Need Quick Answers?
Browse our frequently asked questions or use the search below to find what you're looking for.
General Questions
CryptoGate is a cryptocurrency payment gateway that enables businesses to accept Bitcoin, Litecoin, Dash, Dogecoin, and Ethereum payments. We handle all the technical complexity of blockchain integration, allowing you to focus on your business.
Our platform provides a simple API, pre-built plugins, and a user-friendly dashboard to manage all your cryptocurrency transactions in one place.
CryptoGate.live is a legitimate, non-custodial software tool for accepting cryptocurrency payments. You can verify that yourself: payments go directly from your customer's wallet into yours, because we only ever hold your wallet's public key (xPub), which can receive funds but can never send them. There is no balance for us, or anyone, to freeze or run off with.
We charge one flat monthly subscription, paid up front. We will never ask you to send crypto to "activate," "verify," or "release" funds, and we never take a cut of your sales. Anyone asking you for a deposit or "withdrawal fee," using our name or any other, is running a scam.
Note on the name: CryptoGate.live is not affiliated with any "Cryptogate" WhatsApp or Telegram investment group, "account manager" who messages you out of the blue, cryptogategroup.com, or any "Cryptogate" investment fund or firm. We do not offer investments, trading, or guaranteed returns. CryptoGate is run by a named, contactable founder, Emil Dabrowski ([email protected]), and our code is published openly on GitHub. Read reviews on Trustpilot.
We currently support:
- Bitcoin (BTC) - The original cryptocurrency
- Litecoin (LTC) - Fast and low-fee transactions
- Dash (DASH) - Privacy-focused digital cash
- Dogecoin (DOGE) - Popular community-driven coin
- Ethereum (ETH) - Smart contract platform
- ERC-20 tokens - USDT, USDC, DAI, WBTC, SHIB, PEPE, LINK, UNI, AAVE and MKR, paid to your Ethereum address
Additional cryptocurrencies are added based on merchant demand and network stability.
CryptoGate offers several unique advantages:
- No KYC for merchants - Get started immediately without lengthy verification
- Competitive fees - Transparent pricing with no hidden costs
- Direct wallet control - Funds go straight to your wallet, not held by us
- Developer-friendly API - Comprehensive REST API with webhook support
- Zero chargeback risk - Blockchain transactions are irreversible by design
No! We offer solutions for all skill levels:
- No-code: Use our dashboard to generate payment links and invoices
- E-commerce platforms: Install our plugins for Shopify, WooCommerce, etc.
- Developers: Integrate using our REST API with SDKs for JavaScript, PHP, Python
CryptoGate is available to merchants worldwide, with some exceptions. We currently cannot serve merchants in:
- Countries under international sanctions (e.g., North Korea, Iran)
- Regions where cryptocurrency is explicitly illegal
Check our Compliance page for the full list of supported regions.
We support most legal businesses including e-commerce stores, SaaS platforms, freelancers, non-profits, and service providers. We do not support:
- Illegal goods or services
- Adult content or gambling (in most jurisdictions)
- Unregistered securities or investment schemes
- Money laundering or terrorist financing
See our Terms of Service for complete usage guidelines.
We maintain 99.9% uptime with redundant infrastructure and full blockchain nodes. Our Status Page shows real-time system health. Scheduled maintenance is announced 48 hours in advance and typically occurs during low-traffic periods.
Our dashboard is fully responsive and works on mobile browsers. We don't currently have native iOS/Android apps, but our web interface provides full functionality on mobile devices including payment monitoring, transaction history, and account settings.
Yes! Our Starter plan is free to start (you only pay per transaction). You can also use our sandbox mode to test full functionality without processing real payments. No credit card required to sign up.
Email support is available 24/7 with typical response times of:
- Starter: Within 24 hours
- Business: Within 12 hours
- Enterprise: Within 4 hours + dedicated account manager
Critical issues (payment failures, API outages) receive priority support across all plans.
