Manual:Set up exchange

From draglet wiki
Jump to: navigation, search

This manual will describe how to configure your exchange. After all configurations are done, your exchange can be used by your customers.

Preparations

There are several preparations to be done before your exchange can be set to a productive state.

DNS Setup

If you are holding a domain which should be used for the "hosted as a service" exchange, you need to add DNS records.

This can be edited when accessing your domain provider and go to "Nameservers" or "DNS Records"

Kindly add following DNS entries so they point toward our nameservers:

  • ns0.dnsmadeeasy.com.
  • ns1.dnsmadeeasy.com.
  • ns2.dnsmadeeasy.com.
  • ns3.dnsmadeeasy.com.
  • ns4.dnsmadeeasy.com.

After you have done the forwarding to our nameservers kindly give us a shout so we can do the testing.

email setup

Hosted exchange as a service: You need to setup e-mail accounts first before your exchange can go into a productive state. Following accounts should be set up:

  • fees@exchange-domain.com - The account which will be used to book the generated trading fees of your platform on to.
  • admin@exchange-domain.com - Overall admin account, necessary for creating an SSL certificate.
  • support@exchange-domain.com - Support e-mail address.
  • maker@exchange-domain.com - e-mail address for the maker/taker add on.
  • taker@exchange-domain.com - e-mail address for the maker/taker add on.
  • merchant-pos@exchange-domain.com - e-mail address for the merchant add on.
  • pricedifferences@exchange-domain.com - e-mail address for the price differences
  • deepfreeze@exchange-domain.com - e-mail address for the deep freeze transaction fees
  • operator@exchange-domain.com - e-mail address that will receive technical notifications. If you have the draglet exchange hosted as a service, kindly provide the operator@draglet.com email address so we will receive notification emails and can react to technical problems.

If you want to connect your exchange to the dso, you shoud create an email account for each connected dso-exchange.

  • dso-<connected exchange name>@exchange-domain.com

For example when you want to connect your exchange to the trust-deposit you should issue an email account "dso-trust-deposit@exchange-domain.com".

Receiving e-mails

To receive e-mails, you need to have an e-mail provider. This function is offered by most domain providers. Set up each e-mail address (either as individual account or a simple forward) so you can receive those e-mails.

Sending e-mails

You need to tell us the MX Records of your domain if you want the hosted exchange to send e-mails with those addresses.

Ordering the SSL certificate

When customers connect to your exchange site, they need to have an encrypted connection. If the exchange site is operated without a certificate, user passwords can be easily read by eavedroppers. Using a valid SSL certificate creates a safe environment for your customers.

When ordering a SSL certificate, you need to request a CSR from us. The CSR will help to create the SSL certificate.

Information needed for a CSR:

  • Country Name (2 letter code) [DE]:
  • State or Province Name (full name) [Bavaria]:
  • Locality Name (eg, city) [Munich]:
  • Organization Name (eg, company) [draglet GmbH]:
  • Organizational Unit Name (eg, section) [IT department]:
  • Common Name (e.g. server FQDN or YOUR name) [www.myexchange.com]:

What certificate should I purchase? Only a wildcard (*.domain) if you want to use the subdomains. Tell us this so we can create a CSR for wildcard certificate.

It is important to have the E-mail setup finished before getting the SSL certificate, because a confirmation mail might be send to admin@(your exchange-domain).com

Installation of VPN

If you want to connect to the admin interface of your live exchange, you need to have a VPN connection. The necessary VPN certificate can be found in the mail that contains the contract we have sent you.

This is the VPN setup on Windows:

  1. Download OpenVPN here: https://openvpn.net/index.php/download/community-downloads.html. Choose the appropriate installer and install OpenVPN.
  2. Insert the USB stick with the VPN access data.
  3. Set the OpenVPN program as standard program for .ovpn files.
  4. Now start a command shell with administrator privileges: Press Win (you see the Metro interface), type cmd, then type Shift+Ctrl+Enter. Confirm running with admin privileges. OR right click on Windows Button, Command Prompt (Admin)

You should see a command shell now (black background, white letter, blinking cursor).

