Small formatting tweaks, for consistency with existing code.

1) use the cached version instead of rescanning all the files
2) separating the loading (which include files scanning) and listing logic

.github/workflows/pr-testing.yml

@@ -0,0 +1,33 @@
+name: PR testing
+
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  mavenTesting:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Cache local Maven repository
+      uses: actions/cache@v2
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    - name: Set up the Java JDK
+      uses: actions/setup-java@v2
+      with:
+        java-version: '11'
+        distribution: 'adopt'
+
+    - name: Run all tests
+      run: |
+        mvn -B clean test -DskipTests=false --file pom.xml
+        if [ -f "target/site/jacoco/index.html" ]; then echo "Total coverage: $(cat target/site/jacoco/index.html | grep -o 'Total[^%]*%' | grep -o '[0-9]*%')"; fi
+
+    - name: Log coverage percentage
+      run: |
+        if [ ! -f "target/site/jacoco/index.html" ]; then echo "No coverage information available"; fi
+        if [ -f "target/site/jacoco/index.html" ]; then echo "Total coverage: $(cat target/site/jacoco/index.html | grep -o 'Total[^%]*%' | grep -o '[0-9]*%')"; fi

.gitignore

@@ -1,6 +1,8 @@
 /db*
+/lists/
 /bin/
 /target/
+/qortal-backup/
 /log.txt.*
 /arbitrary*
 /Qortal-BTC*
@@ -14,5 +16,18 @@
 /settings.json
 /testnet*
 /settings*.json
-/testchain.json
-/run-testnet.sh
+/testchain*.json
+/run-testnet*.sh
+/.idea
+/qortal.iml
+.DS_Store
+/src/main/resources/resources
+/*.jar
+/run.pid
+/run.log
+/WindowsInstaller/Install Files/qortal.jar
+/*.7z
+/tmp
+/data*
+/src/test/resources/arbitrary/*/.qortal/cache
+apikey.txt

AutoUpdates.md

@@ -1,5 +1,20 @@
 # Auto Updates
 
+## TL;DR: how-to
+
+* Prepare new release version (see way below for details)
+* Assuming you are in git 'master' branch, at HEAD
+* Shutdown local node if running
+* Build auto-update download: `tools/build-auto-update.sh` - uploads auto-update file into new git branch
+* Restart local node
+* Publish auto-update transaction using *private key* for **non-admin** member of "dev" group:
+	`tools/publish-auto-update.sh non-admin-dev-member-private-key-in-base58`
+* Wait for auto-update `ARBITRARY` transaction to be confirmed into a block
+* Have "dev" group admins 'approve' auto-update using `tools/approve-auto-update.sh`
+	This tool will prompt for *private key* of **admin** of "dev" group
+* A minimum number of admins are required for approval, and a minimum number of blocks must pass also.
+* Nodes will start to download, and apply, the update over the next 20 minutes or so (see CHECK_INTERVAL in AutoUpdate.java)
+
 ## Theory
 * Using a specific git commit (e.g. abcdef123) we produce a determinstic JAR with consistent hash.
 * To avoid issues with over-eager anti-virus / firewalls we obfuscate JAR using very simplistic XOR-based method.
@@ -25,8 +40,8 @@ The same method is used to obfuscate and de-obfuscate:
 
 ## Typical download locations
 The git SHA1 commit hash is used to replace `%s` in various download locations, e.g.:
-* https://github.com/QORT/qortal/raw/%s/qortal.update
-* https://raw.githubusercontent.com@151.101.16.133/QORT/qortal/%s/qortal.update
+* https://github.com/Qortal/qortal/raw/%s/qortal.update
+* https://raw.githubusercontent.com@151.101.16.133/Qortal/qortal/%s/qortal.update
 
 These locations are part of the org.qortal.settings.Settings class and can be overriden in settings.json like:
 ```
@@ -45,4 +60,12 @@ $ java -cp qortal.jar org.qortal.XorUpdate
 usage: XorUpdate <input-file> <output-file>
 $ java -cp qortal.jar org.qortal.XorUpdate qortal.jar qortal.update
 $
-```
+```
+
+## Preparing new release version
+
+* Shutdown local node
+* Modify `pom.xml` and increase version inside `<version>` tag
+* Commit new `pom.xml` and push to github, e.g. `git commit -m 'Bumped to v1.4.2' -- pom.xml; git push`
+* Tag this new commit with same version: `git tag v1.4.2`
+* Push tag up to github: `git push origin v1.4.2`

DATABASE.md

@@ -4,10 +4,10 @@ You can examine your node's database using [HSQLDB's "sqltool"](http://www.hsqld
 It's a good idea to install "rlwrap" (ReadLine wrapper) too as sqltool doesn't support command history/editing.
 
 Typical command line for sqltool would be:
-`rlwrap java -cp ${HSQLDB_JAR}:${SQLTOOL_JAR} org.hsqldb.cmdline.SqlTool --rcFile=${SQLTOOL_RC} qora`
+`rlwrap java -cp ${HSQLDB_JAR}:${SQLTOOL_JAR} org.hsqldb.cmdline.SqlTool --rcFile=${SQLTOOL_RC} qortal`
 
 `${HSQLDB_JAR}` should be set with pathname where Maven downloaded hsqldb, 
-typically `${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar`
+typically `${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.1/hsqldb-2.5.1.jar`
 
 `${SQLTOOL_JAR}` should be set with pathname where Maven downloaded sqltool,
 typically  `${HOME}/.m2/repository/org/hsqldb/sqltool/2.5.0/sqltool-2.5.0.jar`
@@ -25,10 +25,16 @@ Above `url` component `file:db/blockchain` assumes you will call `sqltool` from
 
 Another idea is to assign a shell alias in your `.bashrc` like:
 ```
-export HSQLDB_JAR=${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar
+export HSQLDB_JAR=${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.1/hsqldb-2.5.1.jar
 export SQLTOOL_JAR=${HOME}/.m2/repository/org/hsqldb/sqltool/2.5.0/sqltool-2.5.0.jar
 alias sqltool='rlwrap java -cp ${HSQLDB_JAR}:${SQLTOOL_JAR} org.hsqldb.cmdline.SqlTool --rcFile=${SQLTOOL_RC}'
 ```
 So you can simply type: `sqltool qortal`
 
 Don't forget to use `SHUTDOWN;` before exiting sqltool so that database files are closed cleanly.
+
+## Quick and dirty version
+
+With `sqltool-2.5.0.jar` and `qortal.jar` in current directory, and database in `db/`
+
+`java -cp qortal.jar:sqltool-2.5.0.jar org.hsqldb.cmdline.SqlTool --inlineRc=url=jdbc:hsqldb:file:db/blockchain`

Dockerfile

@@ -0,0 +1,26 @@
+FROM maven:3-openjdk-11 as builder
+
+WORKDIR /work
+COPY ./ /work/
+RUN mvn clean package
+
+###
+FROM openjdk:11
+
+RUN useradd -r -u 1000 -g users qortal && \
+    mkdir /usr/local/qortal /qortal && \
+    chown 1000:100 /qortal
+
+COPY --from=builder /work/log4j2.properties /usr/local/qortal/
+COPY --from=builder /work/target/qortal*.jar /usr/local/qortal/qortal.jar
+
+USER 1000:100
+
+EXPOSE 12391 12392
+HEALTHCHECK --start-period=5m CMD curl -sf http://127.0.0.1:12391/admin/info || exit 1
+
+WORKDIR /qortal
+VOLUME /qortal
+
+ENTRYPOINT ["java"]
+CMD ["-Djava.net.preferIPv4Stack=false", "-jar", "/usr/local/qortal/qortal.jar"]

README.md

@@ -9,4 +9,4 @@
 - Create basic *settings.json* file: `echo '{}' > settings.json`
 - Run JAR in same working directory as *settings.json*: `java -jar target/qortal-1.0.jar`
 - Wrap in shell script, add JVM flags, redirection, backgrounding, etc. as necessary.
-- Or use supplied example shell script: *run.sh*
+- Or use supplied example shell script: *start.sh*

TestNets.md

@@ -0,0 +1,69 @@
+# How to build a testnet
+
+## Create testnet blockchain config
+
+- You can begin by copying the mainnet blockchain config `src/main/resources/blockchain.json`
+- Insert `"isTestChain": true,` after the opening `{`
+- Modify testnet genesis block
+
+### Testnet genesis block
+
+- Set `timestamp` to a nearby future value, e.g. 15 mins from 'now'
+	This is to give yourself enough time to set up other testnet nodes
+- Retain the initial `ISSUE_ASSET` transactions!
+- Add `ACCOUNT_FLAGS` transactions with `"andMask": -1, "orMask": 1, "xorMask": 0` to create founders
+- Add at least one `REWARD_SHARE` transaction otherwise no-one can mint initial blocks!
+	You will need to calculate `rewardSharePublicKey` (and private key),
+	or make a new account on mainnet and use self-share key values
+- Add `ACCOUNT_LEVEL` transactions to set initial level of accounts as needed
+- Add `GENESIS` transactions to add QORT/LEGACY_QORA funds to accounts as needed
+
+## Testnet `settings.json`
+
+- Create a new `settings-test.json`
+- Make sure to add `"isTestNet": true,`
+- Make sure to reference testnet blockchain config file: `"blockchainConfig": "testchain.json",`
+- It is a good idea to use a separate database: `"repositoryPath": "db-testnet",`
+- You might also need to add `"bitcoinNet": "TEST3",` and `"litecoinNet": "TEST3",`
+
+## Other nodes
+
+- Copy `testchain.json` and `settings-test.json` to other nodes
+- Alternatively, you can run multiple nodes on the same machine by:
+	* Copying `settings-test.json` to `settings-test-1.json`
+	* Configure different `repositoryPath`
+	* Configure use of different ports:
+		+ `"apiPort": 22391,`
+		+ `"listenPort": 22392,`
+
+## Starting-up
+
+- Start up at least as many nodes as `minBlockchainPeers` (or adjust this value instead)
+- Probably best to perform API call `DELETE /peers/known`
+- Add other nodes via API call `POST /peers <peer-hostname-or-IP>`
+- Add minting private key to node(s) via API call `POST /admin/mintingaccounts <minting-private-key>`
+	This key must have corresponding `REWARD_SHARE` transaction in testnet genesis block
+- Wait for genesis block timestamp to pass
+- A node should mint block 2 approximately 60 seconds after genesis block timestamp
+- Other testnet nodes will sync *as long as there is at least `minBlockchainPeers` peers with an "up-to-date" chain`
+- You can also use API call `POST /admin/forcesync <connected-peer-IP-and-port>` on stuck nodes
+
+## Dealing with stuck chain
+
+Maybe your nodes have been offline and no-one has minted a recent testnet block.
+Your options are:
+
+- Start a new testnet from scratch
+- Fire up your testnet node(s)
+- Force one of your nodes to mint by:
+	+ Set a debugger breakpoint on Settings.getMinBlockchainPeers()
+	+ When breakpoint is hit, change `this.minBlockchainPeers` to zero, then continue
+- Once one of your nodes has minted blocks up to 'now', you can use "forcesync" on the other nodes
+
+## Tools
+
+- `qort` tool, but use `-t` option for default testnet API port (62391)
+- `qort` tool, but first set shell variable: `export BASE_URL=some-node-hostname-or-ip:port`
+- `qort` tool, but prepend with one-time shell variable: `BASE_URL=some-node-hostname-or-ip:port qort ......`
+- `peer-heights`, but use `-t` option, or `BASE_URL` shell variable as above
+

WindowsInstaller/Install Files/log4j2.properties

@@ -61,7 +61,7 @@ appender.rolling.type = RollingFile
 appender.rolling.name = FILE
 appender.rolling.layout.type = PatternLayout
 appender.rolling.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
-appender.rolling.filePattern = ${dirname:-}${filename}.%i
+appender.rolling.filePattern = ./${filename}.%i
 appender.rolling.policy.type = SizeBasedTriggeringPolicy
 appender.rolling.policy.size = 4MB
 # Set the immediate flush to true (default)

WindowsInstaller/README.md

@@ -12,7 +12,7 @@ configured paths, or create a dummy `D:` drive with the expected layout.
