A Local REST service to sign transactions in a secured environment
I recently joined BitGo, leading the developer platform team tasked with helping Bitcoin exchanges and partners integrate multi-signature wallets. Over the past few months, I’ve come to notice that a major hurdle towards multi-sig integration has been the cost of engineering resources. A personal friend of mine who owns a small exchange told me that they’d need to delay multi-sig to work on growth features, such as Facebook connect and tipping. I see his point: end-users care about features, but often don’t care about security until it fails.
At BitGo, we operate 2-of-3 multi-signature wallets where we control a single key to co-sign transactions. The security model requires that transactions must be signed by the user, who should keep their key secret. Developers have asked for REST APIs accepting their private key, to which we had to refuse — that would make BitGo privy to more than one key, and thus in control of customer funds.
The solution: BitGo Express, a local service that runs in your datacenter to handle client-side Bitcoin operations involving customer keys. It exposes endpoints that will prepare, sign and send partially constructed transactions to BitGo. This is done in a unified interface on top of other existing (and proxied) API endpoints.
Here are some of the new endpoints available (click for documentation):
We also provide some helpful utilities:
BitGo Express is available today. Let me know how/with what languages you’re using it!