The My Wallet API provides a simple interface Merchants can use interact with their wallet. Blockchain.info will decrypt the wallet on our server manipulate it as necessary and re-save. If you will be accessing this API from a server with a static ip address is recommended you enable the IP Lock found in the Security Section of your My Wallet account. HTTP GET and POST are supported. However, if a POST request is sent without "Content-Type: application/x-www-form-urlencoded" header, some endpoints may not work correctly.

All bitcoin values are in Satoshi i.e. divide by 100000000 to get the amount in BTC. The Base URL for all requests: https://blockchain.info/merchant/$guid/. $guid should be replaced with your My Wallet identifier (found on the login page).

Want to send without a My Wallet account? It is possible to send using only a private key by replacing $guid with a private key in wallet import format. The password parameters can then be omitted.

PHP Example

<?

$guid="GUID_HERE";
$firstpassword="PASSWORD_HERE";
$secondpassword="PASSWORD_HERE";
$amounta = "10000000";
$amountb = "400000";
$addressa = "1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq";
$addressb = "1ExD2je6UNxL5oSu6iPUhn9Ta7UrN8bjBy";
$recipients = urlencode('{
                  "'.$addressa.'": '.$amounta.',
                  "'.$addressb.'": '.$amountb.'
               }');

$json_url = "http://blockchain.info/merchant/$guid/sendmany?password=$firstpassword&second_password=$secondpassword&recipients=$recipients";

$json_data = file_get_contents($json_url);

$json_feed = json_decode($json_data);

$message = $json_feed->message;
$txid = $json_feed->tx_hash;

?>
HTTP callbacks are enabled in the notifications section of [Account Settings] in the web interface.

When a payment is received blockchain.info will notify the http URL specified in [Account Settings]. The parameters will be supplied in a http GET request. The callback url is limited to 255 characters in length.

Parameters

Expected Response

In order to acknowledge successful processing of the callback the server should respond with the text "*ok*". If the server responds with anything else the callback will be resent again every new block (approximately every 10 minutes) up to 1000 times (1 week).

A notification will never be sent for the same transaction twice once acknowledged with *ok*. It is a good idea to record the transaction hash even if not needed to detect duplicates for logging purposes.

PHP Example

If the callback url provided is https://mystore.com

$transaction_hash = $_GET['transaction_hash'];
$value_in_btc = $_GET['value'] / 100000000;
$address = $_GET['address'];

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {
    return;
}

echo $address . ' received a payment of ' . $value_in_btc . ' transaction hash ' . $transaction_hash;

Check Callback Response Log Enter a Callback URL to view the log of callback attempts

The URL must be exactly equal to when it was passed to the create address method (including parameters). There is no fuzzy matching.

Callback Security

The server must check the the callback request is being made by blockchain.info by validating the ip address of the requester matches that of the blockchain.info domain.

A secret parameter should be included in the callback URL. When the callback is received the secret parameter should be checked for validity.

Test notifications sent using the "Call the API" tool will include the parameter "test" with a value of "true". Callback processing scripts should always check for this testing flag.