We're GDPR and CCPA compliant. We only collect minimal data necessary for payment processing. Customer payment data is encrypted in transit and at rest. We never sell or share customer data with third parties. See our Privacy Policy for details.
Account & Security
Getting started is simple:
- Visit cryptogate.live/signup
- Enter your email and create a secure password
- Verify your email address
- Complete your profile and wallet setup
- Start accepting payments immediately!
The entire process takes less than 5 minutes.
2FA is highly recommended but not required during signup. However, certain actions require 2FA:
- Changing wallet addresses
- Modifying API keys
- Accessing sensitive account settings
- Account recovery options
We support TOTP authenticators (Google Authenticator, Authy, 1Password) and backup codes.
We don't! CryptoGate operates in direct-to-wallet mode by default:
- You provide your cryptocurrency wallet addresses (XPubs)
- Customer payments go directly to your wallet
- We never hold or custody your funds
- You maintain complete control at all times
Your keys, your crypto. We're completely non-custodial.
Use the "Forgot Password" link on the login page. You'll receive a secure reset link via email. If you've enabled 2FA, you'll also need your authenticator app or backup codes.
Important: We cannot recover your account if you lose access to both your email and 2FA device. Always save your backup codes in a secure location!
API key security best practices:
- Never commit API keys to source control (use .env files)
- Use separate keys for production and testing
- Rotate keys every 90 days or after team member changes
- Restrict API keys to specific IP addresses when possible
- Use read-only keys for reporting/analytics
If you suspect unauthorized access:
- Immediately change your password
- Revoke all API keys and generate new ones
- Review recent transactions for unauthorized activity
- Enable 2FA if not already active
- Contact [email protected] immediately
We'll help secure your account and investigate any suspicious activity.
Yes, you can change your email in Account Settings → Profile. You'll need to verify the new email address. If 2FA is enabled, you'll need your authenticator code. For security, we'll send confirmation emails to both old and new addresses.
Sessions last 7 days with activity, or 30 minutes of inactivity. You can log out from all devices in Account Settings → Security → Active Sessions. We recommend logging out on shared computers.
To delete your account:
- Ensure all pending transactions are completed
- Cancel any active subscriptions
- Export your transaction history if needed
- Go to Settings → Account → Delete Account
Note: Account deletion is permanent and cannot be undone. Transaction data is retained for 7 years for compliance.
Yes! In Dashboard → API Keys → Key Settings, you can whitelist specific IP addresses or CIDR ranges. This is highly recommended for production keys. Requests from non-whitelisted IPs will be rejected with a 403 error.
Use your backup codes that you saved when setting up 2FA. Each code can only be used once. If you've lost your backup codes:
- Click "Lost your 2FA device?" on the login page
- Verify your identity via email
- Provide additional verification (last transaction details, etc.)
- Wait for manual review (up to 48 hours)
After 5 failed login attempts, your account is temporarily locked for 15 minutes to prevent brute force attacks. You can unlock immediately by using the "Forgot Password" link or wait for the lockout period to expire.
Yes, on Business and Enterprise plans. You can invite team members with different permission levels:
- Admin: Full access including billing and settings
- Developer: Can manage API keys and view transactions
- Support: Can view transactions and issue refunds
- View-only: Read-only access for reporting
Yes! Settings → Security → Audit Log shows all account activity including logins, setting changes, API key creation/deletion, and wallet updates. Logs are retained for 90 days on Business plans, 1 year on Enterprise.
Payments & Transactions
Our pricing is simple and transparent:
- Starter: 1% per transaction (no monthly fee)
- Business: 0.5% per transaction ($49/month)
- Enterprise: Custom pricing for high volume
No hidden fees, no setup costs, no cancellation fees. See our Pricing page for details.
Confirmation times vary by cryptocurrency:
- Bitcoin (BTC): ~10 minutes (1 confirmation) to 60 minutes (6 confirmations)
- Litecoin (LTC): ~2.5 minutes (1 confirmation)
- Ethereum (ETH): ~15 seconds to 5 minutes
- Dash (DASH): ~2.5 minutes (InstantSend: 1-2 seconds)
- Dogecoin (DOGE): ~1 minute
You can configure the required number of confirmations based on your risk tolerance.
