Coinkite Exclusive Interview – Your One Stop Shop for Accepting Bitcoin

August 1, 2014

CCN just interviewed the first company to market a Bitcoin point of sale (POS) system, Coinkite. Coinkite offers merchants the ability to accept Bitcoin through Coinkite terminals, as well as their own API (Application Programming Interface), which allows merchants to build robust check out systems for everything from online shopping carts to pizza restaurants. For shoppers, Coinkite offers their own Bitcoin debit card. You might remember Coinkite and how easy it is to use, from one of our stories back in January this year. Coinkite has recently revealed an Onion for Tor, as yet another show of commitment to Bitcoin ideals.

Rodolfo Novak, CEO and Co-Founder of Coinkite, told CCN in an email:

Some examples [for using our API] are ATMs, pre-ordering systems for a pizza place that print on Coinkite Terminals, real hot wallets for your exchange, send funds by email, and the list [keeps going]!!

His bold ideas on the innovative uses for his company’s products are what spurred CCN to sit down for an interview with Peter D. Gray, CTO and Co-Founder of Coinkite, to learn more about their company.


Interview with Peter D. Gray, CTO and Co-Founder of Coinkite

You mentioned that your HSM could provide for “ultra security and instant transactions.” What is an “HSM” and how does it allow for ultra security and instant transactions?

HSM [stands for] Hardware Security Module. It’s a dedicated box that does nothing else [other than] hold the most secret keys. [There is] lots of security all around it of course. HSM is superior to cold storage which our competitors use because it doesn’t delay access to your funds. Our users can take out their own money anytime, and that’s important for trust and so they can make the most of it. Cold storage usually involves people running around with USB keys physically, which is both slow and error-prone.

It’s pretty impressive that you have your own POS hardware system for offline merchants to use as well as the ability to cater to the internet merchants as well. Who do you think is your competition in this market and how do you feel your company stacks up against them? What can you offer that they cannot? Conversely, what do they offer that you do not and how do you feel that it will effect your business?

We are the first to market with a pure crypto POS system. There isn’t much competition in that area because frankly it is very hard to ship working hardware and support it worldwide. Our product works everywhere in the world where you can get a GSM cell signal, and it’s a complete package: a Bitcoin exchange you can hold in your hand.

We have a good map here:

Are your debit cards compatible with any ATMs on the market? If so, what ATM systems do you recommend to merchants who wish to be compatible with your debit cards?

Of course, our cards don’t do anything with Visa/MasterCard, but they do work with Bitcoin ATM machines (for deposits) because they have a QR code which is linked to your Coinkite account. [As far as I know], all Bitcoin ATM’s are compatible with the Coinkite card. For Litecoin and Blackcoin, you’d have to use a Coinkite machine to do the deposit.

Debit cards, in my opinion, have the greatest potential for bringing Bitcoin to the masses especially with Bitcoin ATMs being ever more present. For people like me who have never used a Bitcoin debit card, can you please walk me through the process of using one?

It’s just like paying with a regular debit card at a via payment terminal: the merchant sets the price, you stick in your card, perhaps add a tip, and enter your PIN code to confirm. Receipts [get] printed, and [the transaction is complete].

Do the debit cards have the ability to store any data off of the card (such as extracting it’s built in wallet to a PC or mobile device) in order to allow for added security if the card is lost or stolen?

It’s easy to cancel the card from the Coinkite website [with just] one click. [It’s] also easy to “find” the card again, because, well, that happens.

Are the debit cards password protected or encrypted and can they be programmed with a new password or can you overwrite the data with a new wallet? Are the cards magnet sensitive or do they require any special care to make sure the data on them doesn’t get destroyed?

It’s a smart card, so magnetic fields are not a problem. No “value” [gets] stored on the card so [that] no funds can be lost if the card [gets] damaged. It does not allow you any website access.

Do you charge a fee for using your services? How much are your fees? Do you give a discount to offline merchants (POS terminal accounts) to help foster Bitcoin adoption?

We do charge for most of our services. There’s a lot of free stuff out there for Bitcoin already, but we want to build a sustainable business and I’ve got kids to feed. That said, our prices are reasonable, and we have lots of different levels to suit everyone’s budget, including [an almost] free tier (1% on withdrawals only).
Full price chart is here:

I would like to know just how much your API can do. I looked through the documentation, and I saw that it’s capabilities are quite extensive. It appears that you allow for transactions in JSON.

Yes, it’s the usual RESTful style protocol, except we only support JSON and no XML.

Do you allow for other forms of API transactions as well?

No. JSON only, although many functions are simple enough that query [arguments] can [get] used.

Why does your system favor GET and PUT instead of POST when POST is generally more secure?

All interaction with the API [gets] done over SSL (HTTPS) sockets, so the practical differences between a GET and POST are slight, and there is no difference in terms of security. Functions which have side effects (like moving money) will require POST/PUT and don’t work over GET.

Does your system account for Unicode characters so people from other countries who have non-Roman character sets can send and receive data in their own language without client side conversions?

Yes, the protocol is Unicode clean, although it’s written in English. We have lots of world-wide users, and they certainly use their native languages on our system.

Email addresses are on rare occasions done in Unicode character sets, and the IANA supports several domain extensions in Russian, Arabic, Chinese, and more. If the domain for the email isn’t in xn-- format, will it create troubles with the transaction and potentially leave customers vulnerable?

The customer would never lose money due to a Unicode encoding issue like that.  Certainly email is not a very reliable medium, and there are so many ways for email to get lost. However, we are sending a Coinkite Voucher [when we make a transaction], and any voucher that remains unclaimed can be redeemed back by the original sender (i.e. canceled).

As a web developer specializing in LAMP development, I feel that any developer working with their new API will have an easy time finding what they’re looking for to develop their project around it.  Please keep in mind that this is not programming language specific, but there are examples for using the Coinkite API with various programming languages.  Check out the Coinkite documentation website to learn more about the API, running your new hardware terminal, or how you can get your cryptocurrency exchange integrated with Coinkite.

Photo used with permission of

Disclosure: I’m not affiliated with Coinkite.

Tags: coinkite
Rick Mac Gillis @ManWithNoBrows

Rick Mac Gillis entered the world of Cryptocurrencies in late 2013. He is a controversial journalist committed to investigating and exposing the "dirty bits" of the community. With over a decade of experience in LAMP web development with a focus in custom cryptographic security methods and ethical hacking, Rick Mac Gillis understands the need for proper security standards in cryptocurrency.