When adding currencies/payment methods, you have several methods to choose from. Some methods are considered more secure than others however the less secure methods are still valid options provided you take a few extra measures to secure your funds.
These potential security risks are not specific to this plugin but are things generally associated with cryptocurrencies (protecting your coins) and web based applications (your website) that can never be 100% secure from potential hackers.
This article explains the pros and cons of each method so you can make an informed decision about which method is right for you.
Method 1 – Using MetaMask to make payments
If you decide to use the MetaMask browser extension to make the payments, you do not need to configure any currency addresses or keys within the plugin. The plugin simply passes the payment information to MetaMask which handles the payments.
You configure your address within MetaMask and all security measures are also handled by MetaMask. This method is considered the most secure.
|No private keys stored in the website database.||Payments via Payments UI only (no automatic payments)|
|No private keys requested by the Payments UI||Only ETH and ETH tokens can used.|
|Currencies: ETH, ETH tokens|
Method 2 – Using CryptoAPIs to make payments
The CryptoAPIs integration allows payments to be made via their API. There are 3 methods available that utilise there their API.
- Generate Address – Generates an address on the relevant blockchain and provides you with the private keys.
- Generate Account – Generates an address ( Ethereum only) and stores the keyfile on the CryptoAPIs server. A password is provided which is required to send payments.
- Import Address – Allows you to simply enter a public address to use as the payment address.
All 3 methods require either the private keys or password to be sent to the CryptoAPIs server when the plugin generates a payment. All 3 methods also offer the option to save/enter these private keys in your website’s database or you can enter them manually (when required) in the Payments UI.
When entering private keys in the Payments UI, they are never saved in the website’s database. They are only used for those payments and are immediately discarded once you close the Payment UI.
When using method 1 or 2, a popup will appear displaying your newly generated public and private keys. It is extremely important that you make secure copy of these. Once the popup is closed, there is no way to display them again.
We do not recommend saving private keys to the database but this does allow the plugin to make automatic payments that require no manual processes. If choosing this method we recommend only keeping small amounts of coins in the associated address and top it up only when necessary. This is often referred to as a cold/hot wallet setup explained in the Crypto Primer article.
|Multiple Currencies can be added using this method.||Private keys (or password) are required to make payments.|
|Allows automatic payments (when saving keys only).||Could expose your private keys to hackers. Extra security steps required.|
|Currencies: ETH, ETH tokens, BTC, BCH, LTC|