The My Wallet API provides a simple interface Merchants can use interact with their wallet. will decrypt the wallet on our server manipulate it as necessary and re-save. HTTP GET and POST are supported. However, if a POST request is sent without "Content-Type: application/x-www-form-urlencoded" header, some endpoints may not work correctly.

From the 1st December 2014, in order to use this API, access must be explicitly enabled, and all client ip addresses whitelisted by the wallet owner. Manage access in [Account Settings] -> [IP Restrictions]. Wallets created via the Create Wallet API can bypass this by including the same API key used to create the wallet, in all requests.

All bitcoin values are in Satoshi i.e. divide by 100000000 to get the amount in BTC. The Base URL for all requests:$guid/. $guid should be replaced with your My Wallet identifier (found on the login page).

Want to send without a My Wallet account? It is possible to send using only a private key by replacing $guid with a private key in wallet import format. The password parameters can then be omitted.

PHP Example


$amounta = "10000000";
$amountb = "400000";
$addressa = "1A8JiWcwvpY7tAopUkSnGuEYHmzGYfZPiq";
$addressb = "1ExD2je6UNxL5oSu6iPUhn9Ta7UrN8bjBy";
$recipients = urlencode('{
                  "'.$addressa.'": '.$amounta.',
                  "'.$addressb.'": '.$amountb.'

$json_url = "$guid/sendmany?password=$firstpassword&second_password=$secondpassword&recipients=$recipients";

$json_data = file_get_contents($json_url);

$json_feed = json_decode($json_data);

$message = $json_feed->message;
$txid = $json_feed->tx_hash;

HTTP callbacks are enabled in the notifications section of [Account Settings] in the web interface.

When a payment is received will notify the http URL specified in [Account Settings]. The parameters will be supplied in a http GET request. The callback url is limited to 255 characters in length.


Expected Response

In order to acknowledge successful processing of the callback the server should respond with the text "*ok*". If the server responds with anything else the callback will be resent again every new block (approximately every 10 minutes) up to 1000 times (1 week).

A notification will never be sent for the same transaction twice once acknowledged with *ok*. It is a good idea to record the transaction hash even if not needed to detect duplicates for logging purposes.

PHP Example

If the callback url provided is

$transaction_hash = $_GET['transaction_hash'];
$value_in_btc = $_GET['value'] / 100000000;
$address = $_GET['address'];

//Commented out to test, uncomment when live
if ($_GET['test'] == true) {

echo $address . ' received a payment of ' . $value_in_btc . ' transaction hash ' . $transaction_hash;

Check Callback Response Log Enter a Callback URL to view the log of callback attempts

The URL must be exactly equal to when it was passed to the create address method (including parameters). There is no fuzzy matching.

Callback Security

A secret parameter should be included in the callback URL. When the callback is received the secret parameter should be checked for validity.

Test notifications sent using the "Call the API" tool will include the parameter "test" with a value of "true". Callback processing scripts should always check for this testing flag.