fetch live BTC price</span> <span class="kd">const</span> <span class="nx">pricePerBtc</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">btcPrice</span><span class="p">(</span><span class="nx">currency</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">amountBtc</span> <span class="o">=</span> <span class="o">+</span><span class="p">(</span><span class="nx">amountFiat</span> <span class="o">/</span> <span class="nx">pricePerBtc</span><span class="p">).</span><span class="nf">toFixed</span><span class="p">(</span><span class="mi">8</span><span class="p">);</span> <span class="c1">// 2) Generate a fresh receive address</span> <span class="c1">// match_callback can be any substring of your configured callback URL.</span> <span class="c1">// We use the path because we only have one store.</span> <span class="kd">const</span> <span class="nx">matchCallback</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">/webhook/blockonomics</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">address</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">newAddress</span><span class="p">(</span><span class="nx">matchCallback</span><span class="p">);</span> <span class="c1">// 3) Persist the order so the webhook can find it later</span> <span class="kd">const</span> <span class="nx">orderId</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomBytes</span><span class="p">(</span><span class="mi">8</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">"</span><span class="s2">hex</span><span class="dl">"</span><span class="p">);</span> <span class="nf">createOrder</span><span class="p">({</span> <span class="nx">orderId</span><span class="p">,</span> <span class="nx">address</span><span class="p">,</span> <span class="nx">amountFiat</span><span class="p">,</span> <span class="nx">currency</span><span class="p">,</span> <span class="nx">amountBtc</span><span class="p">,</span> <span class="nx">pricePerBtc</span><span class="p">,</span> <span class="nx">productName</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">pending</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="nx">orderId</span><span class="p">,</span> <span class="na">paymentUrl</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PUBLIC_URL</span><span class="p">}</span><span class="s2">/pay/</span><span class="p">${</span><span class="nx">orderId</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">checkout error:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">data</span> <span class="o">||</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">could not create order</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>The key idea: <strong>store the address with the order</strong> the moment you create it. This is the single most common production bug in homemade Bitcoin checkouts — people generate an address, show it to the customer, and never write it down anywhere. When the webhook arrives 30 minutes later carrying that address, they have no way to match it back to an order. Always persist address ↔ orderId <em>before</em> you return a response to the customer.</p> <h2> Step 4: The payment page (showing address + QR) </h2> <p>The payment page just renders what's already in the database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="c1">// src/server.js (continued)</span> <span class="k">import</span> <span class="nx">QRCode</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">qrcode</span><span class="dl">"</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/pay/:orderId</span><span class="dl">"</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="nf">getOrder</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">orderId</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">Order not found</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// bitcoin: URI is the standard format wallets understand</span> <span class="kd">const</span> <span class="nx">bip21</span> <span class="o">=</span> <span class="s2">`bitcoin:</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">address</span><span class="p">}</span><span class="s2">?amount=</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">amountBtc</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">qrDataUrl</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">QRCode</span><span class="p">.</span><span class="nf">toDataURL</span><span class="p">(</span><span class="nx">bip21</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="s2">` &lt;!doctype html&gt; &lt;html&gt; &lt;head&gt; &lt;title&gt;Pay with Bitcoin — </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">productName</span><span class="p">}</span><span class="s2">&lt;/title&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1" /&gt; &lt;style&gt; body { font-family: system-ui, sans-serif; max-width: 480px; margin: 2rem auto; padding: 1rem; } .qr { text-align: center; } .addr { word-break: break-all; font-family: monospace; background: #f4f4f4; padding: 0.75rem; border-radius: 6px; } .status { padding: 0.75rem; border-radius: 6px; margin-top: 1rem; } .pending { background: #fff3cd; } .confirmed { background: #d4edda; } &lt;/style&gt; &lt;/head&gt; &lt;body&gt; &lt;h1&gt;</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">productName</span><span class="p">}</span><span class="s2">&lt;/h1&gt; &lt;p&gt;Send &lt;strong&gt;</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">amountBtc</span><span class="p">}</span><span class="s2"> BTC&lt;/strong&gt; (£</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">amountFiat</span><span class="p">}</span><span class="s2">) to:&lt;/p&gt; &lt;div class="addr"&gt;</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">address</span><span class="p">}</span><span class="s2">&lt;/div&gt; &lt;div class="qr"&gt;&lt;img src="</span><span class="p">${</span><span class="nx">qrDataUrl</span><span class="p">}</span><span class="s2">" alt="Bitcoin QR code" /&gt;&lt;/div&gt; &lt;div class="status pending" id="status"&gt;Waiting for payment…&lt;/div&gt; &lt;script&gt; // Poll for status updates every 5 seconds async function check() { const r = await fetch("/pay/</span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">}</span><span class="s2">/status"); const { status } = await r.json(); const el = document.getElementById("status"); if (status === "partial") { el.textContent = "Payment received, waiting for confirmation…"; } if (status === "paid") { el.textContent = "✓ Payment confirmed. Thank you!"; el.className = "status confirmed"; } if (status !