 
 Typical build procedure:
 
-* Overwrite the `qortal.jar` file in `Install-Files\`
+* Place the `qortal.jar` file in `Install-Files\`
 * Open AdvancedInstaller with qortal.aip file
 * If releasing a new version, change version number in:
 	+ "Product Information" side menu

lib/com/dosse/WaifUPnP/1.1/WaifUPnP-1.1.pom

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.dosse</groupId>
+  <artifactId>WaifUPnP</artifactId>
+  <version>1.1</version>
+  <description>POM was created from install:install-file</description>
+</project>

lib/com/dosse/WaifUPnP/maven-metadata-local.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<metadata>
+  <groupId>com.dosse</groupId>
+  <artifactId>WaifUPnP</artifactId>
+  <versioning>
+    <release>1.1</release>
+    <versions>
+      <version>1.1</version>
+    </versions>
+    <lastUpdated>20220218200127</lastUpdated>
+  </versioning>
+</metadata>

lib/org/ciyam/AT/1.3.8/AT-1.3.8.pom

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.ciyam</groupId>
+  <artifactId>AT</artifactId>
+  <version>1.3.8</version>
+  <description>POM was created from install:install-file</description>
+</project>

lib/org/ciyam/AT/maven-metadata-local.xml

@@ -3,13 +3,14 @@
   <groupId>org.ciyam</groupId>
   <artifactId>AT</artifactId>
   <versioning>
-    <release>1.3.7</release>
+    <release>1.3.8</release>
     <versions>
       <version>1.3.4</version>
       <version>1.3.5</version>
       <version>1.3.6</version>
       <version>1.3.7</version>
+      <version>1.3.8</version>
     </versions>
-    <lastUpdated>20200812131412</lastUpdated>
+    <lastUpdated>20200925114415</lastUpdated>
   </versioning>
 </metadata>

log4j2.properties

@@ -61,7 +61,7 @@ appender.rolling.type = RollingFile
 appender.rolling.name = FILE
 appender.rolling.layout.type = PatternLayout
 appender.rolling.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
-appender.rolling.filePattern = ${dirname:-}${filename}.%i
+appender.rolling.filePattern = ./${filename}.%i
 appender.rolling.policy.type = SizeBasedTriggeringPolicy
 appender.rolling.policy.size = 4MB
 # Set the immediate flush to true (default)

pom.xml

@@ -3,26 +3,35 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.qortal</groupId>
 	<artifactId>qortal</artifactId>
-	<version>1.3.5</version>
+	<version>3.1.1</version>
 	<packaging>jar</packaging>
 	<properties>
-		<bitcoinj.version>0.15.5</bitcoinj.version>
+		<skipTests>true</skipTests>
+		<altcoinj.version>bf9fb80</altcoinj.version>
+		<bitcoinj.version>0.15.10</bitcoinj.version>
 		<bouncycastle.version>1.64</bouncycastle.version>
 		<build.timestamp>${maven.build.timestamp}</build.timestamp>
-		<ciyam-at.version>1.3.7</ciyam-at.version>
+		<ciyam-at.version>1.3.8</ciyam-at.version>
 		<commons-net.version>3.6</commons-net.version>
 		<commons-text.version>1.8</commons-text.version>
+		<commons-io.version>2.6</commons-io.version>
+		<commons-compress.version>1.21</commons-compress.version>
+		<commons-lang3.version>3.12.0</commons-lang3.version>
+		<xz.version>1.9</xz.version>
 		<dagger.version>1.2.2</dagger.version>
 		<guava.version>28.1-jre</guava.version>
 		<hsqldb.version>2.5.1</hsqldb.version>
+		<upnp.version>1.1</upnp.version>
 		<jersey.version>2.29.1</jersey.version>
 		<jetty.version>9.4.29.v20200521</jetty.version>
-		<log4j.version>2.12.1</log4j.version>
+		<log4j.version>2.17.1</log4j.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<slf4j.version>1.7.12</slf4j.version>
 		<swagger-api.version>2.0.9</swagger-api.version>
 		<swagger-ui.version>3.23.8</swagger-ui.version>
 		<package-info-maven-plugin.version>1.1.0</package-info-maven-plugin.version>
+		<jsoup.version>1.13.1</jsoup.version>
+		<java-diff-utils.version>4.10</java-diff-utils.version>
 	</properties>
 	<build>
 		<sourceDirectory>src/main/java</sourceDirectory>
@@ -198,6 +207,10 @@
 							<pattern>org.qortal.api.model**</pattern>
 							<template>${project.build.sourceDirectory}/org/qortal/data/package-info.java</template>
 						</package>
+						<package>
+							<pattern>org.qortal.api.model.**</pattern>
+							<template>${project.build.sourceDirectory}/org/qortal/data/package-info.java</template>
+						</package>
 					</packages>
 					<outputDirectory>${project.build.directory}/generated-sources/package-info</outputDirectory>
 				</configuration>
@@ -312,6 +325,14 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.22.2</version>
+				<configuration>
+					<skipTests>${skipTests}</skipTests>
+				</configuration>
+			</plugin>
 		</plugins>
 		<pluginManagement>
 			<plugins>
@@ -374,6 +395,11 @@
 			<name>project</name>
 			<url>file:${project.basedir}/lib</url>
 		</repository>
+		<!-- jitpack for build-on-demand of altcoinj -->
+		<repository>
+			<id>jitpack.io</id>
+			<url>https://jitpack.io</url>
+		</repository>
 	</repositories>
 	<dependencies>
 		<!-- https://mvnrepository.com/artifact/org.codehaus.mojo/build-helper-maven-plugin -->
@@ -402,23 +428,60 @@
 			<artifactId>AT</artifactId>
 			<version>${ciyam-at.version}</version>
 		</dependency>
+		<!-- UPnP support -->
+		<dependency>
+			<groupId>com.dosse</groupId>
+			<artifactId>WaifUPnP</artifactId>
+			<version>${upnp.version}</version>
+		</dependency>
 		<!-- Bitcoin support -->
 		<dependency>
 			<groupId>org.bitcoinj</groupId>
 			<artifactId>bitcoinj-core</artifactId>
 			<version>${bitcoinj.version}</version>
 		</dependency>
+		<!-- For Litecoin, etc. support, requires bitcoinj -->
+		<dependency>
+			<groupId>com.github.jjos2372</groupId>
+			<artifactId>altcoinj</artifactId>
+			<version>${altcoinj.version}</version>
+		</dependency>
 		<!-- Utilities -->
 		<dependency>
 			<groupId>com.googlecode.json-simple</groupId>
 			<artifactId>json-simple</artifactId>
 			<version>1.1.1</version>
 		</dependency>
+		<dependency>
+			<groupId>org.json</groupId>
+			<artifactId>json</artifactId>
+			<version>20210307</version>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-text</artifactId>
 			<version>${commons-text.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>commons-io</groupId>
+			<artifactId>commons-io</artifactId>
+			<version>${commons-io.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-compress</artifactId>
+			<version>${commons-compress.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+			<version>${commons-lang3.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.tukaani</groupId>
+			<artifactId>xz</artifactId>
+			<version>${xz.version}</version>
+		</dependency>
 		<!--  For bitset/bitmap compression -->
 		<dependency>
 			<groupId>io.druid</groupId>
@@ -619,5 +682,15 @@
 			<artifactId>bctls-jdk15on</artifactId>
 			<version>${bouncycastle.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.jsoup</groupId>
+			<artifactId>jsoup</artifactId>
+			<version>${jsoup.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>io.github.java-diff-utils</groupId>
+			<artifactId>java-diff-utils</artifactId>
+			<version>${java-diff-utils.version}</version>
+		</dependency>
 	</dependencies>
 </project>

src/main/java/org/hsqldb/jdbc/HSQLDBPool.java

@@ -21,18 +21,28 @@ public class HSQLDBPool extends JDBCPool {
 	public Connection tryConnection() throws SQLException {
 		for (int i = 0; i < states.length(); i++) {
 			if (states.compareAndSet(i, RefState.available, RefState.allocated)) {
-				return connections[i].getConnection();
+				JDBCPooledConnection pooledConnection = connections[i];
+
+				if (pooledConnection == null)
+					// Probably shutdown situation
+					return null;
+
+				return pooledConnection.getConnection();
 			}
 
 			if (states.compareAndSet(i, RefState.empty, RefState.allocated)) {
 				try {
-					JDBCPooledConnection connection = (JDBCPooledConnection) source.getPooledConnection();
+					JDBCPooledConnection pooledConnection = (JDBCPooledConnection) source.getPooledConnection();
 
-					connection.addConnectionEventListener(this);
-					connection.addStatementEventListener(this);
-					connections[i] = connection;
+					if (pooledConnection == null)
+						// Probably shutdown situation
+						return null;
 
-					return connections[i].getConnection();
+					pooledConnection.addConnectionEventListener(this);
+					pooledConnection.addStatementEventListener(this);
+					connections[i] = pooledConnection;
+
+					return pooledConnection.getConnection();
 				} catch (SQLException e) {
 					states.set(i, RefState.empty);
 				}

src/main/java/org/qortal/ApplyUpdate.java

@@ -7,14 +7,13 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.security.Security;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
+import java.util.*;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
+import org.qortal.api.ApiKey;
 import org.qortal.api.ApiRequest;
 import org.qortal.controller.AutoUpdate;
 import org.qortal.settings.Settings;
@@ -70,14 +69,40 @@ public class ApplyUpdate {
 		String baseUri = "http://localhost:" + Settings.getInstance().getApiPort() + "/";
 		LOGGER.info(() -> String.format("Shutting down node using API via %s", baseUri));
 
+		// The /admin/stop endpoint requires an API key, which may or may not be already generated
+		boolean apiKeyNewlyGenerated = false;
+		ApiKey apiKey = null;
+		try {
+			apiKey = new ApiKey();
+			if (!apiKey.generated()) {
+				apiKey.generate();
+				apiKeyNewlyGenerated = true;
+				LOGGER.info("Generated API key");
+			}
+		} catch (IOException e) {
+			LOGGER.info("Error loading API key: {}", e.getMessage());
+		}
+
+		// Create GET params
+		Map<String, String> params = new HashMap<>();
+		if (apiKey != null) {
+			params.put("apiKey", apiKey.toString());
+		}
+
+		// Attempt to stop the node
 		int attempt;
 		for (attempt = 0; attempt < MAX_ATTEMPTS; ++attempt) {
 			final int attemptForLogging = attempt;
 			LOGGER.info(() -> String.format("Attempt #%d out of %d to shutdown node", attemptForLogging + 1, MAX_ATTEMPTS));
-			String response = ApiRequest.perform(baseUri + "admin/stop", null);
-			if (response == null)
+			String response = ApiRequest.perform(baseUri + "admin/stop", params);
+			if (response == null) {
 				// No response - consider node shut down
+				if (apiKeyNewlyGenerated) {
+					// API key was newly generated for this auto update, so we need to remove it
+					ApplyUpdate.removeGeneratedApiKey();
+				}
 				return true;
+			}
 
 			LOGGER.info(() -> String.format("Response from API: %s", response));
 
@@ -89,6 +114,11 @@ public class ApplyUpdate {
 			}
 		}
 
+		if (apiKeyNewlyGenerated) {
+			// API key was newly generated for this auto update, so we need to remove it
+			ApplyUpdate.removeGeneratedApiKey();
+		}
+
 		if (attempt == MAX_ATTEMPTS) {
 			LOGGER.error("Failed to shutdown node - giving up");
 			return false;
@@ -97,6 +127,19 @@ public class ApplyUpdate {
 		return true;
 	}
 
+	private static void removeGeneratedApiKey() {
+		try {
+			LOGGER.info("Removing newly generated API key...");
+
+			// Delete the API key since it was only generated for this auto update
+			ApiKey apiKey = new ApiKey();
+			apiKey.delete();
+
+		} catch (IOException e) {
+			LOGGER.info("Error loading or deleting API key: {}", e.getMessage());
+		}
+	}
+
 	private static void replaceJar() {
 		// Assuming current working directory contains the JAR files
 		Path realJar = Paths.get(JAR_FILENAME);

src/main/java/org/qortal/RepositoryMaintenance.java

@@ -1,11 +1,13 @@
 package org.qortal;
 
 import java.security.Security;
+import java.util.concurrent.TimeoutException;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
+import org.qortal.controller.Controller;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryFactory;
@@ -41,7 +43,7 @@ public class RepositoryMaintenance {
 
 		LOGGER.info("Opening repository");
 		try {
-			RepositoryFactory repositoryFactory = new HSQLDBRepositoryFactory(Settings.getInstance().getRepositoryPath());
+			RepositoryFactory repositoryFactory = new HSQLDBRepositoryFactory(Controller.getRepositoryUrl());
 			RepositoryManager.setRepositoryFactory(repositoryFactory);
 		} catch (DataException e) {
 			// If exception has no cause then repository is in use by some other process.
@@ -56,10 +58,10 @@ public class RepositoryMaintenance {
 
 		LOGGER.info("Starting repository periodic maintenance. This can take a while...");
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			repository.performPeriodicMaintenance();
+			repository.performPeriodicMaintenance(null);
 
 			LOGGER.info("Repository periodic maintenance completed");
-		} catch (DataException e) {
+		} catch (DataException | TimeoutException e) {
 			LOGGER.error("Repository periodic maintenance failed", e);
 		}
 

src/main/java/org/qortal/account/Account.java

@@ -272,7 +272,7 @@ public class Account {
 	/**
 	 * Returns 'effective' minting level, or zero if reward-share does not exist.
 	 * <p>
-	 * For founder accounts, this returns "founderEffectiveMintingLevel" from blockchain config.
+	 * this is being used on src/main/java/org/qortal/api/resource/AddressesResource.java to fulfil the online accounts api call
 	 * 
 	 * @param repository
 	 * @param rewardSharePublicKey
@@ -288,5 +288,26 @@ public class Account {
 		Account rewardShareMinter = new Account(repository, rewardShareData.getMinter());
 		return rewardShareMinter.getEffectiveMintingLevel();
 	}
+	/**
+	 * Returns 'effective' minting level, with a fix for the zero level.
+	 * <p>
+	 * For founder accounts, this returns "founderEffectiveMintingLevel" from blockchain config.
+	 *
+	 * @param repository
+	 * @param rewardSharePublicKey
+	 * @return 0+
+	 * @throws DataException
+	 */
+	public static int getRewardShareEffectiveMintingLevelIncludingLevelZero(Repository repository, byte[] rewardSharePublicKey) throws DataException {
+		// Find actual minter and get their effective minting level
+		RewardShareData rewardShareData = repository.getAccountRepository().getRewardShare(rewardSharePublicKey);
+		if (rewardShareData == null)
+			return 0;
 
+		else if(!rewardShareData.getMinter().equals(rewardShareData.getRecipient()))//the minter is different than the recipient this means sponsorship
+			return 0;
+
+		Account rewardShareMinter = new Account(repository, rewardShareData.getMinter());
+		return rewardShareMinter.getEffectiveMintingLevel();
+	}
 }

src/main/java/org/qortal/api/ApiError.java

@@ -15,7 +15,7 @@ public enum ApiError {
 	// COMMON
 	// UNKNOWN(0, 500),
 	JSON(1, 400),
-	// NO_BALANCE(2, 422),
+	INSUFFICIENT_BALANCE(2, 402),
 	// NOT_YET_RELEASED(3, 422),
 	UNAUTHORIZED(4, 403),
 	REPOSITORY_ISSUE(5, 500),
@@ -126,10 +126,17 @@ public enum ApiError {
 	// Groups
 	GROUP_UNKNOWN(1101, 404),
 
-	// Bitcoin
-	BTC_NETWORK_ISSUE(1201, 500),
-	BTC_BALANCE_ISSUE(1202, 402),
-	BTC_TOO_SOON(1203, 408);
+	// Foreign blockchain
+	FOREIGN_BLOCKCHAIN_NETWORK_ISSUE(1201, 500),
+	FOREIGN_BLOCKCHAIN_BALANCE_ISSUE(1202, 402),
+	FOREIGN_BLOCKCHAIN_TOO_SOON(1203, 408),
+
+	// Trade portal
+	ORDER_SIZE_TOO_SMALL(1300, 402),
+
+	// Data
+	FILE_NOT_FOUND(1401, 404),
+	NO_REPLY(1402, 404);
 
 	private static final Map<Integer, ApiError> map = stream(ApiError.values()).collect(toMap(apiError -> apiError.code, apiError -> apiError));
 
@@ -157,4 +164,4 @@ public enum ApiError {
 		return this.status;
 	}
 
-}
+}

src/main/java/org/qortal/api/ApiExceptionFactory.java

@@ -16,4 +16,8 @@ public enum ApiExceptionFactory {
 		return createException(request, apiError, null);
 	}
 
+	public ApiException createCustomException(HttpServletRequest request, ApiError apiError, String message) {
+		return new ApiException(apiError.getStatus(), apiError.getCode(), message, null);
+	}
+
 }

src/main/java/org/qortal/api/ApiKey.java

@@ -0,0 +1,107 @@
+package org.qortal.api;
+
+import org.qortal.settings.Settings;
+import org.qortal.utils.Base58;
+
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.SecureRandom;
+
+public class ApiKey {
+
+    private String apiKey;
+
+    public ApiKey() throws IOException {
+        this.load();
+    }
+
+    public void generate() throws IOException {
+        byte[] apiKey = new byte[16];
+        new SecureRandom().nextBytes(apiKey);
+        this.apiKey = Base58.encode(apiKey);
+
+        this.save();
+    }
+
+
+    /* Filesystem */
+
+    private Path getFilePath() {
+        return Paths.get(Settings.getInstance().getApiKeyPath(), "apikey.txt");
+    }
+
+    private boolean load() throws IOException {
+        Path path = this.getFilePath();
+        File apiKeyFile = new File(path.toString());
+        if (!apiKeyFile.exists()) {
+            // Try settings - to allow legacy API keys to be supported
+            return this.loadLegacyApiKey();
+        }
+
+        try {
+            this.apiKey = new String(Files.readAllBytes(path));
+
+        } catch (IOException e) {
+            throw new IOException(String.format("Couldn't read contents from file %s", path.toString()));
+        }
+
+        return true;
+    }
+
+    private boolean loadLegacyApiKey() {
+        String legacyApiKey = Settings.getInstance().getApiKey();
+        if (legacyApiKey != null && !legacyApiKey.isEmpty()) {
+            this.apiKey = Settings.getInstance().getApiKey();
+
+            try {
+                // Save it to the apikey file
+                this.save();
+            } catch (IOException e) {
+                // Ignore failures as it will be reloaded from settings next time
+            }
+            return true;
+        }
+        return false;
+    }
+
+    public void save() throws IOException {
+        if (this.apiKey == null || this.apiKey.isEmpty()) {
+            throw new IllegalStateException("Unable to save a blank API key");
+        }
+
+        Path filePath = this.getFilePath();
+
+        BufferedWriter writer = new BufferedWriter(new FileWriter(filePath.toString()));
+        writer.write(this.apiKey);
+        writer.close();
+    }
+
+    public void delete() throws IOException {
+        this.apiKey = null;
+
+        Path filePath = this.getFilePath();
+        if (Files.exists(filePath)) {
+            Files.delete(filePath);
+        }
+    }
+
+
+    public boolean generated() {
+        return (this.apiKey != null);
+    }
+
+    public boolean exists() {
+        return this.getFilePath().toFile().exists();
+    }
+
+    @Override
+    public String toString() {
+        return this.apiKey;
+    }
+
+}

src/main/java/org/qortal/api/ApiService.java

@@ -14,6 +14,7 @@ import java.security.SecureRandom;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 
+import org.checkerframework.checker.units.qual.A;
 import org.eclipse.jetty.http.HttpVersion;
 import org.eclipse.jetty.rewrite.handler.RedirectPatternRule;
 import org.eclipse.jetty.rewrite.handler.RewriteHandler;
@@ -43,6 +44,7 @@ import org.qortal.api.websocket.ActiveChatsWebSocket;
 import org.qortal.api.websocket.AdminStatusWebSocket;
 import org.qortal.api.websocket.BlocksWebSocket;
 import org.qortal.api.websocket.ChatMessagesWebSocket;
+import org.qortal.api.websocket.PresenceWebSocket;
 import org.qortal.api.websocket.TradeBotWebSocket;
 import org.qortal.api.websocket.TradeOffersWebSocket;
 import org.qortal.settings.Settings;
@@ -53,6 +55,7 @@ public class ApiService {
 
 	private final ResourceConfig config;
 	private Server server;
+	private ApiKey apiKey;
 
 	private ApiService() {
 		this.config = new ResourceConfig();
@@ -73,6 +76,15 @@ public class ApiService {
 		return this.config.getClasses();
 	}
 
+	public void setApiKey(ApiKey apiKey) {
+		this.apiKey = apiKey;
+	}
+
+	public ApiKey getApiKey() {
+		return this.apiKey;
+	}
+
+
 	public void start() {
 		try {
 			// Create API server
@@ -200,6 +212,7 @@ public class ApiService {
 			context.addServlet(ChatMessagesWebSocket.class, "/websockets/chat/messages");
