DirectCryptoPay Docs

Non-Custodial Explained

DirectCryptoPay is a non-custodial payment gateway. This is a fundamental design principle that affects how payments flow, who controls funds, and what risks exist.

What Does Non-Custodial Mean?

In a non-custodial model, the payment gateway never holds, controls, or has access to merchant funds. When a customer makes a payment, the cryptocurrency moves directly from the customer's wallet to the merchant's wallet in a single on-chain transaction.

  Traditional (Custodial)              DirectCryptoPay (Non-Custodial)
  -----------------------              -------------------------------

  Customer                             Customer
      |                                    |
      v                                    |
  [Payment Processor]                      |  Direct on-chain transfer
  [  Holds Funds    ]                      |
  [  Takes a Cut    ]                      |
      |                                    |
      v                                    v
  Merchant                             Merchant
  (receives payout later)              (receives funds immediately)

How It Works Technically

  1. Customer initiates payment -- The widget or payment link creates a Payment Intent
  2. Transaction constructed -- The widget builds a transaction that sends tokens directly to your wallet address
  3. Customer signs -- The customer approves the transaction in their wallet
  4. On-chain transfer -- Funds move from the customer's wallet to yours in a single blockchain transaction
  5. DCP verifies -- The DCP backend monitors the blockchain and confirms the transaction independently
  6. Webhook sent -- You receive a notification that the payment is confirmed

At no point does DCP have custody of or access to the funds. The transaction is a direct peer-to-peer transfer on the blockchain.

Why Non-Custodial Matters

For Merchants

  • Instant settlement -- Funds are in your wallet as soon as the transaction confirms (no waiting for payouts)
  • No counterparty risk -- DCP cannot freeze, withhold, or lose your funds
  • No chargebacks -- Blockchain transactions are final and irreversible
  • Full control -- You hold the private keys to your wallet at all times

For Customers

  • Transparency -- The customer can verify exactly where funds are going before signing
  • Privacy -- No need to create an account with DCP or share personal information
  • Direct transfer -- Funds go to the merchant, not to an intermediary

For Regulatory Compliance

  • No money transmission -- DCP does not transmit money, reducing regulatory complexity
  • Simpler accounting -- Payments are on-chain transactions between two wallets
  • Audit trail -- Every payment is a public blockchain transaction that can be independently verified

Comparison with Custodial Gateways

Feature Custodial (e.g., Stripe, PayPal) Non-Custodial (DCP)
Fund Custody Gateway holds funds Merchant holds funds
Settlement Time Days to weeks Immediate (block confirmation)
Chargebacks Possible Not possible
Counterparty Risk Gateway could freeze funds No risk -- funds are in your wallet
KYC Required Usually Not for accepting payments
Per-Transaction Fees 2-3% typical None from DCP (only blockchain gas)

What DCP Does (and Does Not Do)

DCP Does:

  • Create and manage Payment Intents
  • Provide the payment widget UI
  • Monitor the blockchain for transaction confirmation
  • Send webhook notifications to your server
  • Convert USD prices to token amounts using real-time price feeds

DCP Does Not:

  • Hold, custody, or control your funds
  • Have access to your wallet private keys
  • Take a percentage of each transaction
  • Process refunds (you handle this directly wallet-to-wallet if needed)
  • Have the ability to reverse or modify blockchain transactions

Refunds: Since DCP is non-custodial, refunds are handled directly by the merchant. If you need to refund a customer, you send tokens from your wallet back to their wallet address (visible in the webhook payload or dashboard).

## Security Model

DCP's zero-trust verification model means:

  1. The frontend cannot lie -- The widget submits a transaction, but only the DCP backend (reading the blockchain directly) can confirm it
  2. The backend verifies independently -- DCP's blockchain monitoring does not trust the frontend or widget at all
  3. Webhooks are signed -- Every webhook is HMAC-signed so your server can verify it came from DCP

This design ensures that even if someone tampers with the frontend code, they cannot fake a successful payment.

Previous Supported Tokens
DirectCryptoPay Documentation · Non-Custodial Crypto Payments