/API
Widget Docs

Getting Started

Core Resources

Best Practices

Back to API Overview

This page outlines recommended practices for integrating with the Two-Coin API to ensure a secure, reliable, and user-friendly experience.

Security Best Practices

API Key Protection

  • Store API keys securely, never in client-side code
  • Implement key rotation procedures
  • Use environment variables or secure secret management solutions
  • Restrict API key access to only necessary personnel

Request Signing

  • Always sign requests correctly using the HMAC authentication method
  • Ensure accurate timestamp generation within 5 minutes of server time
  • Double-check that your signature generation matches the expected format

Webhook Security

  • Verify webhook signatures to confirm they're coming from Two-Coin
  • Use HTTPS for your webhook endpoint
  • Implement IP whitelisting if possible

Performance Optimization

Caching

  • Cache payment method responses for up to 24 hours
  • Don't cache offers (they expire quickly)
  • Cache static resources like images and descriptions

Important: Never cache offers as they typically expire after 2 minutes. Always fetch fresh offers when creating an order.

Rate Limiting

  • Implement exponential backoff for retry attempts
  • Monitor your API usage in the merchant dashboard
  • Spread out batch operations to avoid hitting rate limits

User Experience

Providing a seamless user experience is essential for successful cryptocurrency purchases. Follow these best practices:

Order Flow

  • Display clear instructions at each step of the purchase process
  • Show a countdown timer for offer expiration
  • Provide real-time feedback on order status
  • Display transaction details clearly, including fees and exchange rates

Error Communication

  • Translate API error codes into user-friendly messages
  • Provide clear instructions on how to resolve common issues
  • Implement fallback options when certain payment methods fail

Integration Testing

Thorough testing is crucial for a successful integration. We recommend:

  • Test all API endpoints in the test environment before going live
  • Verify webhook reception and processing
  • Test error scenarios to ensure proper handling
  • Conduct end-to-end testing of the entire purchase flow
  • Test with different payment methods and currencies

Implementation Checklist

Use this checklist to ensure you've implemented all necessary components:

  • Secure API key storage
  • HMAC authentication implementation
  • Webhook endpoint configuration
  • Webhook signature verification
  • Payment method selection UI
  • Offer comparison and selection UI
  • Order creation flow
  • Order status tracking
  • Comprehensive error handling
  • End-to-end testing

Pro Tip: Join our Telegram developer community at https://t.me/cs_2coin to get real-time support and share implementation best practices with other merchants.

Previous: Error HandlingBack to API Overview

Support

If you encounter any issues or have questions not addressed in this documentation, please contact our support team on Telegram at https://t.me/cs_2coin (@cs_2coin).