== "paid") setTimeout(check, 5000); } check(); &lt;/script&gt; &lt;/body&gt; &lt;/html&gt; `</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/pay/:orderId/status</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="nf">getOrder</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">orderId</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">not found</span><span class="dl">"</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">status</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>A bitcoin: URI (BIP-21) is the standard format every Bitcoin wallet understands. Scanning the QR code opens the customer's wallet with the address and amount pre-filled, so they just tap "Send."</p> <p>🔄 <strong>A note on polling:</strong> we're using a 5-second poll here for simplicity. In production you'd want WebSockets so the customer sees confirmation the instant it happens — Blockonomics has a real-time WebSocket endpoint for exactly this. We'll cover that in Tuesday's post.</p> <h2> Step 5: Handle the callback webhook </h2> <p>This is where most homemade integrations break. <strong>The Blockonomics callback is an HTTP GET request with query parameters</strong> — not a POST with a JSON body. This is the single biggest thing LLMs get wrong about this API, so write it on your wall.</p> <p>When a payment lands on one of your addresses, Blockonomics hits your callback URL like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /webhook/blockonomics?secret=YOUR_SECRET&amp;txid=abc123def456...&amp;addr=bc1q...&amp;value=50000&amp;status=0&amp;rbf=1 Host: yourserver.com </code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><strong>Field</strong></th> <th><strong>Type</strong></th> <th><strong>Meaning</strong></th> </tr> </thead> <tbody> <tr> <td>secret</td> <td>string</td> <td>The secret you put in your callback URL when you configured it in the dashboard. Use this to verify the request is genuine.</td> </tr> <tr> <td>txid</td> <td>string</td> <td>The Bitcoin transaction ID.</td> </tr> <tr> <td>addr</td> <td>string</td> <td>The receive address — your link back to the order.</td> </tr> <tr> <td>value</td> <td>integer</td> <td>Payment amount <strong>in satoshis</strong> (1 BTC = 100,000,000 sats).</td> </tr> <tr> <td>status</td> <td>integer</td> <td>0 = seen in mempool (unconfirmed), 1 = partially confirmed, 2 = fully confirmed (2 confirmations).</td> </tr> <tr> <td>rbf</td> <td>integer</td> <td>Present only on unconfirmed transactions that signal Replace-By-Fee. 1 = opted in, 2 = inherited.</td> </tr> </tbody> </table></div> <p>Your server must respond with HTTP 200 to acknowledge receipt. If you don't, Blockonomics retries up to 7 times with exponential backoff starting at 4 seconds.</p> <p>Here's the handler:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="c1">// src/server.js (continued)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">/webhook/blockonomics</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">secret</span><span class="p">,</span> <span class="nx">txid</span><span class="p">,</span> <span class="nx">addr</span><span class="p">,</span> <span class="nx">value</span><span class="p">,</span> <span class="nx">status</span><span class="p">,</span> <span class="nx">rbf</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">;</span> <span class="c1">// 1) Verify the secret</span> <span class="k">if </span><span class="p">(</span><span class="nx">secret</span> <span class="o">!==</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CALLBACK_SECRET</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">"</span><span class="s2">rejected callback with bad secret</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">forbidden</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 2) Find the order by address</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="nx">db</span><span class="p">.</span><span class="nf">prepare</span><span class="p">(</span><span class="dl">"</span><span class="s2">SELECT * FROM orders WHERE address = ?</span><span class="dl">"</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="nx">addr</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">"</span><span class="s2">callback for unknown address:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">addr</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">ok</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// still 200 so they stop retrying</span> <span class="p">}</span> <span class="c1">// 3) Map Blockonomics status -&gt; our order status</span> <span class="kd">const</span> <span class="nx">statusInt</span> <span class="o">=</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">status</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">valueSats</span> <span class="o">=</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">value</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">valueBtc</span> <span class="o">=</span> <span class="nx">valueSats</span> <span class="o">/</span> <span class="mi">1</span><span class="nx">e8</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">expectedBtc</span> <span class="o">=</span> <span class="nx">order</span><span class="p">.