 			context.addServlet(TradeOffersWebSocket.class, "/websockets/crosschain/tradeoffers");
 			context.addServlet(TradeBotWebSocket.class, "/websockets/crosschain/tradebot");
+			context.addServlet(PresenceWebSocket.class, "/websockets/presence");
 
 			// Start server
 			this.server.start();

src/main/java/org/qortal/api/Base58TypeAdapter.java

@@ -2,7 +2,7 @@ package org.qortal.api;
 
 import javax.xml.bind.annotation.adapters.XmlAdapter;
 
-import org.bitcoinj.core.Base58;
+import org.qortal.utils.Base58;
 
 public class Base58TypeAdapter extends XmlAdapter<String, byte[]> {
 

src/main/java/org/qortal/api/DomainMapService.java

@@ -0,0 +1,171 @@
+package org.qortal.api;
+
+import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource;
+import org.eclipse.jetty.http.HttpVersion;
+import org.eclipse.jetty.rewrite.handler.RewriteHandler;
+import org.eclipse.jetty.rewrite.handler.RewritePatternRule;
+import org.eclipse.jetty.server.*;
+import org.eclipse.jetty.server.handler.ErrorHandler;
+import org.eclipse.jetty.server.handler.InetAccessHandler;
+import org.eclipse.jetty.servlet.FilterHolder;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.servlets.CrossOriginFilter;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.glassfish.jersey.server.ResourceConfig;
+import org.glassfish.jersey.servlet.ServletContainer;
+import org.qortal.api.resource.AnnotationPostProcessor;
+import org.qortal.api.resource.ApiDefinition;
+import org.qortal.settings.Settings;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+
+public class DomainMapService {
+
+	private static DomainMapService instance;
+
+	private final ResourceConfig config;
+	private Server server;
+
+	private DomainMapService() {
+		this.config = new ResourceConfig();
+		this.config.packages("org.qortal.api.domainmap.resource");
+		this.config.register(OpenApiResource.class);
+		this.config.register(ApiDefinition.class);
+		this.config.register(AnnotationPostProcessor.class);
+	}
+
+	public static DomainMapService getInstance() {
+		if (instance == null)
+			instance = new DomainMapService();
+
+		return instance;
+	}
+
+	public Iterable<Class<?>> getResources() {
+		return this.config.getClasses();
+	}
+
+	public void start() {
+		try {
+			// Create API server
+
+			// SSL support if requested
+			String keystorePathname = Settings.getInstance().getSslKeystorePathname();
+			String keystorePassword = Settings.getInstance().getSslKeystorePassword();
+
+			if (keystorePathname != null && keystorePassword != null) {
+				// SSL version
+				if (!Files.isReadable(Path.of(keystorePathname)))
+					throw new RuntimeException("Failed to start SSL API due to broken keystore");
+
+				// BouncyCastle-specific SSLContext build
+				SSLContext sslContext = SSLContext.getInstance("TLS", "BCJSSE");
+				KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "BCJSSE");
+
+				KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType(), "BC");
+
+				try (InputStream keystoreStream = Files.newInputStream(Paths.get(keystorePathname))) {
+					keyStore.load(keystoreStream, keystorePassword.toCharArray());
+				}
+
+				keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
+				sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
+
+				SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+				sslContextFactory.setSslContext(sslContext);
+
+				this.server = new Server();
+
+				HttpConfiguration httpConfig = new HttpConfiguration();
+				httpConfig.setSecureScheme("https");
+				httpConfig.setSecurePort(Settings.getInstance().getDomainMapPort());
+
+				SecureRequestCustomizer src = new SecureRequestCustomizer();
+				httpConfig.addCustomizer(src);
+
+				HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfig);
+				SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
+
+				ServerConnector portUnifiedConnector = new ServerConnector(this.server,
+						new DetectorConnectionFactory(sslConnectionFactory),
+						httpConnectionFactory);
+				portUnifiedConnector.setHost(Settings.getInstance().getBindAddress());
+				portUnifiedConnector.setPort(Settings.getInstance().getDomainMapPort());
+
+				this.server.addConnector(portUnifiedConnector);
+			} else {
+				// Non-SSL
+				InetAddress bindAddr = InetAddress.getByName(Settings.getInstance().getBindAddress());
+				InetSocketAddress endpoint = new InetSocketAddress(bindAddr, Settings.getInstance().getDomainMapPort());
+				this.server = new Server(endpoint);
+			}
+
+			// Error handler
+			ErrorHandler errorHandler = new ApiErrorHandler();
+			this.server.setErrorHandler(errorHandler);
+
+			// Request logging
+			if (Settings.getInstance().isDomainMapLoggingEnabled()) {
+				RequestLogWriter logWriter = new RequestLogWriter("domainmap-requests.log");
+				logWriter.setAppend(true);
+				logWriter.setTimeZone("UTC");
+				RequestLog requestLog = new CustomRequestLog(logWriter, CustomRequestLog.EXTENDED_NCSA_FORMAT);
+				this.server.setRequestLog(requestLog);
+			}
+
+			// Access handler (currently no whitelist is used)
+			InetAccessHandler accessHandler = new InetAccessHandler();
+			this.server.setHandler(accessHandler);
+
+			// URL rewriting
+			RewriteHandler rewriteHandler = new RewriteHandler();
+			accessHandler.setHandler(rewriteHandler);
+
+			// Context
+			ServletContextHandler context = new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
+			context.setContextPath("/");
+			rewriteHandler.setHandler(context);
+
+			// Cross-origin resource sharing
+			FilterHolder corsFilterHolder = new FilterHolder(CrossOriginFilter.class);
+			corsFilterHolder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
+			corsFilterHolder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET, POST, DELETE");
+			corsFilterHolder.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, "false");
+			context.addFilter(corsFilterHolder, "/*", null);
+
+			// API servlet
+			ServletContainer container = new ServletContainer(this.config);
+			ServletHolder apiServlet = new ServletHolder(container);
+			apiServlet.setInitOrder(1);
+			context.addServlet(apiServlet, "/*");
+
+			// Start server
+			this.server.start();
+		} catch (Exception e) {
+			// Failed to start
+			throw new RuntimeException("Failed to start API", e);
+		}
+	}
+
+	public void stop() {
+		try {
+			// Stop server
+			this.server.stop();
+		} catch (Exception e) {
+			// Failed to stop
+		}
+
+		this.server = null;
+	}
+
+}

src/main/java/org/qortal/api/GatewayService.java

@@ -0,0 +1,170 @@
+package org.qortal.api;
+
+import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource;
+import org.eclipse.jetty.http.HttpVersion;
+import org.eclipse.jetty.rewrite.handler.RewriteHandler;
+import org.eclipse.jetty.server.*;
+import org.eclipse.jetty.server.handler.ErrorHandler;
+import org.eclipse.jetty.server.handler.InetAccessHandler;
+import org.eclipse.jetty.servlet.FilterHolder;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.servlets.CrossOriginFilter;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.glassfish.jersey.server.ResourceConfig;
+import org.glassfish.jersey.servlet.ServletContainer;
+import org.qortal.api.resource.AnnotationPostProcessor;
+import org.qortal.api.resource.ApiDefinition;
+import org.qortal.settings.Settings;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+
+public class GatewayService {
+
+	private static GatewayService instance;
+
+	private final ResourceConfig config;
+	private Server server;
+
+	private GatewayService() {
+		this.config = new ResourceConfig();
+		this.config.packages("org.qortal.api.gateway.resource");
+		this.config.register(OpenApiResource.class);
+		this.config.register(ApiDefinition.class);
+		this.config.register(AnnotationPostProcessor.class);
+	}
+
+	public static GatewayService getInstance() {
+		if (instance == null)
+			instance = new GatewayService();
+
+		return instance;
+	}
+
+	public Iterable<Class<?>> getResources() {
+		return this.config.getClasses();
+	}
+
+	public void start() {
+		try {
+			// Create API server
+
+			// SSL support if requested
+			String keystorePathname = Settings.getInstance().getSslKeystorePathname();
+			String keystorePassword = Settings.getInstance().getSslKeystorePassword();
+
+			if (keystorePathname != null && keystorePassword != null) {
+				// SSL version
+				if (!Files.isReadable(Path.of(keystorePathname)))
+					throw new RuntimeException("Failed to start SSL API due to broken keystore");
+
+				// BouncyCastle-specific SSLContext build
+				SSLContext sslContext = SSLContext.getInstance("TLS", "BCJSSE");
+				KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "BCJSSE");
+
+				KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType(), "BC");
+
+				try (InputStream keystoreStream = Files.newInputStream(Paths.get(keystorePathname))) {
+					keyStore.load(keystoreStream, keystorePassword.toCharArray());
+				}
+
+				keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
+				sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
+
+				SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+				sslContextFactory.setSslContext(sslContext);
+
+				this.server = new Server();
+
+				HttpConfiguration httpConfig = new HttpConfiguration();
+				httpConfig.setSecureScheme("https");
+				httpConfig.setSecurePort(Settings.getInstance().getGatewayPort());
+
+				SecureRequestCustomizer src = new SecureRequestCustomizer();
+				httpConfig.addCustomizer(src);
+
+				HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfig);
+				SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
+
+				ServerConnector portUnifiedConnector = new ServerConnector(this.server,
+						new DetectorConnectionFactory(sslConnectionFactory),
+						httpConnectionFactory);
+				portUnifiedConnector.setHost(Settings.getInstance().getBindAddress());
+				portUnifiedConnector.setPort(Settings.getInstance().getGatewayPort());
+
+				this.server.addConnector(portUnifiedConnector);
+			} else {
+				// Non-SSL
+				InetAddress bindAddr = InetAddress.getByName(Settings.getInstance().getBindAddress());
+				InetSocketAddress endpoint = new InetSocketAddress(bindAddr, Settings.getInstance().getGatewayPort());
+				this.server = new Server(endpoint);
+			}
+
+			// Error handler
+			ErrorHandler errorHandler = new ApiErrorHandler();
+			this.server.setErrorHandler(errorHandler);
+
+			// Request logging
+			if (Settings.getInstance().isGatewayLoggingEnabled()) {
+				RequestLogWriter logWriter = new RequestLogWriter("gateway-requests.log");
+				logWriter.setAppend(true);
+				logWriter.setTimeZone("UTC");
+				RequestLog requestLog = new CustomRequestLog(logWriter, CustomRequestLog.EXTENDED_NCSA_FORMAT);
+				this.server.setRequestLog(requestLog);
+			}
+
+			// Access handler (currently no whitelist is used)
+			InetAccessHandler accessHandler = new InetAccessHandler();
+			this.server.setHandler(accessHandler);
+
+			// URL rewriting
+			RewriteHandler rewriteHandler = new RewriteHandler();
+			accessHandler.setHandler(rewriteHandler);
+
+			// Context
+			ServletContextHandler context = new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
+			context.setContextPath("/");
+			rewriteHandler.setHandler(context);
+
+			// Cross-origin resource sharing
+			FilterHolder corsFilterHolder = new FilterHolder(CrossOriginFilter.class);
+			corsFilterHolder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
+			corsFilterHolder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET, POST, DELETE");
+			corsFilterHolder.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, "false");
+			context.addFilter(corsFilterHolder, "/*", null);
+
+			// API servlet
+			ServletContainer container = new ServletContainer(this.config);
+			ServletHolder apiServlet = new ServletHolder(container);
+			apiServlet.setInitOrder(1);
+			context.addServlet(apiServlet, "/*");
+
+			// Start server
+			this.server.start();
+		} catch (Exception e) {
+			// Failed to start
+			throw new RuntimeException("Failed to start API", e);
+		}
+	}
+
+	public void stop() {
+		try {
+			// Stop server
+			this.server.stop();
+		} catch (Exception e) {
+			// Failed to stop
+		}
+
+		this.server = null;
+	}
+
+}

src/main/java/org/qortal/api/HTMLParser.java

@@ -0,0 +1,51 @@
+package org.qortal.api;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.select.Elements;
+
+public class HTMLParser {
+
+    private static final Logger LOGGER = LogManager.getLogger(HTMLParser.class);
+
+    private String linkPrefix;
+    private byte[] data;
+
+    public HTMLParser(String resourceId, String inPath, String prefix, boolean usePrefix, byte[] data) {
+        String inPathWithoutFilename = inPath.substring(0, inPath.lastIndexOf('/'));
+        this.linkPrefix = usePrefix ? String.format("%s/%s%s", prefix, resourceId, inPathWithoutFilename) : "";
+        this.data = data;
+    }
+
+    public void addAdditionalHeaderTags() {
+        String fileContents = new String(data);
+        Document document = Jsoup.parse(fileContents);
+        String baseUrl = this.linkPrefix + "/";
+        Elements head = document.getElementsByTag("head");
+        if (!head.isEmpty()) {
+            // Add base href tag
+            String baseElement = String.format("<base href=\"%s\">", baseUrl);
+            head.get(0).prepend(baseElement);
+
+            // Add meta charset tag
+            String metaCharsetElement = "<meta charset=\"UTF-8\">";
+            head.get(0).prepend(metaCharsetElement);
+
+        }
+        String html = document.html();
+        this.data = html.getBytes();
+    }
+
+    public static boolean isHtmlFile(String path) {
+        if (path.endsWith(".html") || path.endsWith(".htm")) {
+            return true;
+        }
+        return false;
+    }
+
+    public byte[] getData() {
+        return this.data;
+    }
+}

src/main/java/org/qortal/api/Security.java

@@ -1,22 +1,111 @@
 package org.qortal.api;
 
+import org.qortal.arbitrary.ArbitraryDataResource;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.controller.arbitrary.ArbitraryDataRenderManager;
+import org.qortal.settings.Settings;
+
+import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 
 import javax.servlet.http.HttpServletRequest;
 
-public class Security {
+public abstract class Security {
+
+	public static final String API_KEY_HEADER = "X-API-KEY";
 
-	// TODO: replace with proper authentication
 	public static void checkApiCallAllowed(HttpServletRequest request) {
-		InetAddress remoteAddr;
+		// We may want to allow automatic authentication for local requests, if enabled in settings
+		boolean localAuthBypassEnabled = Settings.getInstance().isLocalAuthBypassEnabled();
+		if (localAuthBypassEnabled) {
+			try {
+				InetAddress remoteAddr = InetAddress.getByName(request.getRemoteAddr());
+				if (remoteAddr.isLoopbackAddress()) {
+					// Request originates from loopback address, so allow it
+					return;
+				}
+			} catch (UnknownHostException e) {
+				// Ignore failure, and fallback to API key authentication
+			}
+		}
+
+		// Retrieve the API key
+		ApiKey apiKey = Security.getApiKey(request);
+		if (!apiKey.generated()) {
+			// Not generated an API key yet, so disallow sensitive API calls
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "API key not generated");
+		}
+
+		// We require an API key to be passed
+		String passedApiKey = request.getHeader(API_KEY_HEADER);
+		if (passedApiKey == null) {
+			// Try query string - this is needed to avoid a CORS preflight. See: https://stackoverflow.com/a/43881141
+			passedApiKey = request.getParameter("apiKey");
+		}
+		if (passedApiKey == null) {
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Missing 'X-API-KEY' header");
+		}
+
+		// The API keys must match
+		if (!apiKey.toString().equals(passedApiKey)) {
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "API key invalid");
+		}
+	}
+
+	public static void disallowLoopbackRequests(HttpServletRequest request) {
 		try {
-			remoteAddr = InetAddress.getByName(request.getRemoteAddr());
+			InetAddress remoteAddr = InetAddress.getByName(request.getRemoteAddr());
+			if (remoteAddr.isLoopbackAddress()) {
+				throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Local requests not allowed");
+			}
 		} catch (UnknownHostException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.UNAUTHORIZED);
 		}
-
-		if (!remoteAddr.isLoopbackAddress())
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.UNAUTHORIZED);
 	}
+
+	public static void disallowLoopbackRequestsIfAuthBypassEnabled(HttpServletRequest request) {
+		if (Settings.getInstance().isLocalAuthBypassEnabled()) {
+			try {
+				InetAddress remoteAddr = InetAddress.getByName(request.getRemoteAddr());
+				if (remoteAddr.isLoopbackAddress()) {
+					throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Local requests not allowed when localAuthBypassEnabled is enabled in settings");
+				}
+			} catch (UnknownHostException e) {
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.UNAUTHORIZED);
+			}
+		}
+	}
+
+	public static void requirePriorAuthorization(HttpServletRequest request, String resourceId, Service service, String identifier) {
+		ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, service, identifier);
+		if (!ArbitraryDataRenderManager.getInstance().isAuthorized(resource)) {
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Call /render/authorize first");
+		}
+	}
+
+	public static void requirePriorAuthorizationOrApiKey(HttpServletRequest request, String resourceId, Service service, String identifier) {
+		try {
+			Security.checkApiCallAllowed(request);
+
+		} catch (ApiException e) {
+			// API call wasn't allowed, but maybe it was pre-authorized
+			Security.requirePriorAuthorization(request, resourceId, service, identifier);
+		}
+	}
+
+	public static ApiKey getApiKey(HttpServletRequest request) {
+		ApiKey apiKey = ApiService.getInstance().getApiKey();
+		if (apiKey == null) {
+			try {
+				apiKey = new ApiKey();
+			} catch (IOException e) {
+				// Couldn't load API key - so we need to treat it as not generated, and therefore unauthorized
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.UNAUTHORIZED);
+			}
+			ApiService.getInstance().setApiKey(apiKey);
+		}
+		return apiKey;
+	}
+
 }

src/main/java/org/qortal/api/domainmap/resource/DomainMapResource.java

@@ -0,0 +1,58 @@
+package org.qortal.api.domainmap.resource;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.qortal.arbitrary.ArbitraryDataFile.ResourceIdType;
+import org.qortal.arbitrary.ArbitraryDataRenderer;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.settings.Settings;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.core.Context;
+import java.util.Map;
+
+
+@Path("/")
+@Tag(name = "Domain Map")
+public class DomainMapResource {
+
+    @Context HttpServletRequest request;
+    @Context HttpServletResponse response;
+    @Context ServletContext context;
+
+
+    @GET
+    public HttpServletResponse getIndexByDomainMap() {
+        return this.getDomainMap("/");
+    }
+
+    @GET
+    @Path("{path:.*}")
+    public HttpServletResponse getPathByDomainMap(@PathParam("path") String inPath) {
+        return this.getDomainMap(inPath);
+    }
+
+    private HttpServletResponse getDomainMap(String inPath) {
+        Map<String, String> domainMap = Settings.getInstance().getSimpleDomainMap();
+        if (domainMap != null && domainMap.containsKey(request.getServerName())) {
+            // Build synchronously, so that we don't need to make the summary API endpoints available over
+            // the domain map server. This means that there will be no loading screen, but this is potentially
+            // preferred in this situation anyway (e.g. to avoid confusing search engine robots).