  1. Type "D:" (replace D:\ with the letter on wich the USB stick is mounted) to navigate to the openvpn config files.
  2. Type draglet-xbitasia.ovpn and press enter to start the VPN. You should see the VPN starting now.
  3. Now navigate to http://admin.yourexchangesite.com and enter username and password from the e-mail.
  4. Username/password are only needed after step 6, you will receive them separately by e-mail

Email encryption

Emails may contain confidential information that should not be visible to everyone, especially when sending login information. draglet requires each exchange operator to install S/MIME encryption for their email programs so encrypted email communication can be used to exchange logins and other important information. A guide how to receive an S/MIME certificate and how to install and use it can be found below.


Step 1. Get InstantSSL certificate

Go to https://www.instantssl.com/ssl-certificate-products/free-email-certificate.html and follow the instructions. Remember the password for certificate revocation. When you receive the confirmation e-mail open it in Firefox. Internet Explorer and Chrome work too, but the process to export the certificate is different. The main steps are to put in the right e-mail address and create the certificate.


Step 2. Export the certificate

When the installation of the certificate is confirmed, click Firefox – Settings – Extended – Certificates – Show Certificates, choose your new certificate from the Tab „Your Certificates“ and click on Save... Now encrypt it with the same password you used for certificate revocation (like this you only have to remember one password). Remember the file name you save the certificate to.


Step 3. S/MIME in Outlook

Follow these step to get S/MIME running in Outlook:
1. Right click the e-mail account you have requested the certificate for and choose account properties.
2. Select Options – Security Center – Settings and click on E-Mail Security. In the Digital IDs area choose Import, select the certificate file you have saved during the Export step in 1 Get InstantSSL certificate, enter your backup password and confirm. After the import you are back in Settings – E-Mail Security.
3. You are still in Select Options – Security Center – Settings – E-Mail Security. In the Encrypted E-Mail messages area click the Settings button. Select your new certificate for signatures and encryption and tick the checkbox „Add these certificates to signed messages“.
4. To always sign or encrypt outgoing mail tick the checkboxes „Encrypt outgoing messages“ and „Add signature to outgoing messages“ in Select Options – Security Center – Settings in the Encrypted E-Mail messages area. This setting can be individually changed per e-mail via the Options – Sign/Encrypt buttons in the New Mail window.
You are now ready to send and receive encrypted mail in Outlook.


Step 4. S/MIME in Thunderbird

Follow these step to get S/MIME running in Thunderbird:
1. Select your e-mail account and click account settings – S/MIME (in some installations Security) – Manage certificates – Import...
2. Select the Certificate file you have saved during the Export step in 1 Get InstantSSL certificate, enter your backup password and confirm.
3. After closing the certificate manager select your new certificate for signing and encryption and, if desired, choose to always require encryption when sending message. This setting can be individually changed per e-mail via the S/MIME button in the Send E-mail window.
You are now ready to send and receive encrypted mail in Thunderbird.


Step 5. S/MIME in Windows Live Mail

Follow these step to get S/MIME running in Windows Live Mail:
1. To import the certificate you have to open Internet Explorer – Internet Options – Content – Certificates. Click Import and choose the *.p12,*.pfx file type. Select the Certificate file you have saved during the Export step in 1 Get InstantSSL certificate, enter your backup password, tick the Include Extended Properties checkbox and confirm. Select to Choose the Certificate Store Automatically and import to certificate.
2. Back in Windows Live Mail choose the e-mail account you have requested the certificate for and click on accounts – properties.
3. Open the Security tab and select the previously imported InstantSSL certificate for signing and encryption.
4. To always sign or encrypt outgoing mail choose file – options – security options. Click the security tab and click “Sign all messages and Encrypt all messages” and confirm. This setting can be individually changed per e-mail via the Options – Sign/Encrypt buttons in the New Mail window.
You are now ready to send and receive encrypted mail in Windows Live Mail.


Step 6. Delete old certificates

To make your e-mail client use the latest certificates of your partners you need to delete old certificates from the storage. Here's the way how to do that:
Thunderbird: Click on the e-mail account - account settings - S/MIME security - manage certificates - Persons, choose on the old certificate and click Delete.
Outlook and Windows Live Mail: Open internet explorer, choose internet Options - Content - Certificates - Other Persons, choose on the old certificate and click Delete.