</span><span class="nx">amountBtc</span><span class="p">;</span> <span class="c1">// Sanity check: did they pay enough? Allow 5% under for price slippage.</span> <span class="k">if </span><span class="p">(</span><span class="nx">valueBtc</span> <span class="o">&lt;</span> <span class="nx">expectedBtc</span> <span class="o">*</span> <span class="mf">0.95</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span> <span class="s2">`underpayment on </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">}</span><span class="s2">: got </span><span class="p">${</span><span class="nx">valueBtc</span><span class="p">}</span><span class="s2">, expected </span><span class="p">${</span><span class="nx">expectedBtc</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">);</span> <span class="nf">updateOrderStatus</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">,</span> <span class="dl">"</span><span class="s2">underpaid</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="nx">txid</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">ok</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Reject zero-conf payments that signal RBF — they can be reversed.</span> <span class="k">if </span><span class="p">(</span><span class="nx">statusInt</span> <span class="o">===</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="nx">rbf</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="s2">`rejecting RBF payment for </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">ok</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">statusInt</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="nf">updateOrderStatus</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">,</span> <span class="dl">"</span><span class="s2">partial</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="nx">txid</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">statusInt</span> <span class="o">===</span> <span class="mi">1</span><span class="p">)</span> <span class="nf">updateOrderStatus</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">,</span> <span class="dl">"</span><span class="s2">partial</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="nx">txid</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">statusInt</span> <span class="o">===</span> <span class="mi">2</span><span class="p">)</span> <span class="nf">updateOrderStatus</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">orderId</span><span class="p">,</span> <span class="dl">"</span><span class="s2">paid</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="nx">txid</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">ok</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The status mapping deserves a careful read:</p> <ul> <li> <strong>status=0</strong> — the transaction has been broadcast to the network but hasn't been included in a block yet. Treat this as "we've seen the payment, but it could still be reversed." Show a "payment detected, waiting for confirmation" message to the customer. <strong>Don't release goods yet.</strong> </li> <li> <strong>status=1</strong> — partially confirmed. The transaction is in a block but Blockonomics' system hasn't yet flagged it as final. Still don't release goods if your goods are valuable.</li> <li> <strong>status=2</strong> — confirmed (2 confirmations). This is the point at which the payment is effectively irreversible. Release goods, fire your order-fulfillment logic, send a receipt email.</li> </ul> <p><strong>The RBF check matters.</strong> If a transaction has rbf=1 or rbf=2 and is still at status=0, the sender can replace it with a different transaction (potentially one that doesn't pay you). For digital goods that you deliver instantly, <strong>reject any zero-conf payment that includes an rbf flag</strong>. For physical goods that ship in days, you have time to wait for confirmations, so it doesn't matter.</p> <h2> Step 6: Persist the order ↔ address mapping </h2> <p>Here's the SQLite layer. Boring but essential:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="c1">// src/db.js</span> <span class="k">import</span> <span class="nx">Database</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">better-sqlite3</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">db</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Database</span><span class="p">(</span><span class="dl">"</span><span class="s2">orders.db</span><span class="dl">"</span><span class="p">);</span> <span class="nx">db</span><span class="p">.</span><span class="nf">exec</span><span class="p">(</span><span class="s2">` CREATE TABLE IF NOT EXISTS orders ( orderId TEXT PRIMARY KEY, address TEXT UNIQUE NOT NULL, amountFiat REAL NOT NULL, currency TEXT NOT NULL, amountBtc REAL NOT NULL, pricePerBtc REAL NOT NULL, productName TEXT, status TEXT NOT NULL DEFAULT 'pending', txid TEXT, createdAt INTEGER NOT NULL DEFAULT (strftime('%s','now')), updatedAt INTEGER NOT NULL DEFAULT (strftime('%s','now')) ); CREATE INDEX IF NOT EXISTS idx_orders_address ON orders(address); CREATE INDEX IF NOT EXISTS idx_orders_status ON orders(status); `</span><span class="p">);</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">createOrder</span><span class="p">(</span><span class="nx">order</span><span class="p">)</span> <span class="p">{</span> <span class="nx">db</span><span class="p">.</span><span class="nf">prepare</span><span class="p">(</span><span class="s2">` INSERT INTO orders ( orderId, address, amountFiat, currency, amountBtc, pricePerBtc, productName, status ) VALUES ( @orderId, @address, @amountFiat, @currency, @amountBtc, @pricePerBtc, @productName, @status ) `</span><span class="p">).