Cryptocurrency transactions are irreversible by design - there are no chargebacks like with credit cards.
However, you can manually process refunds:
- Customer requests refund through your support channel
- You send cryptocurrency back to their original address
- Mark the transaction as refunded in your dashboard
This gives you complete control over your refund policy without third-party interference.
Minimum: To ensure payments cover blockchain network fees, we recommend:
- Bitcoin: $5 USD equivalent
- Ethereum: $2 USD equivalent
- Other coins: $1 USD equivalent
Maximum: No upper limit on transaction size. Process payments of any amount.
Integration & Technical
Yes! We provide a comprehensive REST API with:
- Complete payment lifecycle management
- Real-time webhook notifications
- Address generation and monitoring
- Transaction history and reporting
- Rate limiting and security features
Check our API Documentation for detailed integration guides.
Yes, we offer pre-built plugins for popular platforms. See our Integration Documentation for setup guides.
Absolutely! We provide a sandbox mode for testing:
- Use testnet cryptocurrencies (no real value)
- Test all payment flows and webhooks
- Verify your integration before going live
- Unlimited free testing
See our Test Mode Guide for details.
Troubleshooting & Common Errors
Most common causes:
- Still pending confirmations: Check the blockchain explorer with the transaction ID
- Wrong amount sent: Verify they sent the exact amount displayed (including fees)
- Payment window expired: Generate a new payment request
- Wrong currency: They sent BTC instead of LTC, etc.
Transaction IDs can be tracked at Troubleshooting Guide.
Underpaid transactions are marked as "Partial" in your dashboard. You can either:
- Request the remaining amount from the customer
- Accept partial payment and adjust the order
- Refund the partial amount
Set underpayment tolerance (e.g., 0.5%) in Settings → Payments to auto-accept small differences.
Overpayments are automatically accepted and marked as "Overpaid" in your dashboard. You can:
- Keep the overpayment as a tip/donation
- Apply it as store credit for future purchases
- Refund the excess amount to the customer
The full amount goes to your wallet; you control how to handle it.
No, it's not lost. Common reasons for delays:
- Low network fee: Transaction waiting in mempool for miners
- Network congestion: High blockchain activity causing delays
- Unconfirmed parent: Previous transaction needs to confirm first
Most transactions confirm within 24 hours. If stuck beyond 72 hours, the transaction may be dropped and funds returned to sender.
Unfortunately, cryptocurrency transactions are irreversible. If sent to:
- Invalid address: Transaction will fail and funds stay in sender's wallet
- Wrong but valid address: Funds are gone unless the recipient agrees to return them
- Your old address: If it's still in your wallet, you'll receive it
Always double-check addresses before sending!
Troubleshooting steps:
- Check webhook logs in Dashboard → Settings → Webhooks
- Verify your endpoint is publicly accessible (not localhost in production)
- Ensure your server returns 200 OK within 10 seconds
- Check firewall isn't blocking our IPs
- Validate webhook signature in your code
See Webhook Documentation for setup details.
Common authentication issues:
- 401: Invalid or missing API key in Authorization header
- 403: Valid key but insufficient permissions, or IP not whitelisted
Correct header format: Authorization: Bearer YOUR_API_KEY
Check your API key status in Dashboard → API Keys.
Rate limits by plan:
- Starter: 60 requests/minute
- Business: 300 requests/minute
- Enterprise: Custom limits
Implement exponential backoff and check the X-RateLimit-Remaining response header. Batch operations where possible.
This can happen if customer refreshes the payment page or clicks "Pay" multiple times. To prevent:
- Use unique
order_idfor each transaction - Check for existing payments before creating new ones
- Implement idempotency keys in your API calls
If duplicate occurred, refund one transaction through the dashboard.