+            return this.get(domainMap.get(request.getServerName()), ResourceIdType.NAME, Service.WEBSITE, inPath, null, "", false, false);
+        }
+        return ArbitraryDataRenderer.getResponse(response, 404, "Error 404: File Not Found");
+    }
+
+    private HttpServletResponse get(String resourceId, ResourceIdType resourceIdType, Service service, String inPath,
+                                    String secret58, String prefix, boolean usePrefix, boolean async) {
+
+        ArbitraryDataRenderer renderer = new ArbitraryDataRenderer(resourceId, resourceIdType, service, inPath,
+                secret58, prefix, usePrefix, async, request, response, context);
+        return renderer.render();
+    }
+
+}

src/main/java/org/qortal/api/gateway/resource/GatewayResource.java

@@ -0,0 +1,126 @@
+package org.qortal.api.gateway.resource;
+
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.qortal.api.Security;
+import org.qortal.arbitrary.ArbitraryDataFile;
+import org.qortal.arbitrary.ArbitraryDataFile.ResourceIdType;
+import org.qortal.arbitrary.ArbitraryDataReader;
+import org.qortal.arbitrary.ArbitraryDataRenderer;
+import org.qortal.arbitrary.ArbitraryDataResource;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.data.arbitrary.ArbitraryResourceStatus;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+
+
+@Path("/")
+@Tag(name = "Gateway")
+public class GatewayResource {
+
+    @Context HttpServletRequest request;
+    @Context HttpServletResponse response;
+    @Context ServletContext context;
+
+    /**
+     * We need to allow resource status checking (and building) via the gateway, as the node's API port
+     * may not be forwarded and will almost certainly not be authenticated. Since gateways allow for
+     * all resources to be loaded except those that are blocked, there is no need for authentication.
+     */
+    @GET
+    @Path("/arbitrary/resource/status/{service}/{name}")
+    public ArbitraryResourceStatus getDefaultResourceStatus(@PathParam("service") Service service,
+                                                             @PathParam("name") String name,
+                                                             @QueryParam("build") Boolean build) {
+
+        return this.getStatus(service, name, null, build);
+    }
+
+    @GET
+    @Path("/arbitrary/resource/status/{service}/{name}/{identifier}")
+    public ArbitraryResourceStatus getResourceStatus(@PathParam("service") Service service,
+                                                      @PathParam("name") String name,
+                                                      @PathParam("identifier") String identifier,
+                                                      @QueryParam("build") Boolean build) {
+
+        return this.getStatus(service, name, identifier, build);
+    }
+
+    private ArbitraryResourceStatus getStatus(Service service, String name, String identifier, Boolean build) {
+
+        // If "build=true" has been specified in the query string, build the resource before returning its status
+        if (build != null && build == true) {
+            ArbitraryDataReader reader = new ArbitraryDataReader(name, ArbitraryDataFile.ResourceIdType.NAME, service, null);
+            try {
+                if (!reader.isBuilding()) {
+                    reader.loadSynchronously(false);
+                }
+            } catch (Exception e) {
+                // No need to handle exception, as it will be reflected in the status
+            }
+        }
+
+        ArbitraryDataResource resource = new ArbitraryDataResource(name, ResourceIdType.NAME, service, identifier);
+        return resource.getStatus(false);
+    }
+
+
+    @GET
+    public HttpServletResponse getRoot() {
+        return ArbitraryDataRenderer.getResponse(response, 200, "");
+    }
+
+
+    @GET
+    @Path("{name}/{path:.*}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getPathByName(@PathParam("name") String name,
+                                             @PathParam("path") String inPath) {
+        // Block requests from localhost, to prevent websites/apps from running javascript that fetches unvetted data
+        Security.disallowLoopbackRequests(request);
+        return this.get(name, ResourceIdType.NAME, Service.WEBSITE, inPath, null, "", true, true);
+    }
+
+    @GET
+    @Path("{name}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getIndexByName(@PathParam("name") String name) {
+        // Block requests from localhost, to prevent websites/apps from running javascript that fetches unvetted data
+        Security.disallowLoopbackRequests(request);
+        return this.get(name, ResourceIdType.NAME, Service.WEBSITE, "/", null, "", true, true);
+    }
+
+
+    // Optional /site alternative for backwards support
+
+    @GET
+    @Path("/site/{name}/{path:.*}")
+    public HttpServletResponse getSitePathByName(@PathParam("name") String name,
+                                                 @PathParam("path") String inPath) {
+        // Block requests from localhost, to prevent websites/apps from running javascript that fetches unvetted data
+        Security.disallowLoopbackRequests(request);
+        return this.get(name, ResourceIdType.NAME, Service.WEBSITE, inPath, null, "/site", true, true);
+    }
+
+    @GET
+    @Path("/site/{name}")
+    public HttpServletResponse getSiteIndexByName(@PathParam("name") String name) {
+        // Block requests from localhost, to prevent websites/apps from running javascript that fetches unvetted data
+        Security.disallowLoopbackRequests(request);
+        return this.get(name, ResourceIdType.NAME, Service.WEBSITE, "/", null, "/site", true, true);
+    }
+
+    
+    private HttpServletResponse get(String resourceId, ResourceIdType resourceIdType, Service service, String inPath,
+                                    String secret58, String prefix, boolean usePrefix, boolean async) {
+
+        ArbitraryDataRenderer renderer = new ArbitraryDataRenderer(resourceId, resourceIdType, service, inPath,
+                secret58, prefix, usePrefix, async, request, response, context);
+        return renderer.render();
+    }
+
+}

src/main/java/org/qortal/api/model/ActivitySummary.java

@@ -1,5 +1,6 @@
 package org.qortal.api.model;
 
+import java.util.Collections;
 import java.util.EnumMap;
 import java.util.Map;
 
@@ -13,17 +14,61 @@ import org.qortal.transaction.Transaction.TransactionType;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class ActivitySummary {
 
-	public int blockCount;
-	public int transactionCount;
-	public int assetsIssued;
-	public int namesRegistered;
+	private int blockCount;
+	private int assetsIssued;
+	private int namesRegistered;
 
 	// Assuming TransactionType values are contiguous so 'length' equals count
 	@XmlJavaTypeAdapter(TransactionCountMapXmlAdapter.class)
-	public Map<TransactionType, Integer> transactionCountByType = new EnumMap<>(TransactionType.class);
+	private Map<TransactionType, Integer> transactionCountByType = new EnumMap<>(TransactionType.class);
+	private int totalTransactionCount = 0;
 
 	public ActivitySummary() {
 		// Needed for JAXB
 	}
 
+	public int getBlockCount() {
+		return this.blockCount;
+	}
+
+	public void setBlockCount(int blockCount) {
+		this.blockCount = blockCount;
+	}
+
+	public int getTotalTransactionCount() {
+		return this.totalTransactionCount;
+	}
+
+	public int getAssetsIssued() {
+		return this.assetsIssued;
+	}
+
+	public void setAssetsIssued(int assetsIssued) {
+		this.assetsIssued = assetsIssued;
+	}
+
+	public int getNamesRegistered() {
+		return this.namesRegistered;
+	}
+
+	public void setNamesRegistered(int namesRegistered) {
+		this.namesRegistered = namesRegistered;
+	}
+
+	public Map<TransactionType, Integer> getTransactionCountByType() {
+		return Collections.unmodifiableMap(this.transactionCountByType);
+	}
+
+	public void setTransactionCountByType(TransactionType transactionType, int transactionCount) {
+		this.transactionCountByType.put(transactionType, transactionCount);
+
+		this.totalTransactionCount = this.transactionCountByType.values().stream().mapToInt(Integer::intValue).sum();
+	}
+
+	public void setTransactionCountByType(Map<TransactionType, Integer> transactionCountByType) {
+		this.transactionCountByType = new EnumMap<>(transactionCountByType);
+
+		this.totalTransactionCount = this.transactionCountByType.values().stream().mapToInt(Integer::intValue).sum();
+	}
+
 }

src/main/java/org/qortal/api/model/BlockInfo.java

@@ -1,71 +0,0 @@
-package org.qortal.api.model;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-
-import org.qortal.data.account.RewardShareData;
-import org.qortal.data.block.BlockData;
-import org.qortal.repository.DataException;
-import org.qortal.repository.Repository;
-import org.qortal.repository.RepositoryManager;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-public class BlockInfo {
-
-	private byte[] signature;
-	private int height;
-	private long timestamp;
-	private int transactionCount;
-	private String minterAddress;
-
-	protected BlockInfo() {
-		/* For JAXB */
-	}
-
-	public BlockInfo(byte[] signature, int height, long timestamp, int transactionCount, String minterAddress) {
-		this.signature = signature;
-		this.height = height;
-		this.timestamp = timestamp;
-		this.transactionCount = transactionCount;
-		this.minterAddress = minterAddress;
-	}
-
-	public BlockInfo(BlockData blockData) {
-		// Convert BlockData to BlockInfo, using additional data
-		this.minterAddress = "unknown?";
-
-		try (final Repository repository = RepositoryManager.getRepository()) {
-			RewardShareData rewardShareData = repository.getAccountRepository().getRewardShare(blockData.getMinterPublicKey());
-			if (rewardShareData != null)
-				this.minterAddress = rewardShareData.getMintingAccount();
-		} catch (DataException e) {
-			// We'll carry on with placeholder minterAddress then...
-		}
-
-		this.signature = blockData.getSignature();
-		this.height = blockData.getHeight();
-		this.timestamp = blockData.getTimestamp();
-		this.transactionCount = blockData.getTransactionCount();
-	}
-
-	public byte[] getSignature() {
-		return this.signature;
-	}
-
-	public int getHeight() {
-		return this.height;
-	}
-
-	public long getTimestamp() {
-		return this.timestamp;
-	}
-
-	public int getTransactionCount() {
-		return this.transactionCount;
-	}
-
-	public String getMinterAddress() {
-		return this.minterAddress;
-	}
-
-}

src/main/java/org/qortal/api/model/BlockMintingInfo.java

@@ -0,0 +1,23 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class BlockMintingInfo {
+
+	public byte[] minterPublicKey;
+	public int minterLevel;
+	public int onlineAccountsCount;
+	public BigDecimal maxDistance;
+	public BigInteger keyDistance;
+	public double keyDistanceRatio;
+	public long timestamp;
+	public long timeDelta;
+
+	public BlockMintingInfo() {
+	}
+
+}

src/main/java/org/qortal/api/model/ConnectedPeer.java

@@ -1,61 +1,74 @@
 package org.qortal.api.model;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.qortal.data.network.PeerChainTipData;
 import org.qortal.data.network.PeerData;
 import org.qortal.network.Handshake;
 import org.qortal.network.Peer;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
 @XmlAccessorType(XmlAccessType.FIELD)
 public class ConnectedPeer {
 
-	public enum Direction {
-		INBOUND,
-		OUTBOUND;
-	}
-	public Direction direction;
-	public Handshake handshakeStatus;
-	public Long lastPing;
-	public Long connectedWhen;
-	public Long peersConnectedWhen;
+    public enum Direction {
+        INBOUND,
+        OUTBOUND;
+    }
 
-	public String address;
-	public String version;
+    public Direction direction;
+    public Handshake handshakeStatus;
+    public Long lastPing;
+    public Long connectedWhen;
+    public Long peersConnectedWhen;
 
-	public String nodeId;
+    public String address;
+    public String version;
 
-	public Integer lastHeight;
-	@Schema(example = "base58")
-	public byte[] lastBlockSignature;
-	public Long lastBlockTimestamp;
+    public String nodeId;
 
-	protected ConnectedPeer() {
-	}
+    public Integer lastHeight;
+    @Schema(example = "base58")
+    public byte[] lastBlockSignature;
+    public Long lastBlockTimestamp;
+    public UUID connectionId;
+    public String age;
 
-	public ConnectedPeer(Peer peer) {
-		this.direction = peer.isOutbound() ? Direction.OUTBOUND : Direction.INBOUND;
-		this.handshakeStatus = peer.getHandshakeStatus();
-		this.lastPing = peer.getLastPing();
+    protected ConnectedPeer() {
+    }
 
-		PeerData peerData = peer.getPeerData();
-		this.connectedWhen = peer.getConnectionTimestamp();
-		this.peersConnectedWhen = peer.getPeersConnectionTimestamp();
+    public ConnectedPeer(Peer peer) {
+        this.direction = peer.isOutbound() ? Direction.OUTBOUND : Direction.INBOUND;
+        this.handshakeStatus = peer.getHandshakeStatus();
+        this.lastPing = peer.getLastPing();
 
-		this.address = peerData.getAddress().toString();
+        PeerData peerData = peer.getPeerData();
+        this.connectedWhen = peer.getConnectionTimestamp();
+        this.peersConnectedWhen = peer.getPeersConnectionTimestamp();
 
-		this.version = peer.getPeersVersionString();
-		this.nodeId = peer.getPeersNodeId();
+        this.address = peerData.getAddress().toString();
 
-		PeerChainTipData peerChainTipData = peer.getChainTipData();
-		if (peerChainTipData != null) {
-			this.lastHeight = peerChainTipData.getLastHeight();
-			this.lastBlockSignature = peerChainTipData.getLastBlockSignature();
-			this.lastBlockTimestamp = peerChainTipData.getLastBlockTimestamp();
-		}
-	}
+        this.version = peer.getPeersVersionString();
+        this.nodeId = peer.getPeersNodeId();
+        this.connectionId = peer.getPeerConnectionId();
+        if (peer.getConnectionEstablishedTime() > 0) {
+            long age = (System.currentTimeMillis() - peer.getConnectionEstablishedTime());
+            long minutes = TimeUnit.MILLISECONDS.toMinutes(age);
+            long seconds = TimeUnit.MILLISECONDS.toSeconds(age) - TimeUnit.MINUTES.toSeconds(minutes);
+            this.age = String.format("%dm %ds", minutes, seconds);
+        } else {
+            this.age = "connecting...";
+        }
+
+        PeerChainTipData peerChainTipData = peer.getChainTipData();
+        if (peerChainTipData != null) {
+            this.lastHeight = peerChainTipData.getLastHeight();
+            this.lastBlockSignature = peerChainTipData.getLastBlockSignature();
+            this.lastBlockTimestamp = peerChainTipData.getLastBlockTimestamp();
+        }
+    }
 
 }

src/main/java/org/qortal/api/model/CrossChainBitcoinP2SHStatus.java

@@ -1,31 +0,0 @@
-package org.qortal.api.model;
-
-import java.math.BigDecimal;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-
-import io.swagger.v3.oas.annotations.media.Schema;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-public class CrossChainBitcoinP2SHStatus {
-
-	@Schema(description = "Bitcoin P2SH address", example = "3CdH27kTpV8dcFHVRYjQ8EEV5FJg9X8pSJ (mainnet), 2fMiRRXVsxhZeyfum9ifybZvaMHbQTmwdZw (testnet)")
-	public String bitcoinP2shAddress;
-
-	@Schema(description = "Bitcoin P2SH balance")
-	public BigDecimal bitcoinP2shBalance;
-
-	@Schema(description = "Can P2SH redeem yet?")
-	public boolean canRedeem;
-
-	@Schema(description = "Can P2SH refund yet?")