Modify the content

KYC Definitions

Each exchange has a different regulation in terms of KYC compliance. KYC means "know your customer" and is the responsibility of the customer to know each of their customers. The identity of the customer is defined in

  • personal identity
  • residential address

draglet wants to support you in any case so you can establish a fitting KYC process, for that we do need the information:

  • what personal data would you like to gather from your customers?
    • e.g. Firstname, Lastname
    • e.g. Date of birth, Number of identity card
    • e.g. State, number, Town, State
  • Documents for upload:
    • Proof of identity (such as Passport)
    • Proof of address (utility bill of residence, not older than 3 months)

We have provided the document for the KYC definitions here [[1]]

Change content of exchange via FTP

Given the case that you have translations available, you can directly put them into the content on your FTP folder.

How does this work with the FTP Server?

You will receive access to the FTP Server from the draglet suppport once the servers of your exchange has been set up. The FTP Server will give you access to the content of the test installation. You can directly edit following content:

  • Content (Folder) - This is the folder for the website content.
    • The subfolders are showing the content for each language, e.g. CN for Chinese and EN for English.
  • Images (Folder) - This is the folder for all images content of your website
    • Contains the logo.svg file that is your exchange logo, normally displayed on the top left. Please notice that the .svg format is a vector image that can be scaled.
    • Simply replace the logo.svg with your own logo to make changes on the logo.
  • l10n (Folder) - Contains the text content of labels (translatable text on front site, e.g. "Order book" or "last trades") and notifications (Messages that appear on top right after a user action, e.g. "Trade was executed").
    • labels_locale_cn.js - Chinese content for labels.
    • labels_locale_en.js - English content for labels.
    • messages_locale_cn.js - Chinese content for notifications.
    • messages_locale_en.js - English content for notifications.

It is necessary to make modifications on following pages:

  • Data privacy statement and terms of participation (can be found at /content/<languagecode>/DataPrivacyStatement.html)
  • FAQ (can be found at /content/<languagecode>/faq.html)
  • Legal notice & disclaimer (can be found at /content/<languagecode>/legal.html)
  • Contact (can be found at /content/<languagecode>/contact.html)

It is necessary that the meta title and description of your exchange main site are changed so it has most possible efficience for your SEO purposes. Kindly provide us the information for following:

  • Meta title (up to 55 chars)
  • Description (up to 160 chars)

If you ordered another language than English and German, you need to ask you to kindly do the translations by yourself.

Change E-mail content

To change the E-mail content you can access the E-mail CMS section in the admin interface.

Kindly change the templates as well as the content of the emails given the case that you would like to have changes. If you have additional languages implemented you would need to provide the translations for each email as well. The “CMS” section offers to change the content of emails which are automatically sent by the exchange, such as registration emails for users that create an account.

Email CMS Menu
Every email consists of two parts: the template and the content.
Click on “E-mail templates” to edit the salutation, the valediction and the signature. Content of emails can be edited at the “E-mail content” section.
You can use the filter to select certain languages or “Idents”. Idents are events such as “Password change”, “registration” or “welcome mail”.


List of different Idents


If you want to edit all English E-mail templates, choose “English” and then pick the relevant E-mail content from the filtered list:

E-mail content overview

Either click on the edit button to edit content or use the preview (click on the eye signal) to have a read-only access to the E-mail content.
After editing, you can click on “Apply” to quick save your changes while staying in the editing mode. If you want to save the changes and close the editor, click on “Save”.
You will receive a confirmation after the new content has been saved:

Confirmation of saved content


Configure the exchange software

Merchant Plugin

Given the case that you ordered the merchant plugin, you need to make a small set up on your exchange. You need to register a merchant system user that is necessary to liquidate Bitcoin that are used in a No Risk Option payment. After you registered the merchant system user, you need to provide the login information in the Configuration panel in admin interface.

