Frequently Asked Questions

General

What is B4bit Pay?

A payment gateway that lets your merchant accept cryptocurrencies and receive the equivalent balance in USD automatically. See how it works.

How much does it cost?

0.95% per transaction. No monthly fees or hidden charges. See fees.

Do I need technical knowledge?

No. For basic payments it is enough to create an account, a merchant and use the unique QR or payment links. API integration is optional.

Payments

Which cryptocurrencies can I accept?

13+ major cryptocurrencies across multiple networks. The authoritative list is always in GET /currencies. See accepted cryptocurrencies.

Can a payment expire?

Yes. The EX (Expired) state appears when the payment is not received within 15 or 60 minutes depending on the network. If more than 24 hours pass without receiving a payment, it moves to CA (Cancelled).

What happens if the customer pays a smaller amount?

The payment ends in the IA (Insufficient Amount) or OC (Out of Condition) state. Do not release the product. The case is handled manually by support.

And if they pay a larger amount?

The state can still reach CO (Completed) without issues. The excess is credited.

Can I issue refunds?

The API does not have a refund endpoint at the moment. If your customer requires a refund, the flow is off-chain, handled manually via support@b4bit.com. Record the case using the reference field of the original payment for traceability. See refunds.

API

Where do I get my API Key?

In the dashboard: Settings → Merchant → Devices. Each device has its own API Key (X-Device-Id) and Secret Key.

Are the API Key and the Secret Key the same?

No. The API Key (X-Device-Id) goes in the header of REST requests. The Secret Key is used only to verify HMAC for webhooks. Never mix them up.

Is there a sandbox environment?

See sandbox. In production you can test with minimal amounts (1 MXN) and cancel before the customer pays, but there is no public isolated sandbox at this moment.

What are the rate limits?

2000 requests/day per device, 60/minute, 15/minute on strict endpoints. See rate limits.

How do I test my HMAC implementation?

Use the official webhook test vectors — paste the secret, nonce and body into your function and confirm that it produces the expected signature.

Webhooks

How many times does B4bit Pay try to send me a webhook?

Only once. Confirmed against the backend code: there is no retry logic. If your endpoint is down, the webhook is lost. Combine with periodic reconciliation via GET /orders/. See webhook ordering.

What HTTP status should my server return?

200 OK quickly (< 5 seconds). Process heavy logic asynchronously.

What if my server is down?

Danger

The webhook is lost (no retry). Mitigate with: (a) high availability of the endpoint, (b) nightly reconciliation via GET /orders/, (c) targeted queries to GET /orders/info/{identifier} for orders that never received a callback.

Why does my signature not match?

Five common causes:

1. You did not decode the Secret Key from hex to bytes before computing the HMAC.
2. You parsed the JSON body and re-serialized it (you must use the raw body exactly as it arrived).
3. You added a trailing newline to the body.
4. You concatenated in the wrong order (it must be nonce + body, not the other way around).
5. You compared with == instead of timing-safe.

Verify with the test vectors and the MCP’s verify_webhook tool.

Withdrawals

How long does a withdrawal take?

It depends on the network. On fast networks (Polygon, Arbitrum, Tron) it can take minutes; on Ethereum, it depends on congestion.

Can I withdraw in any crypto?

Yes, in the same networks that B4bit Pay supports for payments. See withdrawal of funds.

Account

Can I have multiple users in my merchant?

Yes. There are three roles: Administrator, Read-Only Administrator and Operator. See user profiles.

Where do I write if I have a problem?

To support@b4bit.com (Mon-Fri 9-19h CDMX) or on the support portal.