Skip to content
/ btc-custodian Public

Zero-knowledge Bitcoin wallet API built with Rust, BDK, and Axum. Password-encrypted wallets (AES-256-GCM), watch-only architecture, multi-network support, API key auth. Service cannot access funds without user passwords.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

afterburn/btc-custodian

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
tests
tests
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Custodian

Drop-in Bitcoin wallet API for applications that need custody. Built with Rust, BDK, and Axum.

Features

  • Create and manage Bitcoin wallets (mainnet, testnet, signet, regtest)
  • Password-encrypted mnemonic storage (Argon2 + AES-256-GCM)
  • Watch-only balance checking and address generation
  • Transaction signing and broadcasting
  • Automatic blockchain synchronization via Electrum
  • SQLite persistence
  • API key authentication
  • Segwit (P2WPKH) addresses

Quick Start

# Clone and build
git clone https://github.com/yourusername/custodian
cd custodian
cargo build --release

# Configure
cp .env.example .env
# Edit .env and set your API_KEY

# Run
cargo run

Server starts on http://127.0.0.1:3000

API Overview

All endpoints require X-API-Key header (except /health).

Create Wallet

POST /:network/wallets
{
  "name": "My Wallet",
  "password": "secure_password"
}

Returns wallet ID, mnemonic, and descriptor. Save these securely.

Get Balance

GET /:network/wallets/{id}/balance

Generate Address

GET /:network/wallets/{id}/address

Send Transaction

POST /:network/wallets/{id}/transaction
{
  "recipient": "tb1q...",
  "amount": 10000,
  "password": "secure_password"
}

Amount in satoshis. To send max balance (minus fee), set amount to total balance.

Networks

Specify network in URL path:

  • bitcoin or mainnet - Bitcoin mainnet
  • testnet - Bitcoin testnet
  • signet - Bitcoin signet
  • regtest - Bitcoin regtest

Example

# Create wallet
curl -X POST http://127.0.0.1:3000/testnet/wallets \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_key" \
  -d '{"name": "Test", "password": "pass123"}'

# Get address
curl -H "X-API-Key: your_key" \
  http://127.0.0.1:3000/testnet/wallets/{id}/address

# Check balance
curl -H "X-API-Key: your_key" \
  http://127.0.0.1:3000/testnet/wallets/{id}/balance

# Send transaction
curl -X POST http://127.0.0.1:3000/testnet/wallets/{id}/transaction \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_key" \
  -d '{"recipient": "tb1q...", "amount": 10000, "password": "pass123"}'

Testing

# Start server
cargo run

# Run tests (in another terminal)
cargo test --test integration_test -- --test-threads=1

Security Notes

  • Mnemonics are encrypted with user passwords (Argon2 + AES-256-GCM)
  • Passwords are never stored - keep them safe
  • Private keys are only loaded temporarily during transaction signing
  • For production: add rate limiting, HTTPS, audit logging, and backups

License

MIT

About

Zero-knowledge Bitcoin wallet API built with Rust, BDK, and Axum. Password-encrypted wallets (AES-256-GCM), watch-only architecture, multi-network support, API key auth. Service cannot access funds without user passwords.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages