A third-party host is an individual or a business which self-hosts a BTCPay instance and enables other users to register and use the server. On a self-hosted server, the owner can add an unlimited amount of users and stores and allow those users to manage their stores independently and receive payments to their own wallets.
While this feature in BTCPay Server exists for complex multi-store business management, community enthusiasts use it to help other users, (mostly beginners), sometimes skip an overwhelming step of deploying a self-hosted BTCPay server. Users who want to test or develop applications on top of BTCPay also use instances hosted by third parties. Some hosts try to spread the adoption of cryptocurrencies by allowing their local merchants to receive payments for free or for a small sign-up fee.
In layman words, think of this feature as a payment processor factory which allows anyone to deploy a server and help others receive payments which are validated via the server owner full Bitcoin node.
- btcpayjungle.com
- btcpaynow.net
- btcpayprovider.com
- exitpay.org
- lightbo.lt
- lightninginabox.co
- lpay.io
- luxnode.io
- merklesig.com
- nodl.it
- pay.d-central.tech
ltcpay.comregister.btcpal.online
Feel free to chat with the Community to find the appropriate host for your needs, but also make sure to choose a host you trust. Read the rest of this document to better understand the pros and cons of using a third party host.
To become a third party host, you need to self-host a BTCPay Server and enable registration for other users. Go to Server Settings > Policies > Disable registration, unmark the checkbox. You may also want to configure the SMTP settings to allow them to reset their password if they forget it.
Yes. Here are some restrictions.
- No Lightning Network
- No wallet re-scan
- No Server Settings access
The limitations happen for technical reasons, mostly because these features require a user to run a full node to use them.
- Easy and quicker setup
- Cheaper and in most cases free (depending if the host is premium or free)
- Receive payments directly to your wallet
- Private key never required (if it is, it's a scam!)
- Security concerns
- Privacy concerns
- Limitation of features
- No control over a server
- Have to trust the owner of the server
Trusted third parties are security holes. By relying on someone else to manage a server for you, you are potentially exposing yourself to a certain attack vector.
The most significant attack vector when using a third party host is that a malicious and technically skilled host can create a forked version of BTCPay Server and modify it so that it either spy on your transactions or replace your xpubkey with his. This means that future payments made to you may end up in a malicious party wallet.
In BTCPay, a private key is never required. This means that funds are safe even if the server is hacked, but a malicious host can intercept future payments and steal those funds. If you follow your transactions via a watch-only wallet, you should be able to detect such attack quickly and notice that your orders are being marked as paid, whereas you don't see the transactions in your wallet.
If a third-party host asks for your private key or pre-generates one for you, be sure it's a scam. Never share your private key with anyone. It's called private for a reason.
Xpubkey replacement attack applies to a self-hosted server as well. A malicious hacker can try to hack your server and try to replace an xpubkey.
BTCPay does not allow server hosts to view the stores of other users nor have access to any personal data (except for registration email address). The xpubkey and even balances of other users can't be seen. However, as mentioned, a malicious third party could modify that by creating a fork that can look like BTCPay on the front but be something completely different in reality.
The biggest concern, which happens when using a third-party host (even if the owner of a self-hosted server is not malicious) comes from the nature of the Bitcoin itself. If a user is not running a full node but instead relies on someone else's node, his transactions can be listened to by the owner of that node. Running a full node is not just a convenience that gives you features and enables privacy, it gives you better security and the right to "vote" and validate all the transactions yourself. Don't trust, verify.
Here are some good resources where you learn more about the importance of full nodes
- Why Your Business Should Use a Full Node to Accept Bitcoin
- Clearing Up Misconceptions About Full Nodes
Third-party hosts play an important role in the ecosystem since they provide an easy and cost-effective way for users to try and use BTCPay. The role of honest hosts who provide free service to others is essential in the early phase of BTCPay Server adoption. However, users should be familiar with the pros, cons and potential risks involved when using a trusted third-party. Find the optimal balance between your use-case, cost, and privacy/security trade-offs.
Some of the hosts are entirely free to use and maintain the server cost from donations of their users. If you've been using a reliable free host for a while, you should consider donating to them to support them.