Strike widget
The Strike widget
The Strike widget is a web-based tool that enables your users to buy bitcoin within your app.
It’s a plug-and-play solution that lets you add a “Buy bitcoin” button to your app and have users guided through a step-by-step bitcoin purchase, including:
- Signup
- Know Your Customer (KYC) verification
- Cash payment method linking
- Bitcoin purchasing
- Bitcoin delivery via on-chain or Lightning transaction
It’s a simple and secure on-ramp for people to convert their cash to bitcoin.
Once a purchase is made, the bitcoin can be delivered to the user’s external wallet, a designated custodial wallet, or held on the user’s behalf in your Strike account. In conjunction with the Strike API and Strike OAuth Connect, you can then create transaction experiences, capable of making borderless payments on the user’s behalf through the Bitcoin and Lightning Networks.
Bitcoin journeys begin by clicking the “Buy” button. Learn more about the Strike widget here.
Integration steps
Integrating the Strike widget begins by setting up your account by contacting partners@strike.me. The Strike onboarding team will be able to assist you getting your account verified and set up. With your account active, you can begin integrating the Strike app by following these steps:
1. Partner registration
To begin, generate the RSA private/public key pair that will be used to sign the parameters. To generate the keys you can use the following Codesanbox app, or your own key-pair generation solution. Ensure your private key is kept safe and secure.
Next, provide your public key to your Strike contact, who will give you a partnerID
code that will be used as a parameter to identify yourself to the Strike widget.
2. Build the Strike widget buy bitcoin URI
When your app sends a request to the Strike widget, it must include the correct parameters and in the proper format.
The Strike widget URL consists of the domain and path (which are always https://black.strike.me/buy), followed by the query parameters. The following query parameters are required:
partnerId
- This contains the code obtained from the Partner registration step.destinationType
- This identifies the type of the destination to which the purchased bitcoin will be sent. It can contain one of the following values:LIGHTNING
- The destination is a Lightning Network invoiceONCHAIN
- The destination is an on-chain Bitcoin addressSTRIKE_ACCOUNT
- The destination is a Strike account username
destination
- This specifies the actual destination for the purchased bitcoin, which must be formatted according to thedestinationType
that has been set:LIGHTNING
- The value must be set to a valid, non-expired, amountless LN invoice. For a better user experience, ensure the invoice doesn’t expire too soon, such as a one hour expiration time, so that the invoice can still be valid in case of any unexpected delays in the purchase process.ONCHAIN
- The value must be set to a valid on-chain mainnet Bitcoin address.STRIKE_ACCOUNT
- The value must be set to a valid Strike account username.
signature
- This must contain the URI encoded base64 signature of all the other query parameters. The signature must be built in the following way:- Alphabetically sort all the other query parameters (e.g. destination=satoshi1234&destinationType=STRIKE_ACCOUNT&partnerId=strike-buy) to get the plaintext value
- Calculate the sha256 hash of the plaintext value to get the hashed value
- Sign the hashed value with the private key generated in the Partner Registration step. The signature must be base64 encoded.
- URI encode the signature to get the final query parameter value.
Below is a node.js/Typescript example of how to generate a signature:
/**
* Signs the content using the provided secret and returns the signature
* @param content - query string that includes the params that need to be signed in alphabetical order
* @param secret - private key generated in the Partner Registration step
*/
function sign(content: string, secret: string): string {
const sign = crypto.createSign('sha256')
return sign.update(content).sign(secret, 'base64')
}
Upon receiving the request, the Strike widget will validate that the query parameters are valid and that the signature provided is indeed yours using the public key provided from the Partner Registration step. In the case where something is incorrectly configured, an error page will be displayed. This practice ensures nobody can tamper with the parameters as the content was signed with a private key known only to you.
The resulting URI should follow this format:
https://black.strike.me/buy?destination=<dest_value>&destinationType=<dest_type>&partnerId=<id_value>&signature=<sig_value>
Below is an example URI generated for a bitcoin purchase to be delivered to a Strike account:
https://black.strike.me/buy?destination=satoshi1234&destinationType=STRIKE_ACCOUNT&partnerId=strike-buy&signature=seX9iBUYew0aqO2Z2Ml9pL2Zv%252FNkTdBSm14dN3eXnTSGKaUB39NaqERpe7etoFD0GNVYPHHtIXE3eF%252FQ0BB%252F7j9hvMMErL8HM3wGQV30P1m2gv0hqNa7%252FJc8zXCsI1S5B30SCGHMT7a0hA94PgIShoYaMx2bKKMHgW5iJta4APh700wLZXwfAiq5JIFzNhmd1WyqyF%252BJmCcAwiGa07uMb88CA8QoMFHK3yEj18MTvA80VYLdaq3y2yAaufJfGDNOgGZoKlgVr8n6oxQySmcJgqLuge4fpqDaFy0XmyrkYW15%252F%252FsG%252ByoafIrFD1djr8403tZwv9fSFfv8gR2ydjtG0w%253D%253D
3. Open/redirect to the URI
The final step is to use the newly built URI to communicate with the Strike widget, which can be done either via web or mobile:
- Web: The recommended way to integrate the Strike widget into your app is by using an HTML iframe element. Set the iframe src attribute value to the URI built in the previous step.
- Mobile: Open the URI built in a previous step using Chrome custom tabs on Android or Safari View Controller on iOS. The back button or swipe left should close the web view and take the user back to your mobile app.
With the parameters delivered via the URI and the signature validated, the user will be guided through the bitcoin purchase experience, as outlined in the example flow.
Example flow
Once you have completed the integration steps and added a "Buy bitcoin" button to your app. Within your app, the user selects the “Buy bitcoin” button, which opens/redirects to the Strike widget (https://black.strike.me), providing the necessary parameters to identify itself and specify the delivery destination for the bitcoin.
The user is then guided through the following flow:
- Enter a cash amount to purchase and tap "Continue".
- Enter an email address to either log in or create a new account through an email verification code.
- Proceed through KYC, which involves entering country of residence, phone number, and identity details for verification.
- Add a payment method by entering payment method details then retrieving a verification code that's sent to the bank as a small, temporary transaction.
- For on-chain deliveries, specify a preferred delivery time, which incurs different fees depending on the speed.
- Tap "Continue" to review the purchase details, including bitcoin price, designated payment method, fees, and estimated delivery time.
- Tap "Confirm"
Upon confirming, the payment method will be charged, the purchase will be made, and the bitcoin will be delivered to the specified destination. The user can then close the Strike widget and return to your app.
Within the Strike widget, the user can also tap the "Settings" button to review their limits, payment methods, account information, and transaction history, including pending transactions for on-chain sends that have yet to be broadcast.
Through this experience, the user is creating a Strike account, meaning they can log in again and reuse their linked payment method to make their next purchases faster and easier. Additionally, existing Strike users can log in with their Strike account email to bypass payment method linking and KYC steps by using their established credentials and payment methods to buy bitcoin.