Default payment windows:
- Standard: 15 minutes (prevents price volatility)
- Extended: Up to 60 minutes (configurable in settings)
After expiration, generate a new payment request. Payments sent to expired addresses will still be received but may require manual reconciliation.
Checklist for test mode:
- Verify you're using testnet API keys (starts with
test_) - Use testnet faucets to get test coins (Bitcoin testnet, Ethereum Ropsten, etc.)
- Send to testnet addresses (different format from mainnet)
- Allow time for testnet confirmations (can be slower than mainnet)
See Test Mode Guide for complete setup.
Common plugin issues:
- API keys not configured or incorrect
- Plugin not activated in payment settings
- Currency not supported (check if you're using USD/EUR/GBP)
- Plugin needs update to latest version
- Conflicting payment gateway plugins
Check plugin logs and see platform-specific guides at Integration Docs.
The dashboard shows pending payments only, not your total wallet balance. To see actual wallet balance:
- Use a blockchain explorer with your wallet address
- Check your wallet application directly
- Remember: CryptoGate doesn't hold funds, they go straight to your wallet
Dashboard only tracks payments created through CryptoGate API.
SSL errors usually indicate:
- Outdated SSL certificate bundle on your server
- Firewall blocking HTTPS connections
- Using HTTP instead of HTTPS in API base URL
- Self-signed certificates in development (disable SSL verify for testing only)
Ensure your HTTP client library has up-to-date CA certificates.
Exchange rates are locked when payment is created and held for the payment window duration (15 minutes). This protects against volatility. The rate shown in your dashboard is the rate at payment creation time, not current market rate.
To minimize discrepancies, encourage customers to complete payments quickly or extend the payment window in settings.
Wallet & Addresses
An Extended Public Key (XPub/YPub/ZPub) allows us to generate unlimited unique payment addresses for your customers without accessing your private keys. Think of it as a "master address generator."
Benefits:
- Each customer gets a unique address (better privacy)
- Easier payment tracking and reconciliation
- Your private keys stay completely safe
See Wallet Setup Guide for how to export your XPub.
Not recommended. While technically possible, reusing addresses:
- Reduces privacy (all transactions publicly linked)
- Makes payment tracking difficult
- Increases risk of payment confusion
CryptoGate automatically generates unique addresses for each payment using HD wallets. Always use the address provided for each transaction.
To change your receiving wallet:
- Go to Settings → Wallets
- Enter your new XPub/address
- Verify with 2FA code
- Confirm via email
Important: Existing pending payments will still go to the old address. The new address only applies to future payments created after the change.
We support all Bitcoin address formats:
- Legacy (P2PKH): Starts with "1" - Most compatible but higher fees
- SegWit (P2SH): Starts with "3" - Lower fees, widely supported
- Native SegWit (Bech32): Starts with "bc1" - Lowest fees, modern wallets
Recommendation: Use Native SegWit (bc1) for lowest transaction fees if your wallet supports it.
Yes! You configure a separate wallet for each supported cryptocurrency:
- Bitcoin → Your Bitcoin wallet XPub
- Ethereum → Your Ethereum address
- Litecoin → Your Litecoin wallet XPub
- And so on...
Each cryptocurrency requires its own wallet. You cannot use a Bitcoin wallet to receive Ethereum, for example.
Absolutely! Hardware wallets are highly recommended for security. Simply export the XPub from your hardware wallet and provide it to CryptoGate. Your private keys never leave the hardware device.
Compatible wallets: Ledger Nano S/X, Trezor One/Model T, BitBox, and most HD wallets.
If you're using HD wallets (XPub), all generated addresses are part of your wallet - you don't need to sweep them. Your wallet application automatically manages all addresses.
If using individual addresses, use your wallet's "sweep" or "consolidate" feature to move funds to a single address (note: you'll pay network fees for each consolidation).
Standard derivation paths:
- BIP44 (Legacy): m/44'/0'/0' - For addresses starting with "1"
- BIP49 (SegWit): m/49'/0'/0' - For addresses starting with "3"
- BIP84 (Native SegWit): m/84'/0'/0' - For addresses starting with "bc1"
Most wallets use BIP84 by default. The derivation path must match your wallet's XPub type.