Create merchant system user

Go to your exchange front end and register a new account. This could be called for example "merchant@exchangedomain.com" (notice that you need to have access to the email address used for the registration).

Provide login information in configuration panel

After the registration was done you directly put in the login credentials into the configuration panel. You can see the merchant sys user login and password field here: MerchantSysUser.PNG Save the configuration and test out the functionality of the merchant plugin by creating a payment button.

Markets

Now it is time to create markets for the exchange. The exact manual of how to create the markets is found here.

You can choose any combination of currency pairs, depending on how many currencies are implemented in your exchange. If you would like to have additional currencies implemented kindly go to the webshop or reach out to us.

When creating the markets, kindly notice that following:

The nominal currency is the leading currency or the currency that is being sold and bought. The limit currency is the currency being used to buy and sell the nominal currency. So if you want to have a Bitcoin to USD market, Bitcoin should be bought/sold with/for US Dollars. Set Bitcoin as the nominal currency and USD as the limit currency.

  • If you create a market that has a currency pair of Crypto to Fiat, always set Cryptocurrency as nominal currency and the Fiat currency as limit currency. E.g. Bitcoin as nominal currency, USD as limit currency.
  • If you create a market with the pairing of two Cryptocurrencies, set the bigger Cryptocurrency (BTC, Ether e.g.) as the nominal currency and the lesser cryptocurrency as limit currency. E.g. Bitcoin as nominal currency, DOGE as limit currency.
  • If you create a market with the currency pair of a certificate and a fiat currency, set the certificate as nominal currency and the fiat currency as limit currency.

Trading fees are the next step to set. In general it is hard to say how much trading fees you should charge as it depends largely on the maturity of the market. E.g. in South America the market is quite immature, so exchange operators can charge a higher trading fee (between 0.2% and 1%). The european markets are having a higher maturity, so charging a medium trading fee (between 0.1% and 0.4%) would be reasonable. Asian markets are much more developed than elsewhere, most exchanges provide 0% trading fee. Trading fees of 0% up to 0.2% would be advisable. It is still possible to monetize exchange activity with other means such as withdrawal fees, please feel free to reach out if you are interested.

Set up multisignature cold storage

A very important step is to configure the deep freeze process which will automatically move funds from the hot wallet to your multisignature cold storage. Following procedures need to be done:

Configure the hot wallet threshold

The hot wallet threshold is the limit of Bitcoin to be held in the hot wallet of the exchange. If the threshold is exceeded, the exceeding funds will be automatically sent to the multisignature cold storage. Setting the threshold to the right amount is important, because:

  • a threshold set too low will result in very few coins stored in the hot wallet. This is safe but might lead to suspended transfers if customers want to withdraw a larger sum.
  • a threshold set too high will ensure fast withdrawals for higher amounts but results in exposure.

It is not necessary to create multisignature cold storages, as normal cold storages can be used. It is also possible to use Trezor as cold storage. The process of creating the cold storages is described here.

Distributed Shared Orderbook

Given the case that you have the DSO add on for your exchange, you need to register your DSO account. Do so by going to www.trust-deposit.net and register an account. It should be identifiyable as the account of your exchange (it helps if you register with an email address from your exchange domain).

After the registration has been done, kindly upload following documents to go through the KYC verification:

  • Front and back scan of your ID
  • Scan of your business registration certificate

You need to deposit funds in order to receive liquidity from the DSO. The amount of liquidity provided is depending on the deposits that you did on the trust-deposit:

  • Depositing 10.000 EUR will give you ASK depth worth 10.000 EUR
  • Depositing 20 BTC will give you BID depth worth 20 BTC

If orders on your local exchange are geting matched with the liquidity from the DSO, the result will be visible in the account on trust-deposit.

E.g.:

  • If you bought 5 Bitcoin, your account balance on trust-deposit will be increased by 5 Bitcoin and subtracted the price for buying.
  • If you sold 5 Bitcoin, your account balance on trust-deposit will be deducted by 5 Bitcoin and increased with the EUR that you received for it.

You will then need to withdraw the funds from trust-deposit.net. Bitcoin bought by local users would need to be transferred from the hot wallet of trust-deposit to your local exchange.