</span><span class="nf">run</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">getOrder</span><span class="p">(</span><span class="nx">orderId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">db</span><span class="p">.</span><span class="nf">prepare</span><span class="p">(</span><span class="dl">"</span><span class="s2">SELECT * FROM orders WHERE orderId = ?</span><span class="dl">"</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="nx">orderId</span><span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">updateOrderStatus</span><span class="p">(</span><span class="nx">orderId</span><span class="p">,</span> <span class="nx">status</span><span class="p">,</span> <span class="nx">extra</span> <span class="o">=</span> <span class="p">{})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">fields</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">status = ?</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">updatedAt = strftime('%s','now')</span><span class="dl">"</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[</span><span class="nx">status</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">extra</span><span class="p">.</span><span class="nx">txid</span><span class="p">)</span> <span class="p">{</span> <span class="nx">fields</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">"</span><span class="s2">txid = ?</span><span class="dl">"</span><span class="p">);</span> <span class="nx">values</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">extra</span><span class="p">.</span><span class="nx">txid</span><span class="p">);</span> <span class="p">}</span> <span class="nx">values</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">orderId</span><span class="p">);</span> <span class="nx">db</span><span class="p">.</span><span class="nf">prepare</span><span class="p">(</span><span class="s2">`UPDATE orders SET </span><span class="p">${</span><span class="nx">fields</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">"</span><span class="s2">, </span><span class="dl">"</span><span class="p">)}</span><span class="s2"> WHERE orderId = ?`</span><span class="p">).</span><span class="nf">run</span><span class="p">(</span> <span class="p">...</span><span class="nx">values</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The two things that matter here:</p> <ul> <li> <strong>address has a UNIQUE constraint.</strong> Each address is only ever used for one order. If somehow the same address came back twice (it shouldn't with <code>reset=0</code>), the insert fails loudly rather than silently overwriting.</li> <li> <strong>Index on address.</strong> The webhook arrives carrying an address, not an orderId — your lookup must be fast even with a million orders in the table.</li> </ul> <h2> Step 7: Run it locally with ngrok </h2> <p>Blockonomics needs a public URL to send webhooks to. For local dev, use ngrok:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># terminal 1</span> npm run dev <span class="c"># terminal 2</span> ngrok http 3000 </code></pre> </div> <p>Copy the <code>https://something.ngrok.io</code> URL ngrok prints, then in the Blockonomics dashboard set your callback URL to:</p> <p><code>https://something.ngrok.io/webhook/blockonomics?secret=YOUR_SECRET</code></p> <p>Now create an order:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST http://localhost:3000/checkout <span class="se">\\</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\\</span> <span class="nt">-d</span> <span class="s1">'{"amountFiat": 0.50, "currency": "GBP", "productName": "Test"}'</span> </code></pre> </div> <p>(50p is a good test amount — small enough not to break the bank, large enough to be above the dust limit.) Open the returned paymentUrl in your browser, scan the QR with a wallet, send the payment, and watch your server log fill up with callback events.</p> <h2> Common errors and fixes </h2> <p>A few things you'll hit, and how to handle them:</p> <ul> <li> <strong>409 Conflict – Required wallet not attached to store:</strong> You called <code>new_address</code> but haven't attached your xpub to a store yet. Go to Dashboard → Stores → attach your wallet.</li> <li> <strong>422 Unsupported Cryptocurrency:</strong> You passed <code>crypto=ETH</code> or similar. The endpoint accepts only BTC or USDT. For other coins you need different endpoints.</li> <li> <strong>400 Bad request with no obvious cause:</strong> Almost always a missing <code>match_callback</code> parameter. It's required.</li> <li> <strong>The webhook never fires:</strong> Three usual suspects: (1) your callback URL in the dashboard doesn't actually contain the substring you passed to <code>match_callback</code>; (2) ngrok tunnel died and you forgot to restart it; (3) you configured the callback URL for the wrong store. The dashboard has a "Test callback" button — use it.</li> <li> <strong>The webhook fires but you get a 403:</strong> You forgot the <code>secret</code> query param in the URL configured in the dashboard, or it doesn't match <code>CALLBACK_SECRET</code> in your <code>.env</code>.</li> <li> <strong>My customer paid but the amount looks wrong:</strong> The <code>value</code> field in the callback is in <strong>satoshis</strong>, not BTC. Divide by <code>1e8</code>.</li> <li> <strong>The same callback fires multiple times:</strong> It shouldn't — Blockonomics dedupes on (<code>txid</code>, <code>status</code>, <code>addr</code>). But if your server returned non-200 on the first delivery, it'll retry. Always return 200, even for "I don't recognize this address" — that prevents wasted retries.</li> </ul> cryptocurrency blockonomics psp tutorial