Galoy is an opinionated Bitcoin banking platform.
This repo represents the main API that brings all functionality together.
Found critical bugs/vulnerabilities? Please email them security@galoy.io Thanks!
Want to try it out and contribute? Check out the dev documentation to deploy locally with a docker-compose script.
If you have questions, you can join our Workspace
For an overview of all relevant repositories checkout awesome-galoy.
- GraphqlAPI:
- Public API following industry best practices
- For end clients. Documentation
- For admin activities
- Authentication:
- Code is sent via Twillio to end user's phone number which can be exchanged for JWT auth token
- OAuth integration (in progress)
- Account scoped API keys (in progress)
- Internal ledger:
- Records all account activity via double entry accounting
- Support for integrating fiat currencies (in progress)
- CSV based export of all accounting data
- Contact list for frequent transaction partners
- Price
- Sub-second price data polled from the largest exchanges to record USD value at settlement
- Historical price data can be queried for display for different time frames
- Send / Receive BTC payments
- External settlement via OnChain or lightning
- Automatic internal settlement when payer & payee are on the same galoy instance
- Fees can be applied for sending / receiving for all settlement methods
- Support for tipping via dedicated web-frontend
- Include memo to payment
- Lightning Network
- Support for clearnet and TOR
- Support for invoices with and without a specified amount
- Route probing to pre-display an accurate fee and mitigate attacks based on expensive routing
- Channel data backup to S3 and Google Cloud storage
- Custodial storage of all user assets
- Limited funds stored in hot-wallet (keys kept on servers)
- Threshold based rebalancing to cold-storage (keys stored on offline hardware devices)
- Security:
- Velocity check based on user verification level
- Spam protection for sharing memos
- Configurable 2fa for payments (in progress)
- DDoS prevention
- via rate limiting infront of critical APIs
- via geetest CAPTCHA
- Resilience
- Databases (MongoDB and Redis) are run by default in high availability/resilience mode. If one pod/node goes down, there is an automatic failover on another pod/node.
- Production ready
- Supports horizontal scaling and highly available deployments via k8s
- Client side load balancing across multiple LND nodes
- Out-of-the-box dashboards for KPIs deployed to Grafana showing metrics exported via Prometheus
- Quick response times thanks to the pagination of large data sets
- Returning error codes for full translation capability of the frontend
- Instrumentation enabled for real-time insights into production runtime (opentelemetry / honeycomb)
- User onboarding (optional)
- Gamification via user quiz that pays out sats
- Map of in-network merchants
- Notifications
- Mobile clients can receive notifications of balance changes in real-time
- Daily notification of balance for active end users
Running the Galoy software locally can be done in a variety of ways, but this abbreviated section will focus on a single method for getting your environment ready to run the stack. For more information and options on running Galoy locally, see the development environment documentation.
Currently developing on MacOS and Linux is supported.
Install dependencies on your chosen platform.
- 1)
nix
with flakes enabled - 2)
docker
from Docker Desktop or Docker Engine - 3a)
direnv
version>= 2.30
installed - 3b)
direnv
hooked into your shell
For nix
, we highly recommend using the Determinate Nix Installer.
For docker
, the Docker Desktop version corresponding to your native architecture should be used.
For direnv
, you can install it with your package manager of choice.
However, if you're unsure which installation method to use or your package manager does not provide a compatible version,
you can use nix
itself (e.g. nix profile install nixpkgs#direnv
).
We recommend using the upstream docs for hooking
direnv
into your shell, but here is an example on how to do it on a system wherezsh
is the default shell. In this example, the following is added to the end of~/.zshrc
.if [ $(command -v direnv) ]; then eval "$(direnv hook zsh)" fi
All commands need to be run from the nix
environment.
Since direnv
is installed and hooked into your shell, you can cd
into
the repository and nix
will bootstrap the environment for you using the flake.
Please note: you may notice a large download of dependencies when entering the repository for the first time.
We use buck2 to run the stack, run and build individual services and libraries, perform lints and tests, etc.
_Before continuing, you should stop any locally running services to avoid conflicting ports with the stack. Some of the services that will run include, but are not limited to the following: PostgreSQL, OpenTelemetry, MongoDB.
Check if you are ready to run the stack before continuing.
buck2 run dev:healthcheck
You may notice some checks related to resource limits.
On macOS and in WSL2 in particular, we recommend significantly increasing the file descriptor limit for buck2
to work as intended (e.g. ulimit -n 10240
).
Please note: the new file descriptor limit may not persist to future sessions.
Once ready, we can build relevant services and run the entire stack locally.
buck2 run dev:up
Once Tilt starts, you can check on the status of all services by accessing the UI through the given port on your local host (e.g. http://localhost:10350/). Every service should eventually have a green checkmark next to them, which ensures that they are in "ready" states.
If some services fail to start, you can restart them on the Tilt dashboard.
The following command will stop all running services and containers. It will also remove the containers and, consequentially, the data held in them.
buck2 run dev:down
Take a look at the Quickstart if you want to take it for a spin.