No! Never! CryptoGate operates in watch-only mode. We only need your XPub (public key) to generate addresses and monitor incoming payments. Your private keys remain exclusively in your control.
We cannot spend your funds - only watch for incoming transactions.
Not recommended. Exchange wallets have limitations:
- Addresses often change or expire
- Cannot export XPub (must use single address)
- Exchange may flag/freeze accounts receiving merchant payments
- You don't control the private keys
Use a personal wallet (software, hardware, or custodial business wallet) instead.
Before saving your wallet address:
- Send a small test transaction to the address
- Verify it appears in your wallet
- Only then configure it in CryptoGate
- Double-check the address character-by-character
Our system validates address format, but cannot verify if you own it. Always test first!
Wallets use a "gap limit" (typically 20) - they stop scanning for addresses after finding 20 consecutive unused addresses. If you generate many addresses that don't receive payments, some may be beyond this gap.
Solution: Increase your wallet's gap limit, or ensure addresses are used in sequential order. Most modern wallets handle this automatically.
Webhooks & Notifications
Setting up webhooks:
- Go to Dashboard → Settings → Webhooks
- Click "Add Webhook Endpoint"
- Enter your publicly accessible HTTPS URL
- Select events to receive (payment.created, payment.confirmed, etc.)
- Save and note your webhook secret for signature verification
See Webhook Documentation for implementation details.
Every webhook includes an X-CryptoGate-Signature header. To verify:
- Get the raw request body (before parsing JSON)
- Compute HMAC-SHA256 using your webhook secret
- Compare computed signature with header value
- Reject webhook if signatures don't match
Example code available in our Webhook Guide for all languages.
We automatically retry failed webhooks:
- Immediate retry
- After 5 minutes
- After 1 hour
- After 6 hours
- After 24 hours (final attempt)
After all retries fail, the webhook is marked as failed. You can manually replay webhooks from the dashboard.
Use a tunneling service to expose localhost:
- ngrok:
ngrok http 3000- Get public HTTPS URL - localtunnel:
lt --port 3000 - Cloudflare Tunnel: For permanent development URLs
Alternatively, use our sandbox mode with a test server deployed online.
Available webhook events:
- payment.created: New payment request generated
- payment.pending: Payment detected in mempool
- payment.confirmed: Payment confirmed on blockchain
- payment.completed: All confirmations received
- payment.failed: Payment expired or failed
- payment.refunded: Payment manually refunded
Subscribe to only the events you need to reduce noise.
Implement idempotency using the event_id field:
- Store processed
event_idvalues in your database - Check if
event_idexists before processing - If exists, return 200 OK immediately (already processed)
- If new, process and store the
event_id
This prevents duplicate order fulfillment from webhook retries.
Use asynchronous processing:
- Immediately return 200 OK to CryptoGate
- Queue the webhook for background processing
- Process order fulfillment asynchronously
Don't perform heavy operations (email sending, inventory updates) in the webhook handler. Queue them instead.
Debugging tools:
- Dashboard logs: Settings → Webhooks → View Logs
- Webhook replay: Manually resend past webhooks for testing
- RequestBin/Webhook.site: Inspect raw webhook payloads
- Server logs: Check your application logs for errors
Common issues: SSL errors, signature validation failures, timeout errors.
Yes! Configure email notifications in Settings → Notifications:
- Payment received
- Payment confirmed
- Payment failed/expired
- Suspicious activity detected
- Daily/weekly summary reports
You can set different email addresses for different notification types.
Yes! You can configure multiple webhook endpoints, each receiving different events. Useful for:
- Separate endpoints for different services (order processing, analytics, notifications)
- Load balancing across multiple servers
- Development/staging/production environments
Each endpoint has its own secret for signature verification.
Still Have Questions?
Can't find what you're looking for? Visit our Support page or email us at [email protected]. We typically respond within 24 hours.