StellarPay

StellarPay - A payment gateway and management

MisterTicot

Hi!

Nice project ?

Please consider offer a way for user from other wallets to sign as well. We currently have several way do that :

Stargazer is using a custom QR format (see :https://www.npmjs.com/package/stellar-qr)
Passing XDR by URL (Stellar Laboratory, Stellar Authenticator)
Using the sep0007 standard (https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0007.md)
Using the Cosmic.Link protocol (https://github.com/MisterTicot/js-cosmic-lib/blob/master/README.md)

If you store encrypted seeds on an online database for backup, please consider use more than the password for encoding. People are often using weak password so they can remember it. This is especially important to allow when there's no password recovery mechanism!

To keep a good encryption in the context, Stellar Authenticator ask for an username that is actually used as an extension of the password. This is because the username/password is a very well known paradigm and stay user friendly.

Currently the data are only kept locally. A cloud backup will be added but it will not be a login mechanism. Meaning that even knowing the user+password pair you couldn't access the seeds.

As entry name for the cloud database, it will uses email address which may or may not contains the username. In case backup is requested, the link leading to the encrypted seeds will be send to the email address and needs username+password to be deciphered.

The point of this is offering an encryption that is secure enough in case the encrypted seeds leaks (database crack, email theft, dns attack,...)

One have to think carefully how he is going to handle the private keys. Those may end up representing a lot of money, especially when centralized, giving a high incentive to try an attack. If the cost of a successful attack is under the expected gain you're done.

It took me time to come up with a scheme that allow safe cloud backup. Once fully implemented I'll release the database as a JavaScript library. Hopefully I'll get it to be audited as well. The current secure database module (without cloud sync) is available at : https://github.com/MisterTicot/stellar-authenticator-src/blob/master/database.js

This sheme have a drawback though: you won't directly login from another browser/device (that's also the feature). You'll have to import a piece of data for syncking devices together.

MisterTicot Hi, MisterTicot! Thank you for that detailed comment.

For wallet encryption side, PBKDF2 and AES256 methods used and they are safest methods which can be used currently. Username is not only the parameter used for encryption, there is also UUID (randomly generated ID). Also there is no problem with recovery because you're generating a deterministic wallet. It means, you will be able to recover your wallet with 12 word mnemonic backup.

For DNS Hacking and other middle attacks, I'm planning to make StellarPay client as open source. Then you will be able to use StellarPay in your local (except API requests).

In conclusion, StellarPay never stores your private keys or mnemonic on database , is storing only your merchant details and other non-sensitive informations. Will check Cosmic protocol!

stellarpay

-- 12 July Update --

Hi, GalacticTalk People! Everyday, Im working on StellarPay to make much better and It is almost done! As i mentioned before, payment gateway is supporting any type of asset, you can add your own assets or assets which is backed by anchors like Stronghold. It makes possible to get easily fiat payments via StellarPay payment gateway. There is something new features in API side like "send withdrawal requests with API" . The requests will be hold on your dashboard, then you need to sign them. There are tons of features and new features, i will update them before going to live.

Waiting your feedbacks about dashboard and advices about payment gateway and whole project.

Dashboard : https://stellarpay.io/dashboard.png

kirbyrawr

Looks really polished, i didn't have the time to check it deeply (sorry), but looks promising, keep it up!

stellarpay

Sorry for delaying, will release it in a few days. Preparing API documentations, adding new features and testing everything. StellarPay on the way!

stellarpay

Hi! A short clip from StellarPay payment flow ; https://cl.ly/2d3J1j3w1z3V . While transaction processing on background, the merchant also received IPN (Instant Payment Notification) .

StellarGuard

stellarpay Instead of having them copy/paste both the destination and the memo text, you might consider using federation to prefill the address/memo.

I imagine it might be something like: "<transaction-id>@my-merchant*stellarpay.com" and your federation server would generate the details for you.

It would require you to set up a federation server which might not be on your top priority at this point, but maybe consider it for the future as a minor usability enhancement.

stellarpay

Hi Galactic community, the release delayed due to my health issues. We're going to live tomorrow. Still waiting your recommendations about gateway.

Also can check the landing page : https://stellarpay.io/

Mitchzof

I've been following this project for the past week or so. It really looks great, from the system itself to UI and transaction flow. This honestly looks to be have one of the most polished UI's of any entry I've seen yet. Can't wait to see the live site, and wishing you the best in regards to your health.

stellarpay

Mitchzof Thank you!

https://stellarpay.io/

Now, StellarPay is live and running on testnet. Also added first version of documentation.

Will update in short time ; restore wallet, settings , exchange list, export merchant sales and fix minor bugs.

Please test the gateway and checkout page then give me feedback.

syntaxval

Stuck on adding custom asset. Button label Creating, nothing is happening.
Screenshot

stellarpay

syntaxval Hi, issuer account must be active account on Testnet network. Thank you for reporting, there is a bug which is not resetting button after error. It is fixed now. Also added panic button(reset) if there is unexpected situation.

Please try add as a issuer an activate account on testnet then give me feedback.

Mitchzof

Really like the site, works well and looks great! That said, I've done a bit of testing and had a few suggestions.

With the balances component, I was wondering what the label did as I didn't see it used anywhere. Also, multiple assets of the same code will overlap. Meaning if I have USD from issuer A and issuer B on there, it will show all payments for all assets with the code USD, while also showing issuer B as the issuer when i click on both balances. Also, when making transactions, I'm unable to differentiate between which USD asset I'm using.

stellarpay

Mitchzof Thank you for detailed feedback!

Yes, it is on my update list. I will seperate them on memory like ASSETCODE-ISSUER. Then you can able to select them without concern.

Labelling is require sync with StellarPay API server then will match Horizon asset list with API synced asset list. Im looking for best method which i can use it. Currently, users cannot use same asset code in their account but will release a general update for them.

8181

Hello

I am looking for a straightforward autoconversion payment processing gateway that works with a custom stellar based token.

Meaning customers pay using multiple custom based stellar token and the code converts it on the DEX for withdrawal by retailer in a single selected currency.

T@1world.energy