-	public boolean canRefund;
-
-	@Schema(description = "Secret extracted by P2SH redeemer")
-	public byte[] secret;
-
-	public CrossChainBitcoinP2SHStatus() {
-	}
-
-}

src/main/java/org/qortal/api/model/CrossChainBitcoinyHTLCStatus.java

@@ -0,0 +1,31 @@
+package org.qortal.api.model;
+
+import java.math.BigDecimal;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainBitcoinyHTLCStatus {
+
+	@Schema(description = "P2SH address", example = "3CdH27kTpV8dcFHVRYjQ8EEV5FJg9X8pSJ (mainnet), 2fMiRRXVsxhZeyfum9ifybZvaMHbQTmwdZw (testnet)")
+	public String bitcoinP2shAddress;
+
+	@Schema(description = "P2SH balance")
+	public BigDecimal bitcoinP2shBalance;
+
+	@Schema(description = "Can HTLC redeem yet?")
+	public boolean canRedeem;
+
+	@Schema(description = "Can HTLC refund yet?")
+	public boolean canRefund;
+
+	@Schema(description = "Secret used by HTLC redeemer")
+	public byte[] secret;
+
+	public CrossChainBitcoinyHTLCStatus() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainDualSecretRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainDualSecretRequest {
+
+	@Schema(description = "Public key to match AT's trade 'partner'", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] partnerPublicKey;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	@Schema(description = "secret-A (32 bytes)", example = "FHMzten4he9jZ4HGb4297Utj6F5g2w7serjq2EnAg2s1")
+	public byte[] secretA;
+
+	@Schema(description = "secret-B (32 bytes)", example = "EN2Bgx3BcEMtxFCewmCVSMkfZjVKYhx3KEXC5A21KBGx")
+	public byte[] secretB;
+
+	@Schema(description = "Qortal address for receiving QORT from AT")
+	public String receivingAddress;
+
+	public CrossChainDualSecretRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainOfferSummary.java

@@ -4,7 +4,7 @@ import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
-import org.qortal.crosschain.BTCACCT;
+import org.qortal.crosschain.AcctMode;
 import org.qortal.data.crosschain.CrossChainTradeData;
 
 import io.swagger.v3.oas.annotations.media.Schema;
@@ -16,26 +16,41 @@ public class CrossChainOfferSummary {
 	// Properties
 
 	@Schema(description = "AT's Qortal address")
-	public String qortalAtAddress;
+	private String qortalAtAddress;
 
 	@Schema(description = "AT creator's Qortal address")
-	public String qortalCreator;
+	private String qortalCreator;
+
+	@Schema(description = "AT creator's ephemeral trading key-pair represented as Qortal address")
+	private String qortalCreatorTradeAddress;
 
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
 	private long qortAmount;
 
+	@Schema(description = "Bitcoin amount - DEPRECATED: use foreignAmount")
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	@Deprecated
 	private long btcAmount;
 
+	@Schema(description = "Foreign blockchain amount")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long foreignAmount;
+
 	@Schema(description = "Suggested trade timeout (minutes)", example = "10080")
 	private int tradeTimeout;
 
-	private BTCACCT.Mode mode;
+	@Schema(description = "Current AT execution mode")
+	private AcctMode mode;
 
 	private long timestamp;
 
+	@Schema(description = "Trade partner's Qortal receiving address")
 	private String partnerQortalReceivingAddress;
 
+	private String foreignBlockchain;
+
+	private String acctName;
+
 	protected CrossChainOfferSummary() {
 		/* For JAXB */
 	}
@@ -43,12 +58,16 @@ public class CrossChainOfferSummary {
 	public CrossChainOfferSummary(CrossChainTradeData crossChainTradeData, long timestamp) {
 		this.qortalAtAddress = crossChainTradeData.qortalAtAddress;
 		this.qortalCreator = crossChainTradeData.qortalCreator;
+		this.qortalCreatorTradeAddress = crossChainTradeData.qortalCreatorTradeAddress;
 		this.qortAmount = crossChainTradeData.qortAmount;
-		this.btcAmount = crossChainTradeData.expectedBitcoin;
+		this.foreignAmount = crossChainTradeData.expectedForeignAmount;
+		this.btcAmount = this.foreignAmount; // Duplicate for deprecated field
 		this.tradeTimeout = crossChainTradeData.tradeTimeout;
 		this.mode = crossChainTradeData.mode;
 		this.timestamp = timestamp;
 		this.partnerQortalReceivingAddress = crossChainTradeData.qortalPartnerReceivingAddress;
+		this.foreignBlockchain = crossChainTradeData.foreignBlockchain;
+		this.acctName = crossChainTradeData.acctName;
 	}
 
 	public String getQortalAtAddress() {
@@ -59,6 +78,10 @@ public class CrossChainOfferSummary {
 		return this.qortalCreator;
 	}
 
+	public String getQortalCreatorTradeAddress() {
+		return this.qortalCreatorTradeAddress;
+	}
+
 	public long getQortAmount() {
 		return this.qortAmount;
 	}
@@ -67,11 +90,15 @@ public class CrossChainOfferSummary {
 		return this.btcAmount;
 	}
 
+	public long getForeignAmount() {
+		return this.foreignAmount;
+	}
+
 	public int getTradeTimeout() {
 		return this.tradeTimeout;
 	}
 
-	public BTCACCT.Mode getMode() {
+	public AcctMode getMode() {
 		return this.mode;
 	}
 
@@ -83,10 +110,18 @@ public class CrossChainOfferSummary {
 		return this.partnerQortalReceivingAddress;
 	}
 
+	public String getForeignBlockchain() {
+		return this.foreignBlockchain;
+	}
+
+	public String getAcctName() {
+		return this.acctName;
+	}
+
 	// For debugging mostly
 
 	public String toString() {
-		return String.format("%s: %s", this.qortalAtAddress, this.mode.name());
+		return String.format("%s: %s", this.qortalAtAddress, this.mode);
 	}
 
 }

src/main/java/org/qortal/api/model/CrossChainSecretRequest.java

@@ -8,17 +8,14 @@ import io.swagger.v3.oas.annotations.media.Schema;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class CrossChainSecretRequest {
 
-	@Schema(description = "Public key to match AT's trade 'partner'", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
-	public byte[] partnerPublicKey;
+	@Schema(description = "Private key to match AT's trade 'partner'", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] partnerPrivateKey;
 
 	@Schema(description = "Qortal AT address")
 	public String atAddress;
 
-	@Schema(description = "secret-A (32 bytes)", example = "FHMzten4he9jZ4HGb4297Utj6F5g2w7serjq2EnAg2s1")
-	public byte[] secretA;
-
-	@Schema(description = "secret-B (32 bytes)", example = "EN2Bgx3BcEMtxFCewmCVSMkfZjVKYhx3KEXC5A21KBGx")
-	public byte[] secretB;
+	@Schema(description = "Secret (32 bytes)", example = "FHMzten4he9jZ4HGb4297Utj6F5g2w7serjq2EnAg2s1")
+	public byte[] secret;
 
 	@Schema(description = "Qortal address for receiving QORT from AT")
 	public String receivingAddress;

src/main/java/org/qortal/api/model/CrossChainTradeSummary.java

@@ -6,6 +6,8 @@ import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
 import org.qortal.data.crosschain.CrossChainTradeData;
 
+import io.swagger.v3.oas.annotations.media.Schema;
+
 // All properties to be converted to JSON via JAXB
 @XmlAccessorType(XmlAccessType.FIELD)
 public class CrossChainTradeSummary {
@@ -15,9 +17,20 @@ public class CrossChainTradeSummary {
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
 	private long qortAmount;
 
+	@Deprecated
+	@Schema(description = "DEPRECATED: use foreignAmount instead")
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
 	private long btcAmount;
 
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long foreignAmount;
+
+	private String atAddress;
+
+	private String sellerAddress;
+
+	private String buyerReceivingAddress;
+
 	protected CrossChainTradeSummary() {
 		/* For JAXB */
 	}
@@ -25,7 +38,11 @@ public class CrossChainTradeSummary {
 	public CrossChainTradeSummary(CrossChainTradeData crossChainTradeData, long timestamp) {
 		this.tradeTimestamp = timestamp;
 		this.qortAmount = crossChainTradeData.qortAmount;
-		this.btcAmount = crossChainTradeData.expectedBitcoin;
+		this.foreignAmount = crossChainTradeData.expectedForeignAmount;
+		this.btcAmount = this.foreignAmount;
+		this.sellerAddress = crossChainTradeData.qortalCreator;
+		this.buyerReceivingAddress = crossChainTradeData.qortalPartnerReceivingAddress;
+		this.atAddress = crossChainTradeData.qortalAtAddress;
 	}
 
 	public long getTradeTimestamp() {
@@ -40,4 +57,11 @@ public class CrossChainTradeSummary {
 		return this.btcAmount;
 	}
 
+	public long getForeignAmount() { return this.foreignAmount; }
+
+	public String getAtAddress() { return this.atAddress; }
+
+	public String getSellerAddress() { return this.sellerAddress; }
+
+	public String getBuyerReceivingAddressAddress() { return this.buyerReceivingAddress; }
 }

src/main/java/org/qortal/api/model/ListRequest.java

@@ -0,0 +1,18 @@
+package org.qortal.api.model;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import java.util.List;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ListRequest {
+
+	@Schema(description = "A list of items")
+	public List<String> items;
+
+	public ListRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/NodeStatus.java

@@ -4,6 +4,7 @@ import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 
 import org.qortal.controller.Controller;
+import org.qortal.controller.Synchronizer;
 import org.qortal.network.Network;
 
 @XmlAccessorType(XmlAccessType.FIELD)
@@ -22,7 +23,7 @@ public class NodeStatus {
 	public NodeStatus() {
 		this.isMintingPossible = Controller.getInstance().isMintingPossible();
 
-		this.syncPercent = Controller.getInstance().getSyncPercent();
+		this.syncPercent = Synchronizer.getInstance().getSyncPercent();
 		this.isSynchronizing = this.syncPercent != null;
 
 		this.numberOfConnections = Network.getInstance().getHandshakedPeers().size();

src/main/java/org/qortal/api/model/PeersSummary.java

@@ -0,0 +1,15 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class PeersSummary {
+
+	public int inboundConnections;
+	public int outboundConnections;
+
+	public PeersSummary() {
+	}
+
+}

src/main/java/org/qortal/api/model/SimpleForeignTransaction.java

@@ -0,0 +1,157 @@
+package org.qortal.api.model;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class SimpleForeignTransaction {
+
+	public static class AddressAmount {
+		public final String address;
+		public final long amount;
+
+		protected AddressAmount() {
+			/* For JAXB */
+			this.address = null;
+			this.amount = 0;
+		}
+
+		public AddressAmount(String address, long amount) {
+			this.address = address;
+			this.amount = amount;
+		}
+	}
+
+	private String txHash;
+	private long timestamp;
+
+	private List<AddressAmount> inputs;
+
+	public static class Output {
+		public final List<String> addresses;
+		public final long amount;
+
+		protected Output() {
+			/* For JAXB */
+			this.addresses = null;
+			this.amount = 0;
+		}
+
+		public Output(List<String> addresses, long amount) {
+			this.addresses = addresses;
+			this.amount = amount;
+		}
+	}
+	private List<Output> outputs;
+
+	private long totalAmount;
+	private long fees;
+
+	private Boolean isSentNotReceived;
+
+	protected SimpleForeignTransaction() {
+		/* For JAXB */
+	}
+
+	private SimpleForeignTransaction(Builder builder) {
+		this.txHash = builder.txHash;
+		this.timestamp = builder.timestamp;
+		this.inputs = Collections.unmodifiableList(builder.inputs);
+		this.outputs = Collections.unmodifiableList(builder.outputs);
+
+		Objects.requireNonNull(this.txHash);
+		if (timestamp <= 0)
+			throw new IllegalArgumentException("timestamp must be positive");
+
+		long totalGrossAmount = this.inputs.stream().map(addressAmount -> addressAmount.amount).reduce(0L, Long::sum);
+		this.totalAmount = this.outputs.stream().map(addressAmount -> addressAmount.amount).reduce(0L, Long::sum);
+
+		this.fees = totalGrossAmount - this.totalAmount;
+
+		this.isSentNotReceived = builder.isSentNotReceived;
+	}
+
+	public String getTxHash() {
+		return this.txHash;
+	}
+
+	public long getTimestamp() {
+		return this.timestamp;
+	}
+
+	public List<AddressAmount> getInputs() {
+		return this.inputs;
+	}
+
+	public List<Output> getOutputs() {
+		return this.outputs;
+	}
+
+	public long getTotalAmount() {
+		return this.totalAmount;
+	}
+
+	public long getFees() {
+		return this.fees;
+	}
+
+	public Boolean isSentNotReceived() {
+		return this.isSentNotReceived;
+	}
+
+	public static class Builder {
+		private String txHash;
+		private long timestamp;
+		private List<AddressAmount> inputs = new ArrayList<>();
+		private List<Output> outputs = new ArrayList<>();
+		private Boolean isSentNotReceived;
+
+		public Builder txHash(String txHash) {
+			this.txHash = Objects.requireNonNull(txHash);
+			return this;
+		}
+
+		public Builder timestamp(long timestamp) {
+			if (timestamp <= 0)
+				throw new IllegalArgumentException("timestamp must be positive");
+
+			this.timestamp = timestamp;
+			return this;
+		}
+
+		public Builder input(String address, long amount) {
+			Objects.requireNonNull(address);
+			if (amount < 0)
+				throw new IllegalArgumentException("amount must be zero or positive");
+
+			AddressAmount input = new AddressAmount(address, amount);
+			inputs.add(input);
+			return this;
+		}
+
+		public Builder output(List<String> addresses, long amount) {
+			Objects.requireNonNull(addresses);
+			if (amount < 0)
+				throw new IllegalArgumentException("amount must be zero or positive");
+
+			Output output = new Output(addresses, amount);
+			outputs.add(output);
+			return this;
+		}
+
+		public Builder isSentNotReceived(Boolean isSentNotReceived) {
+			this.isSentNotReceived = isSentNotReceived;
+			return this;
+		}
+
+		public SimpleForeignTransaction build() {
+			return new SimpleForeignTransaction(this);
+		}
+	}
+
+}

src/main/java/org/qortal/api/model/TradeBotRespondRequest.java

@@ -1,23 +0,0 @@
-package org.qortal.api.model;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-
-import io.swagger.v3.oas.annotations.media.Schema;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-public class TradeBotRespondRequest {
-
-	@Schema(description = "Qortal AT address", example = "Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
-	public String atAddress;
-
-	@Schema(description = "Bitcoin BIP32 extended private key", example = "xprv___________________________________________________________________________________________________________")
-	public String xprv58;
-
-	@Schema(description = "Qortal address for receiving QORT from AT", example = "Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq")
-	public String receivingAddress;
-
-	public TradeBotRespondRequest() {
-	}
-
-}

src/main/java/org/qortal/api/model/crosschain/BitcoinSendRequest.java

@@ -1,4 +1,4 @@
-package org.qortal.api.model;
+package org.qortal.api.model.crosschain;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
@@ -9,16 +9,20 @@ import io.swagger.v3.oas.annotations.media.Schema;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class BitcoinSendRequest {
 
-	@Schema(description = "Bitcoin BIP32 extended private key", example = "tprv8ZgxMBicQKsPdahhFSrCdvC1bsWyzHHZfTneTVqUXN6s1wEtZLwAkZXzFP6TbTVGajEB55L1HYLg2aQMecZLXLre5YJcawpdFG66STVAWPJ")
+	@Schema(description = "Bitcoin BIP32 extended private key", example = "tprv___________________________________________________________________________________________________________")
 	public String xprv58;
 
 	@Schema(description = "Recipient's Bitcoin address ('legacy' P2PKH only)", example = "1BitcoinEaterAddressDontSendf59kuE")
 	public String receivingAddress;
 
-	@Schema(description = "Amount of BTC to send")
+	@Schema(description = "Amount of BTC to send", type = "number")
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
 	public long bitcoinAmount;
 
+	@Schema(description = "Transaction fee per byte (optional). Default is 0.00000100 BTC (100 sats) per byte", example = "0.00000100", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long feePerByte;
+
 	public BitcoinSendRequest() {
 	}
 

src/main/java/org/qortal/api/model/crosschain/DogecoinSendRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class DogecoinSendRequest {
+
+	@Schema(description = "Dogecoin BIP32 extended private key", example = "tprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Recipient's Dogecoin address ('legacy' P2PKH only)", example = "DoGecoinEaterAddressDontSendhLfzKD")
+	public String receivingAddress;
+
+	@Schema(description = "Amount of DOGE to send", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long dogecoinAmount;
+
+	@Schema(description = "Transaction fee per byte (optional). Default is 0.00000100 DOGE (100 sats) per byte", example = "0.00000100", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long feePerByte;
+
+	public DogecoinSendRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/LitecoinSendRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class LitecoinSendRequest {
+
+	@Schema(description = "Litecoin BIP32 extended private key", example = "tprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Recipient's Litecoin address ('legacy' P2PKH only)", example = "LiTecoinEaterAddressDontSendhLfzKD")
+	public String receivingAddress;
+
+	@Schema(description = "Amount of LTC to send", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long litecoinAmount;
+
+	@Schema(description = "Transaction fee per byte (optional). Default is 0.00000100 LTC (100 sats) per byte", example = "0.00000100", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long feePerByte;
+
+	public LitecoinSendRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/TradeBotCreateRequest.java

@@ -1,9 +1,11 @@
-package org.qortal.api.model;
+package org.qortal.api.model.crosschain;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
+import org.qortal.crosschain.SupportedBlockchain;
+
 import io.swagger.v3.oas.annotations.media.Schema;
 
 @XmlAccessorType(XmlAccessType.FIELD)
@@ -12,22 +14,30 @@ public class TradeBotCreateRequest {
 	@Schema(description = "Trade creator's public key", example = "2zR1WFsbM7akHghqSCYKBPk6LDP8aKiQSRS1FrwoLvoB")
 	public byte[] creatorPublicKey;
 
-	@Schema(description = "QORT amount paid out on successful trade", example = "80.40200000")
+	@Schema(description = "QORT amount paid out on successful trade", example = "80.40000000", type = "number")
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
 	public long qortAmount;
 
-	@Schema(description = "QORT amount funding AT, including covering AT execution fees", example = "81")
+	@Schema(description = "QORT amount funding AT, including covering AT execution fees", example = "80.50000000", type = "number")
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
 	public long fundingQortAmount;
 
-	@Schema(description = "Bitcoin amount wanted in return", example = "0.00864200")
+	@Deprecated
+	@Schema(description = "Bitcoin amount wanted in return. DEPRECATED: use foreignAmount instead", example = "0.00864200", type = "number", hidden = true)
 	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
-	public long bitcoinAmount;
+	public Long bitcoinAmount;
+
+	@Schema(description = "Foreign blockchain. Note: default (BITCOIN) to be removed in the future", example = "BITCOIN", implementation = SupportedBlockchain.class)
+	public SupportedBlockchain foreignBlockchain;
+
+	@Schema(description = "Foreign blockchain amount wanted in return", example = "0.00864200", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long foreignAmount;
 
 	@Schema(description = "Suggested trade timeout (minutes)", example = "10080")
 	public int tradeTimeout;
 
-	@Schema(description = "Bitcoin address for receiving", example = "1BitcoinEaterAddressDontSendf59kuE")
+	@Schema(description = "Foreign blockchain address for receiving", example = "1BitcoinEaterAddressDontSendf59kuE")
 	public String receivingAddress;
 
 	public TradeBotCreateRequest() {

src/main/java/org/qortal/api/model/crosschain/TradeBotRespondRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class TradeBotRespondRequest {
+
+	@Schema(description = "Qortal AT address", example = "Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+	public String atAddress;
+
+	@Deprecated
+	@Schema(description = "Bitcoin BIP32 extended private key. DEPRECATED: use foreignKey instead", hidden = true,
+			example = "xprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Foreign blockchain private key, e.g. BIP32 'm' key for Bitcoin/Litecoin starting with 'xprv'",
+			example = "xprv___________________________________________________________________________________________________________")
+	public String foreignKey;
+
+	@Schema(description = "Qortal address for receiving QORT from AT", example = "Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq")
+	public String receivingAddress;
+
+	public TradeBotRespondRequest() {
+	}
+
+}

src/main/java/org/qortal/api/resource/AddressesResource.java

@@ -7,18 +7,16 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import java.math.BigDecimal;
 import java.util.ArrayList;
+import java.util.Comparator;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
@@ -37,6 +35,7 @@ import org.qortal.crypto.Crypto;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.account.RewardShareData;
 import org.qortal.data.network.OnlineAccountData;
+import org.qortal.data.network.OnlineAccountLevel;
 import org.qortal.data.transaction.PublicizeTransactionData;
 import org.qortal.data.transaction.RewardShareTransactionData;
 import org.qortal.data.transaction.TransactionData;
@@ -179,6 +178,66 @@ public class AddressesResource {
 		}
 	}
 
+	@GET
+	@Path("/online/levels")
+	@Operation(
+			summary = "Return currently 'online' accounts counts, grouped by level",
+			responses = {
+					@ApiResponse(
+							description = "online accounts",
+							content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = ApiOnlineAccount.class)))
+					)
+			}
+	)
+	@ApiErrors({ApiError.PUBLIC_KEY_NOT_FOUND, ApiError.REPOSITORY_ISSUE})
+	public List<OnlineAccountLevel> getOnlineAccountsByLevel() {
+		List<OnlineAccountData> onlineAccounts = Controller.getInstance().getOnlineAccounts();
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<OnlineAccountLevel> onlineAccountLevels = new ArrayList<>();
+
+			for (OnlineAccountData onlineAccountData : onlineAccounts) {
+				try {
+					final int minterLevel = Account.getRewardShareEffectiveMintingLevelIncludingLevelZero(repository, onlineAccountData.getPublicKey());
+
+					OnlineAccountLevel onlineAccountLevel = onlineAccountLevels.stream()
+							.filter(a -> a.getLevel() == minterLevel)
+							.findFirst().orElse(null);
+
+					// Note: I don't think we can use the level as the List index here because there will be gaps.
+					// So we are forced to manually look up the existing item each time.
+					// There's probably a nice shorthand java way of doing this, but this approach gets the same result.
+
+					if (onlineAccountLevel == null) {
+						// No entry exists for this level yet, so create one
+						onlineAccountLevel = new OnlineAccountLevel(minterLevel, 1);
+						onlineAccountLevels.add(onlineAccountLevel);
+					}
+					else {
+						// Already exists - so increment the count
+						int existingCount = onlineAccountLevel.getCount();
+						onlineAccountLevel.setCount(++existingCount);
+
+						// Then replace the existing item
+						int index = onlineAccountLevels.indexOf(onlineAccountLevel);
+						onlineAccountLevels.set(index, onlineAccountLevel);
+					}
+
+				} catch (DataException e) {
+					continue;
+				}
+			}
+
+			// Sort by level
+			onlineAccountLevels.sort(Comparator.comparingInt(OnlineAccountLevel::getLevel));
+
+			return onlineAccountLevels;
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
 	@GET
 	@Path("/balance/{address}")
 	@Operation(
@@ -473,7 +532,8 @@ public class AddressesResource {
 		}
 	)
 	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
-	public String computePublicize(String rawBytes58) {
+	@SecurityRequirement(name = "apiKey")
+	public String computePublicize(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String rawBytes58) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {

src/main/java/org/qortal/api/resource/AdminResource.java

@@ -8,6 +8,7 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import java.io.IOException;
@@ -21,32 +22,29 @@ import java.time.OffsetDateTime;
 import java.time.ZoneOffset;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.stream.Collectors;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.core.LoggerContext;
 import org.apache.logging.log4j.core.appender.RollingFileAppender;
+import org.checkerframework.checker.units.qual.A;
 import org.qortal.account.Account;
 import org.qortal.account.PrivateKeyAccount;
-import org.qortal.api.ApiError;
-import org.qortal.api.ApiErrors;
-import org.qortal.api.ApiExceptionFactory;
-import org.qortal.api.Security;
+import org.qortal.api.*;
 import org.qortal.api.model.ActivitySummary;
 import org.qortal.api.model.NodeInfo;
 import org.qortal.api.model.NodeStatus;
 import org.qortal.block.BlockChain;
 import org.qortal.controller.Controller;
+import org.qortal.controller.Synchronizer;
 import org.qortal.controller.Synchronizer.SynchronizationResult;
 import org.qortal.data.account.MintingAccountData;
 import org.qortal.data.account.RewardShareData;
@@ -66,6 +64,8 @@ import com.google.common.collect.Lists;
 @Tag(name = "Admin")
 public class AdminResource {
 
+	private static final Logger LOGGER = LogManager.getLogger(AdminResource.class);
+
 	private static final int MAX_LOG_LINES = 500;
 
 	@Context
@@ -75,7 +75,8 @@ public class AdminResource {
 	@Path("/unused")
 	@Parameter(in = ParameterIn.PATH, name = "assetid", description = "Asset ID, 0 is native coin", schema = @Schema(type = "integer"))
 	@Parameter(in = ParameterIn.PATH, name = "otherassetid", description = "Asset ID, 0 is native coin", schema = @Schema(type = "integer"))
-	@Parameter(in = ParameterIn.PATH, name = "address", description = "an account address", example = "QgV4s3xnzLhVBEJxcYui4u4q11yhUHsd9v")
+	@Parameter(in = ParameterIn.PATH, name = "address", description = "An account address", example = "QgV4s3xnzLhVBEJxcYui4u4q11yhUHsd9v")
+	@Parameter(in = ParameterIn.PATH, name = "path", description = "Local path to folder containing the files", schema = @Schema(type = "String", defaultValue = "/Users/user/Documents/MyStaticWebsite"))
 	@Parameter(in = ParameterIn.QUERY, name = "count", description = "Maximum number of entries to return, 0 means none", schema = @Schema(type = "integer", defaultValue = "20"))
 	@Parameter(in = ParameterIn.QUERY, name = "limit", description = "Maximum number of entries to return, 0 means unlimited", schema = @Schema(type = "integer", defaultValue = "20"))
 	@Parameter(in = ParameterIn.QUERY, name = "offset", description = "Starting entry in results, 0 is first entry", schema = @Schema(type = "integer"))
@@ -134,8 +135,6 @@ public class AdminResource {
 		}
 	)
 	public NodeStatus status() {
-		Security.checkApiCallAllowed(request);
-
 		NodeStatus nodeStatus = new NodeStatus();
 
 		return nodeStatus;
@@ -153,7 +152,8 @@ public class AdminResource {
 			)
 		}
 	)
-	public String shutdown() {
+	@SecurityRequirement(name = "apiKey")
+	public String shutdown(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
 		Security.checkApiCallAllowed(request);
 
 		new Thread(() -> {
@@ -181,7 +181,10 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
-	public ActivitySummary summary() {
+	@SecurityRequirement(name = "apiKey")
+	public ActivitySummary summary(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
 		ActivitySummary summary = new ActivitySummary();
 
 		LocalDate date = LocalDate.now();
@@ -193,16 +196,13 @@ public class AdminResource {
 			int startHeight = repository.getBlockRepository().getHeightFromTimestamp(start);
 			int endHeight = repository.getBlockRepository().getBlockchainHeight();
 
-			summary.blockCount = endHeight - startHeight;
+			summary.setBlockCount(endHeight - startHeight);
 
-			summary.transactionCountByType = repository.getTransactionRepository().getTransactionSummary(startHeight + 1, endHeight);
+			summary.setTransactionCountByType(repository.getTransactionRepository().getTransactionSummary(startHeight + 1, endHeight));
 
-			for (Integer count : summary.transactionCountByType.values())
-				summary.transactionCount += count;
+			summary.setAssetsIssued(repository.getAssetRepository().getRecentAssetIds(start).size());
 
-			summary.assetsIssued = repository.getAssetRepository().getRecentAssetIds(start).size();
-
-			summary.namesRegistered = repository.getNameRepository().getRecentNames(start).size();
+			summary.setNamesRegistered (repository.getNameRepository().getRecentNames(start).size());
 
 			return summary;
 		} catch (DataException e) {
@@ -210,6 +210,30 @@ public class AdminResource {
 		}
 	}
 
+	@GET
+	@Path("/enginestats")
+	@Operation(
+		summary = "Fetch statistics snapshot for core engine",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					mediaType = MediaType.APPLICATION_JSON,
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = Controller.StatsSnapshot.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public Controller.StatsSnapshot getEngineStats(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		return Controller.getInstance().getStatsSnapshot();
+	}
+
 	@GET
 	@Path("/mintingaccounts")
 	@Operation(
@@ -223,7 +247,6 @@ public class AdminResource {
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
 	public List<MintingAccountData> getMintingAccounts() {
-		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			List<MintingAccountData> mintingAccounts = repository.getAccountRepository().getMintingAccounts();
@@ -268,7 +291,8 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE, ApiError.CANNOT_MINT})
-	public String addMintingAccount(String seed58) {
+	@SecurityRequirement(name = "apiKey")
+	public String addMintingAccount(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String seed58) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
@@ -291,6 +315,7 @@ public class AdminResource {
 
 			repository.getAccountRepository().save(mintingAccountData);
 			repository.saveChanges();
+			repository.exportNodeLocalData();//after adding new minting account let's persist it to the backup  MintingAccounts.json 
 		} catch (IllegalArgumentException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY, e);
 		} catch (DataException e) {
@@ -320,7 +345,8 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE})
-	public String deleteMintingAccount(String key58) {
+	@SecurityRequirement(name = "apiKey")
+	public String deleteMintingAccount(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
@@ -330,6 +356,7 @@ public class AdminResource {
 				return "false";
 
 			repository.saveChanges();
+			repository.exportNodeLocalData();//after removing new minting account let's persist it to the backup  MintingAccounts.json 
 		} catch (IllegalArgumentException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY, e);
 		} catch (DataException e) {
@@ -419,7 +446,8 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_HEIGHT, ApiError.REPOSITORY_ISSUE})
-	public String orphan(String targetHeightString) {
+	@SecurityRequirement(name = "apiKey")
+	public String orphan(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String targetHeightString) {
 		Security.checkApiCallAllowed(request);
 
 		try {
@@ -428,6 +456,23 @@ public class AdminResource {
 			if (targetHeight <= 0 || targetHeight > Controller.getInstance().getChainHeight())
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_HEIGHT);
 
+			// Make sure we're not orphaning as far back as the archived blocks
+			// FUTURE: we could support this by first importing earlier blocks from the archive
+			if (Settings.getInstance().isTopOnly() ||
+				Settings.getInstance().isArchiveEnabled()) {
+
+				try (final Repository repository = RepositoryManager.getRepository()) {
+					// Find the first unarchived block
+					int oldestBlock = repository.getBlockArchiveRepository().getBlockArchiveHeight();
+					// Add some extra blocks just in case we're currently archiving/pruning
+					oldestBlock += 100;
+					if (targetHeight <= oldestBlock) {
+						LOGGER.info("Unable to orphan beyond block {} because it is archived", oldestBlock);
+						throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_HEIGHT);
+					}
+				}
+			}
+
 			if (BlockChain.orphan(targetHeight))
 				return "true";
 			else
@@ -460,7 +505,8 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE})
-	public String forceSync(String targetPeerAddress) {
+	@SecurityRequirement(name = "apiKey")
+	public String forceSync(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String targetPeerAddress) {
 		Security.checkApiCallAllowed(request);
 
 		try {
@@ -482,7 +528,7 @@ public class AdminResource {
 			SynchronizationResult syncResult;
 			try {
 				do {
-					syncResult = Controller.getInstance().actuallySynchronize(targetPeer, true);
+					syncResult = Synchronizer.getInstance().actuallySynchronize(targetPeer, true);
 				} while (syncResult == SynchronizationResult.OK);
 			} finally {
 				blockchainLock.unlock();
@@ -498,14 +544,116 @@ public class AdminResource {
 		}
 	}
 
-	@DELETE
-	@Path("/repository")
+	@GET
+	@Path("/repository/data")
 	@Operation(
-		summary = "Perform maintenance on repository.",
-		description = "Requires enough free space to rebuild repository. This will pause your node for a while."
+		summary = "Export sensitive/node-local data from repository.",
+		description = "Exports data to .json files on local machine"
+	)
+	@ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String exportRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			repository.exportNodeLocalData();
+			return "true";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/repository/data")
+	@Operation(
+		summary = "Import data into repository.",
+		description = "Imports data from file on local machine. Filename is forced to 'qortal-backup/TradeBotStates.json' if apiKey is not set.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string", example = "qortal-backup/TradeBotStates.json"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "\"true\"",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
-	public void performRepositoryMaintenance() {
+	@SecurityRequirement(name = "apiKey")
+	public String importRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String filename) {
+		Security.checkApiCallAllowed(request);
+
+		// Hard-coded because it's too dangerous to allow user-supplied filenames in weaker security contexts
+		if (Settings.getInstance().getApiKey() == null)
+			filename = "qortal-backup/TradeBotStates.json";
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ReentrantLock blockchainLock = Controller.getInstance().getBlockchainLock();
+
+			blockchainLock.lockInterruptibly();
+
+			try {
+				repository.importDataFromFile(filename);
+				repository.saveChanges();
+
+				return "true";
+
+			} catch (IOException e) {
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA, e);
+
+			} finally {
+				blockchainLock.unlock();
+			}
+		} catch (InterruptedException e) {
+			// We couldn't lock blockchain to perform import
+			return "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/repository/checkpoint")
+	@Operation(
+		summary = "Checkpoint data in repository.",
+		description = "Forces repository to checkpoint uncommitted writes.",
+		responses = {
+			@ApiResponse(
+				description = "\"true\"",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String checkpointRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		RepositoryManager.setRequestedCheckpoint(Boolean.TRUE);
+
+		return "true";
+	}
+
+	@POST
+	@Path("/repository/backup")
+	@Operation(
+		summary = "Perform online backup of repository.",
+		responses = {
+			@ApiResponse(
+				description = "\"true\"",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String backupRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
@@ -514,15 +662,105 @@ public class AdminResource {
 			blockchainLock.lockInterruptibly();
 
 			try {
-				repository.performPeriodicMaintenance();
+				// Timeout if the database isn't ready for backing up after 60 seconds
+				long timeout = 60 * 1000L;
+				repository.backup(true, "backup", timeout);
+				repository.saveChanges();
+
+				return "true";
 			} finally {
 				blockchainLock.unlock();
 			}
-		} catch (InterruptedException e) {
-			// No big deal
+		} catch (InterruptedException | TimeoutException e) {
+			// We couldn't lock blockchain to perform backup
+			return "false";
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
 	}
 
+	@DELETE
+	@Path("/repository")
+	@Operation(
+		summary = "Perform maintenance on repository.",
+		description = "Requires enough free space to rebuild repository. This will pause your node for a while."
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public void performRepositoryMaintenance(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ReentrantLock blockchainLock = Controller.getInstance().getBlockchainLock();
+
+			blockchainLock.lockInterruptibly();
+
+			try {
+				// Timeout if the database isn't ready to start after 60 seconds
+				long timeout = 60 * 1000L;
+				repository.performPeriodicMaintenance(timeout);
+			} finally {
+				blockchainLock.unlock();
+			}
+		} catch (InterruptedException e) {
+			// No big deal
+		} catch (DataException | TimeoutException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+
+	@POST
+	@Path("/apikey/generate")
+	@Operation(
+			summary = "Generate an API key",
+			description = "This request is unauthenticated if no API key has been generated yet. " +
+					"If an API key already exists, it needs to be passed as a header and this endpoint " +
+					"will then generate a new key which replaces the existing one.",
+			responses = {
+					@ApiResponse(
+							description = "API key string",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+					)
+			}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public String generateApiKey(@HeaderParam(Security.API_KEY_HEADER) String apiKeyHeader) {
+		ApiKey apiKey = Security.getApiKey(request);
+
+		// If the API key is already generated, we need to authenticate this request
+		if (apiKey.generated() && apiKey.exists()) {
+			Security.checkApiCallAllowed(request);
+		}
+
+		// Not generated yet - so we are safe to generate one
+		// FUTURE: we may want to restrict this to local/loopback only?
+
+		try {
+			apiKey.generate();
+		} catch (IOException e) {
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Unable to generate API key");
+		}
+
+		return apiKey.toString();
+	}
+
+	@GET
+	@Path("/apikey/test")
+	@Operation(
+			summary = "Test an API key",
+			responses = {
+					@ApiResponse(
+							description = "true if authenticated",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public String testApiKey(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		return "true";
+	}
+
 }

src/main/java/org/qortal/api/resource/ApiDefinition.java

@@ -1,11 +1,17 @@
 package org.qortal.api.resource;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.extensions.Extension;
 import io.swagger.v3.oas.annotations.extensions.ExtensionProperty;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import io.swagger.v3.oas.annotations.security.SecuritySchemes;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import org.qortal.api.Security;
+
 @OpenAPIDefinition(
 		info = @Info( title = "Qortal API", description = "NOTE: byte-arrays are encoded in Base58" ),
 		tags = {
@@ -30,5 +36,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 			})
 		}
 )
+@SecuritySchemes({
+	@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic"),
+	@SecurityScheme(name = "apiKey", type = SecuritySchemeType.APIKEY, in = SecuritySchemeIn.HEADER, paramName = Security.API_KEY_HEADER)
+})
 public class ApiDefinition {
 }

src/main/java/org/qortal/api/resource/BlocksResource.java

@@ -1,5 +1,6 @@
 package org.qortal.api.resource;
 
+import com.google.common.primitives.Ints;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.ArraySchema;
@@ -8,7 +9,14 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.math.RoundingMode;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Comparator;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
@@ -20,19 +28,25 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
+import org.qortal.account.Account;
 import org.qortal.api.ApiError;
 import org.qortal.api.ApiErrors;
 import org.qortal.api.ApiExceptionFactory;
-import org.qortal.api.model.BlockInfo;
+import org.qortal.api.model.BlockMintingInfo;
 import org.qortal.api.model.BlockSignerSummary;
+import org.qortal.block.Block;
+import org.qortal.controller.Controller;
 import org.qortal.crypto.Crypto;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.block.BlockData;
 import org.qortal.data.block.BlockSummaryData;
 import org.qortal.data.transaction.TransactionData;
+import org.qortal.repository.BlockArchiveReader;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryManager;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.block.BlockTransformer;
 import org.qortal.utils.Base58;
 
 @Path("/blocks")
@@ -61,7 +75,8 @@ public class BlocksResource {
 	@ApiErrors({
 		ApiError.INVALID_SIGNATURE, ApiError.BLOCK_UNKNOWN, ApiError.REPOSITORY_ISSUE
 	})
-	public BlockData getBlock(@PathParam("signature") String signature58) {
+	public BlockData getBlock(@PathParam("signature") String signature58,
+							  @QueryParam("includeOnlineSignatures") Boolean includeOnlineSignatures) {
 		// Decode signature
 		byte[] signature;
 		try {
@@ -71,16 +86,80 @@ public class BlocksResource {
 		}
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
+		    // Check the database first
 			BlockData blockData = repository.getBlockRepository().fromSignature(signature);
-			if (blockData == null)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			if (blockData != null) {
+				if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+					blockData.setOnlineAccountsSignatures(null);
+				}
+				return blockData;
+			}
 
-			return blockData;
+            // Not found, so try the block archive
+			blockData = repository.getBlockArchiveRepository().fromSignature(signature);
+			if (blockData != null) {
+				if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+					blockData.setOnlineAccountsSignatures(null);
+				}
+				return blockData;
+			}
+
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
 	}
 
+	@GET
+	@Path("/signature/{signature}/data")
+	@Operation(
+			summary = "Fetch serialized, base58 encoded block data using base58 signature",
+			description = "Returns serialized data for the block that matches the given signature",
+			responses = {
+					@ApiResponse(
+							description = "the block data",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+					)
+			}
+	)
+	@ApiErrors({
+			ApiError.INVALID_SIGNATURE, ApiError.BLOCK_UNKNOWN, ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE
+	})
+	public String getSerializedBlockData(@PathParam("signature") String signature58) {
+		// Decode signature
+		byte[] signature;
+		try {
+			signature = Base58.decode(signature58);
+		} catch (NumberFormatException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_SIGNATURE, e);
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+            // Check the database first
+			BlockData blockData = repository.getBlockRepository().fromSignature(signature);
+			if (blockData != null) {
+                Block block = new Block(repository, blockData);
+                ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+                bytes.write(Ints.toByteArray(block.getBlockData().getHeight()));
+                bytes.write(BlockTransformer.toBytes(block));
+                return Base58.encode(bytes.toByteArray());
+            }
+
+            // Not found, so try the block archive
+            byte[] bytes = BlockArchiveReader.getInstance().fetchSerializedBlockBytesForSignature(signature, false, repository);
+            if (bytes != null) {
+                return Base58.encode(bytes);
+            }
+
+            throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA, e);
+		} catch (DataException | IOException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
 	@GET
 	@Path("/signature/{signature}/transactions")
 	@Operation(
@@ -118,8 +197,12 @@ public class BlocksResource {
 		}
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			if (repository.getBlockRepository().getHeightFromSignature(signature) == 0)
+		    // Check if the block exists in either the database or archive
+			if (repository.getBlockRepository().getHeightFromSignature(signature) == 0 &&
+					repository.getBlockArchiveRepository().getHeightFromSignature(signature) == 0) {
+				// Not found in either the database or archive
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+            }
 
 			return repository.getBlockRepository().getTransactionsFromSignature(signature, limit, offset, reverse);
 		} catch (DataException e) {
@@ -148,7 +231,19 @@ public class BlocksResource {
 	})
 	public BlockData getFirstBlock() {
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			return repository.getBlockRepository().fromHeight(1);
+			// Check the database first
+			BlockData blockData = repository.getBlockRepository().fromHeight(1);
+			if (blockData != null) {
+				return blockData;
+			}
+
+			// Try the archive
+			blockData = repository.getBlockArchiveRepository().fromHeight(1);
+			if (blockData != null) {
+				return blockData;
+			}
+
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -173,9 +268,15 @@ public class BlocksResource {
 	@ApiErrors({
 		ApiError.REPOSITORY_ISSUE
 	})
-	public BlockData getLastBlock() {
+	public BlockData getLastBlock(@QueryParam("includeOnlineSignatures") Boolean includeOnlineSignatures) {
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			return repository.getBlockRepository().getLastBlock();
+			BlockData blockData = repository.getBlockRepository().getLastBlock();
+
+			if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+				blockData.setOnlineAccountsSignatures(null);
+			}
+
+			return blockData;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -210,17 +311,28 @@ public class BlocksResource {
 		}
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
+			BlockData childBlockData = null;
+
+			// Check if block exists in database
 			BlockData blockData = repository.getBlockRepository().fromSignature(signature);
+			if (blockData != null) {
+				return repository.getBlockRepository().fromReference(signature);
+			}
 
-			// Check block exists
-			if (blockData == null)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
-
-			BlockData childBlockData = repository.getBlockRepository().fromReference(signature);
+			// Not found, so try the archive
+			// This also checks that the parent block exists
+			// It will return null if either the parent or child don't exit
+			childBlockData = repository.getBlockArchiveRepository().fromReference(signature);
 
 			// Check child block exists
-			if (childBlockData == null)
+			if (childBlockData == null) {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			}
+
+			// Check child block's reference matches the supplied signature
+			if (!Arrays.equals(childBlockData.getReference(), signature)) {
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			}
 
 			return childBlockData;
 		} catch (DataException e) {
@@ -286,13 +398,20 @@ public class BlocksResource {
 		}
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Firstly check the database
 			BlockData blockData = repository.getBlockRepository().fromSignature(signature);
+			if (blockData != null) {
+				return blockData.getHeight();
+			}
 
-			// Check block exists
-			if (blockData == null)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			// Not found, so try the archive
+			blockData = repository.getBlockArchiveRepository().fromSignature(signature);
+			if (blockData != null) {
+				return blockData.getHeight();
+			}
+
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 
-			return blockData.getHeight();
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -317,13 +436,101 @@ public class BlocksResource {
 	@ApiErrors({
 		ApiError.BLOCK_UNKNOWN, ApiError.REPOSITORY_ISSUE
 	})
-	public BlockData getByHeight(@PathParam("height") int height) {
+	public BlockData getByHeight(@PathParam("height") int height,
+								 @QueryParam("includeOnlineSignatures") Boolean includeOnlineSignatures) {
 		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Firstly check the database
 			BlockData blockData = repository.getBlockRepository().fromHeight(height);
-			if (blockData == null)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			if (blockData != null) {
+				if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+					blockData.setOnlineAccountsSignatures(null);
+				}
+				return blockData;
+			}
 
-			return blockData;
+			// Not found, so try the archive
+			blockData = repository.getBlockArchiveRepository().fromHeight(height);
+			if (blockData != null) {
+				if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+					blockData.setOnlineAccountsSignatures(null);
+				}
+				return blockData;
+			}
+
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/byheight/{height}/mintinginfo")
+	@Operation(
+			summary = "Fetch block minter info using block height",
+			description = "Returns the minter info for the block with given height",
+			responses = {
+					@ApiResponse(
+							description = "the block",
+							content = @Content(
+									schema = @Schema(
+											implementation = BlockData.class
+									)
+							)
+					)
+			}
+	)
+	@ApiErrors({
+			ApiError.BLOCK_UNKNOWN, ApiError.REPOSITORY_ISSUE
+	})
+	public BlockMintingInfo getBlockMintingInfoByHeight(@PathParam("height") int height) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Try the database
+			BlockData blockData = repository.getBlockRepository().fromHeight(height);
+			if (blockData == null) {
+
+				// Not found, so try the archive
+				blockData = repository.getBlockArchiveRepository().fromHeight(height);
+				if (blockData == null) {
+
+					// Still not found
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+				}
+			}
+
+			Block block = new Block(repository, blockData);
+			BlockData parentBlockData = repository.getBlockRepository().fromSignature(blockData.getReference());
+			if (parentBlockData == null) {
+				// Parent block not found - try the archive
+				parentBlockData = repository.getBlockArchiveRepository().fromSignature(blockData.getReference());
+				if (parentBlockData == null) {
+
+					// Still not found
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+				}
+			}
+
+			int minterLevel = Account.getRewardShareEffectiveMintingLevel(repository, blockData.getMinterPublicKey());
+			if (minterLevel == 0)
+				// This may be unavailable when requesting a trimmed block
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			BigInteger distance = block.calcKeyDistance(parentBlockData.getHeight(), parentBlockData.getSignature(), blockData.getMinterPublicKey(), minterLevel);
+			double ratio = new BigDecimal(distance).divide(new BigDecimal(block.MAX_DISTANCE), 40, RoundingMode.DOWN).doubleValue();
+			long timestamp = block.calcTimestamp(parentBlockData, blockData.getMinterPublicKey(), minterLevel);
+			long timeDelta = timestamp - parentBlockData.getTimestamp();
+
+			BlockMintingInfo blockMintingInfo = new BlockMintingInfo();
+			blockMintingInfo.minterPublicKey = blockData.getMinterPublicKey();
+			blockMintingInfo.minterLevel = minterLevel;
+			blockMintingInfo.onlineAccountsCount = blockData.getOnlineAccountsCount();
+			blockMintingInfo.maxDistance = new BigDecimal(block.MAX_DISTANCE);
+			blockMintingInfo.keyDistance = distance;
+			blockMintingInfo.keyDistanceRatio = ratio;
+			blockMintingInfo.timestamp = timestamp;
+			blockMintingInfo.timeDelta = timeDelta;
+
+			return blockMintingInfo;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -347,15 +554,37 @@ public class BlocksResource {
 	@ApiErrors({
 		ApiError.BLOCK_UNKNOWN, ApiError.REPOSITORY_ISSUE
 	})
-	public BlockData getByTimestamp(@PathParam("timestamp") long timestamp) {
+	public BlockData getByTimestamp(@PathParam("timestamp") long timestamp,
+									@QueryParam("includeOnlineSignatures") Boolean includeOnlineSignatures) {
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			int height = repository.getBlockRepository().getHeightFromTimestamp(timestamp);
-			if (height == 0)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			BlockData blockData = null;
 
-			BlockData blockData = repository.getBlockRepository().fromHeight(height);
-			if (blockData == null)
+			// Try the Blocks table
+			int height = repository.getBlockRepository().getHeightFromTimestamp(timestamp);
+			if (height > 1) {
+				// Found match in Blocks table
+				blockData = repository.getBlockRepository().fromHeight(height);
+				if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+					blockData.setOnlineAccountsSignatures(null);
+				}
+				return blockData;
+			}
+
+			// Not found in Blocks table, so try the archive
+			height = repository.getBlockArchiveRepository().getHeightFromTimestamp(timestamp);
+			if (height > 1) {
+				// Found match in archive
+				blockData = repository.getBlockArchiveRepository().fromHeight(height);
+			}
+
+			// Ensure block exists
+			if (blockData == null) {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+			}
+
+			if (includeOnlineSignatures == null || includeOnlineSignatures == false) {
+				blockData.setOnlineAccountsSignatures(null);
+			}
 
 			return blockData;
 		} catch (DataException e) {
@@ -392,9 +621,14 @@ public class BlocksResource {
 
 			for (/* count already set */; count > 0; --count, ++height) {
 				BlockData blockData = repository.getBlockRepository().fromHeight(height);
-				if (blockData == null)
-					// Run out of blocks!
-					break;
+				if (blockData == null) {
+					// Not found - try the archive
+					blockData = repository.getBlockArchiveRepository().fromHeight(height);
+					if (blockData == null) {
+						// Run out of blocks!
+						break;
+					}
+				}
 
 				blocks.add(blockData);
 			}
@@ -439,7 +673,29 @@ public class BlocksResource {
 			if (accountData == null || accountData.getPublicKey() == null)
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.PUBLIC_KEY_NOT_FOUND);
 
-			return repository.getBlockRepository().getBlockSummariesBySigner(accountData.getPublicKey(), limit, offset, reverse);
+
+			List<BlockSummaryData> summaries = repository.getBlockRepository()
+					.getBlockSummariesBySigner(accountData.getPublicKey(), limit, offset, reverse);
+
+			// Add any from the archive
+			List<BlockSummaryData> archivedSummaries = repository.getBlockArchiveRepository()
+					.getBlockSummariesBySigner(accountData.getPublicKey(), limit, offset, reverse);
+			if (archivedSummaries != null && !archivedSummaries.isEmpty()) {
+				summaries.addAll(archivedSummaries);
+			}
+			else {
+				summaries = archivedSummaries;
+			}
+
+			// Sort the results (because they may have been obtained from two places)
+			if (reverse != null && reverse) {
+				summaries.sort((s1, s2) -> Integer.valueOf(s2.getHeight()).compareTo(Integer.valueOf(s1.getHeight())));
+			}
+			else {
+				summaries.sort(Comparator.comparing(s -> Integer.valueOf(s.getHeight())));
+			}
+
+			return summaries;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -475,7 +731,8 @@ public class BlocksResource {
 				if (!Crypto.isValidAddress(address))
 					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
 
-			return repository.getBlockRepository().getBlockSigners(addresses, limit, offset, reverse);
+			// This method pulls data from both Blocks and BlockArchive, so no need to query serparately
+			return repository.getBlockArchiveRepository().getBlockSigners(addresses, limit, offset, reverse);
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -492,7 +749,7 @@ public class BlocksResource {
 				content = @Content(
 					array = @ArraySchema(
 						schema = @Schema(
-							implementation = BlockInfo.class
+							implementation = BlockSummaryData.class
 						)
 					)
 				)
@@ -502,7 +759,7 @@ public class BlocksResource {
 	@ApiErrors({
 		ApiError.REPOSITORY_ISSUE
 	})
-	public List<BlockInfo> getBlockRange(
+	public List<BlockSummaryData> getBlockSummaries(
 			@QueryParam("start") Integer startHeight,
 			@QueryParam("end") Integer endHeight,
 			@Parameter(ref = "count") @QueryParam("count") Integer count) {
@@ -515,7 +772,76 @@ public class BlocksResource {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			return repository.getBlockRepository().getBlockInfos(startHeight, endHeight, count);
+
+			/*
+			 * start	end		count		result
+			 * 10		40		null		blocks 10 to 39 (excludes end block, ignore count)
+			 *
+			 * null		null	null		blocks 1 to 50 (assume count=50, maybe start=1)
+			 * 30		null	null		blocks 30 to 79 (assume count=50)
+			 * 30		null	10			blocks 30 to 39
+			 *
+			 * null		null	50			last 50 blocks? so if max(blocks.height) is 200, then blocks 151 to 200
+			 * null		200		null		blocks 150 to 199 (excludes end block, assume count=50)
+			 * null		200		10			blocks 190 to 199 (excludes end block)
+			 */
+
+			List<BlockSummaryData> blockSummaries = new ArrayList<>();
+
+			// Use the latest X blocks if only a count is specified
+			if (startHeight == null && endHeight == null && count != null) {
+				BlockData chainTip = repository.getBlockRepository().getLastBlock();
+				startHeight = chainTip.getHeight() - count;
+				endHeight = chainTip.getHeight();
+			}
+
+			// ... otherwise default the start height to 1
+			if (startHeight == null && endHeight == null) {
+				startHeight = 1;
+			}
+
+			// Default the count to 50
+			if (count == null) {
+				count = 50;
+			}
+
+			// If both a start and end height exist, ignore the count
+			if (startHeight != null && endHeight != null) {
+				if (startHeight > 0 && endHeight > 0) {
+					count = Integer.MAX_VALUE;
+				}
+			}
+
+			// Derive start height from end height if missing
+			if (startHeight == null || startHeight == 0) {
+				if (endHeight != null && endHeight > 0) {
+					if (count != null) {
+						startHeight = endHeight - count;
+					}
+				}
+			}
+
+			for (/* count already set */; count > 0; --count, ++startHeight) {
+				if (endHeight != null && startHeight >= endHeight) {
+					break;
+				}
+				BlockData blockData = repository.getBlockRepository().fromHeight(startHeight);
+				if (blockData == null) {
+					// Not found - try the archive
+					blockData = repository.getBlockArchiveRepository().fromHeight(startHeight);
+					if (blockData == null) {
+						// Run out of blocks!
+						break;
+					}
+				}
+
+				if (blockData != null) {
+					BlockSummaryData blockSummaryData = new BlockSummaryData(blockData);
+					blockSummaries.add(blockSummaryData);
+				}
+			}
+
+			return blockSummaries;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}

src/main/java/org/qortal/api/resource/BootstrapResource.java

@@ -0,0 +1,95 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.repository.Bootstrap;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.io.IOException;
+
+
+@Path("/bootstrap")
+@Tag(name = "Bootstrap")
+public class BootstrapResource {
+
+	private static final Logger LOGGER = LogManager.getLogger(BootstrapResource.class);
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/create")
+	@Operation(
+		summary = "Create bootstrap",
+		description = "Builds a bootstrap file for distribution",
+		responses = {
+			@ApiResponse(
+				description = "path to file on success, an exception on failure",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public String createBootstrap(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			Bootstrap bootstrap = new Bootstrap(repository);
+			try {
+				bootstrap.checkRepositoryState();
+			} catch (DataException e) {
+				LOGGER.info("Not ready to create bootstrap: {}", e.getMessage());
+				throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.REPOSITORY_ISSUE, e.getMessage());
+			}
+			bootstrap.validateBlockchain();
+			return bootstrap.create();
+
+		} catch (DataException | InterruptedException | IOException e) {
+			LOGGER.info("Unable to create bootstrap", e);
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.REPOSITORY_ISSUE, e.getMessage());
+		}
+	}
+
+	@GET
+	@Path("/validate")
+	@Operation(
+			summary = "Validate blockchain",
+			description = "Useful to check database integrity prior to creating or after installing a bootstrap. " +
+					"This process is intensive and can take over an hour to run.",
+			responses = {
+					@ApiResponse(
+							description = "true if valid, false if invalid",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public boolean validateBootstrap(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			Bootstrap bootstrap = new Bootstrap(repository);
+			return bootstrap.validateCompleteBlockchain();
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE);
+		}
+	}
+}

src/main/java/org/qortal/api/resource/ChatResource.java

@@ -7,16 +7,13 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
@@ -156,7 +153,8 @@ public class ChatResource {
 		}
 	)
 	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
-	public String buildChat(ChatTransactionData transactionData) {
+	@SecurityRequirement(name = "apiKey")
+	public String buildChat(@HeaderParam(Security.API_KEY_HEADER) String apiKey, ChatTransactionData transactionData) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
@@ -203,7 +201,8 @@ public class ChatResource {
 		}
 	)
 	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
-	public String buildChat(String rawBytes58) {
+	@SecurityRequirement(name = "apiKey")
+	public String buildChat(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String rawBytes58) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {

src/main/java/org/qortal/api/resource/CrossChainBitcoinACCTv1Resource.java

@@ -0,0 +1,368 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.Arrays;
+import java.util.Random;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.qortal.account.PublicKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainBuildRequest;
+import org.qortal.api.model.CrossChainDualSecretRequest;
+import org.qortal.api.model.CrossChainTradeRequest;
+import org.qortal.asset.Asset;
+import org.qortal.crosschain.BitcoinACCTv1;
+import org.qortal.crosschain.Bitcoiny;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.transaction.BaseTransactionData;
+import org.qortal.data.transaction.DeployAtTransactionData;
+import org.qortal.data.transaction.MessageTransactionData;
+import org.qortal.data.transaction.TransactionData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.DeployAtTransaction;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction;
+import org.qortal.transaction.Transaction.TransactionType;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.Transformer;
+import org.qortal.transform.transaction.DeployAtTransactionTransformer;
+import org.qortal.transform.transaction.MessageTransactionTransformer;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+@Path("/crosschain/BitcoinACCTv1")
+@Tag(name = "Cross-Chain (BitcoinACCTv1)")
+public class CrossChainBitcoinACCTv1Resource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/build")
+	@Operation(
+		summary = "Build Bitcoin cross-chain trading AT",
+		description = "Returns raw, unsigned DEPLOY_AT transaction",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainBuildRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_DATA, ApiError.INVALID_REFERENCE, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String buildTrade(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainBuildRequest tradeRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] creatorPublicKey = tradeRequest.creatorPublicKey;
+
+		if (creatorPublicKey == null || creatorPublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (tradeRequest.hashOfSecretB == null || tradeRequest.hashOfSecretB.length != Bitcoiny.HASH160_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.tradeTimeout == null)
+			tradeRequest.tradeTimeout = 7 * 24 * 60; // 7 days
+		else
+			if (tradeRequest.tradeTimeout < 10 || tradeRequest.tradeTimeout > 50000)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.qortAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.fundingQortAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		// funding amount must exceed initial + final
+		if (tradeRequest.fundingQortAmount <= tradeRequest.qortAmount)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.bitcoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			PublicKeyAccount creatorAccount = new PublicKeyAccount(repository, creatorPublicKey);
+
+			byte[] creationBytes = BitcoinACCTv1.buildQortalAT(creatorAccount.getAddress(), tradeRequest.bitcoinPublicKeyHash, tradeRequest.hashOfSecretB,
+					tradeRequest.qortAmount, tradeRequest.bitcoinAmount, tradeRequest.tradeTimeout);
+
+			long txTimestamp = NTP.getTime();
+			byte[] lastReference = creatorAccount.getLastReference();
+			if (lastReference == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_REFERENCE);
+
+			long fee = 0;
+			String name = "QORT-BTC cross-chain trade";
+			String description = "Qortal-Bitcoin cross-chain trade";
+			String atType = "ACCT";
+			String tags = "QORT-BTC ACCT";
+
+			BaseTransactionData baseTransactionData = new BaseTransactionData(txTimestamp, Group.NO_GROUP, lastReference, creatorAccount.getPublicKey(), fee, null);
+			TransactionData deployAtTransactionData = new DeployAtTransactionData(baseTransactionData, name, description, atType, tags, creationBytes, tradeRequest.fundingQortAmount, Asset.QORT);
+
+			Transaction deployAtTransaction = new DeployAtTransaction(repository, deployAtTransactionData);
+
+			fee = deployAtTransaction.calcRecommendedFee();
+			deployAtTransactionData.setFee(fee);
+
+			ValidationResult result = deployAtTransaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			byte[] bytes = DeployAtTransactionTransformer.toBytes(deployAtTransactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/trademessage")
+	@Operation(
+		summary = "Builds raw, unsigned 'trade' MESSAGE transaction that sends cross-chain trade recipient address, triggering 'trade' mode",
+		description = "Specify address of cross-chain AT that needs to be messaged, and signature of 'offer' MESSAGE from trade partner.<br>"
+			+ "AT needs to be in 'offer' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to sign output with trade private key otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainTradeRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String buildTradeMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainTradeRequest tradeRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] tradePublicKey = tradeRequest.tradePublicKey;
+
+		if (tradePublicKey == null || tradePublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (tradeRequest.atAddress == null || !Crypto.isValidAtAddress(tradeRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (tradeRequest.messageTransactionSignature == null || !Crypto.isValidAddress(tradeRequest.messageTransactionSignature))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, tradeRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = BitcoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.OFFERING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Does supplied public key match trade public key?
+			if (!Crypto.toAddress(tradePublicKey).equals(crossChainTradeData.qortalCreatorTradeAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+			TransactionData transactionData = repository.getTransactionRepository().fromSignature(tradeRequest.messageTransactionSignature);
+			if (transactionData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_UNKNOWN);
+
+			if (transactionData.getType() != TransactionType.MESSAGE)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			MessageTransactionData messageTransactionData = (MessageTransactionData) transactionData;
+			byte[] messageData = messageTransactionData.getData();
+			BitcoinACCTv1.OfferMessageData offerMessageData = BitcoinACCTv1.extractOfferMessageData(messageData);
+			if (offerMessageData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			// Good to make MESSAGE
+
+			byte[] aliceForeignPublicKeyHash = offerMessageData.partnerBitcoinPKH;
+			byte[] hashOfSecretA = offerMessageData.hashOfSecretA;
+			int lockTimeA = (int) offerMessageData.lockTimeA;
+
+			String aliceNativeAddress = Crypto.toAddress(messageTransactionData.getCreatorPublicKey());
+			int lockTimeB = BitcoinACCTv1.calcLockTimeB(messageTransactionData.getTimestamp(), lockTimeA);
+
+			byte[] outgoingMessageData = BitcoinACCTv1.buildTradeMessage(aliceNativeAddress, aliceForeignPublicKeyHash, hashOfSecretA, lockTimeA, lockTimeB);
+			byte[] messageTransactionBytes = buildAtMessage(repository, tradePublicKey, tradeRequest.atAddress, outgoingMessageData);
+
+			return Base58.encode(messageTransactionBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/redeemmessage")
+	@Operation(
+		summary = "Builds raw, unsigned 'redeem' MESSAGE transaction that sends secrets to AT, releasing funds to partner",
+		description = "Specify address of cross-chain AT that needs to be messaged, both 32-byte secrets and an address for receiving QORT from AT.<br>"
+			+ "AT needs to be in 'trade' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to sign output with account the AT considers the trade 'partner' otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainDualSecretRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String buildRedeemMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainDualSecretRequest secretRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] partnerPublicKey = secretRequest.partnerPublicKey;
+
+		if (partnerPublicKey == null || partnerPublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (secretRequest.atAddress == null || !Crypto.isValidAtAddress(secretRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (secretRequest.secretA == null || secretRequest.secretA.length != BitcoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.secretB == null || secretRequest.secretB.length != BitcoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.receivingAddress == null || !Crypto.isValidAddress(secretRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, secretRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = BitcoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.TRADING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			String partnerAddress = Crypto.toAddress(partnerPublicKey);
+
+			// MESSAGE must come from address that AT considers trade partner
+			if (!crossChainTradeData.qortalPartnerAddress.equals(partnerAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			// Good to make MESSAGE
+
+			byte[] messageData = BitcoinACCTv1.buildRedeemMessage(secretRequest.secretA, secretRequest.secretB, secretRequest.receivingAddress);
+			byte[] messageTransactionBytes = buildAtMessage(repository, partnerPublicKey, secretRequest.atAddress, messageData);
+
+			return Base58.encode(messageTransactionBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// Must be correct AT - check functionality using code hash
+		if (!Arrays.equals(atData.getCodeHash(), BitcoinACCTv1.CODE_BYTES_HASH))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+	private byte[] buildAtMessage(Repository repository, byte[] senderPublicKey, String atAddress, byte[] messageData) throws DataException {
+		long txTimestamp = NTP.getTime();
+
+		// senderPublicKey could be ephemeral trade public key where there is no corresponding account and hence no reference
+		String senderAddress = Crypto.toAddress(senderPublicKey);
+		byte[] lastReference = repository.getAccountRepository().getLastReference(senderAddress);
+		final boolean requiresPoW = lastReference == null;
+
+		if (requiresPoW) {
+			Random random = new Random();
+			lastReference = new byte[Transformer.SIGNATURE_LENGTH];
+			random.nextBytes(lastReference);
+		}
+
+		int version = 4;
+		int nonce = 0;
+		long amount = 0L;
+		Long assetId = null; // no assetId as amount is zero
+		Long fee = 0L;
+
+		BaseTransactionData baseTransactionData = new BaseTransactionData(txTimestamp, Group.NO_GROUP, lastReference, senderPublicKey, fee, null);
+		TransactionData messageTransactionData = new MessageTransactionData(baseTransactionData, version, nonce, atAddress, amount, assetId, messageData, false, false);
+
+		MessageTransaction messageTransaction = new MessageTransaction(repository, messageTransactionData);
+
+		if (requiresPoW) {
+			messageTransaction.computeNonce();
+		} else {
+			fee = messageTransaction.calcRecommendedFee();
+			messageTransactionData.setFee(fee);
+		}
+
+		ValidationResult result = messageTransaction.isValidUnconfirmed();
+		if (result != ValidationResult.OK)
+			throw TransactionsResource.createTransactionInvalidException(request, result);
+
+		try {
+			return MessageTransactionTransformer.toBytes(messageTransactionData);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainBitcoinResource.java

@@ -0,0 +1,177 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.bitcoinj.core.Transaction;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.BitcoinSendRequest;
+import org.qortal.crosschain.Bitcoin;
+import org.qortal.crosschain.ForeignBlockchainException;
+import org.qortal.crosschain.SimpleTransaction;
+
+@Path("/crosschain/btc")
+@Tag(name = "Cross-Chain (Bitcoin)")
+public class CrossChainBitcoinResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/walletbalance")
+	@Operation(
+		summary = "Returns BTC balance for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "balance (satoshis)"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String getBitcoinWalletBalance(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Bitcoin bitcoin = Bitcoin.getInstance();
+
+		if (!bitcoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			Long balance = bitcoin.getWalletBalanceFromTransactions(key58);
+			if (balance == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+			return balance.toString();
+
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/wallettransactions")
+	@Operation(
+		summary = "Returns transactions for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(array = @ArraySchema( schema = @Schema( implementation = SimpleTransaction.class ) ) )
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public List<SimpleTransaction> getBitcoinWalletTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Bitcoin bitcoin = Bitcoin.getInstance();
+
+		if (!bitcoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			return bitcoin.getWalletTransactions(key58);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/send")
+	@Operation(
+		summary = "Sends BTC from hierarchical, deterministic BIP32 wallet to specific address",
+		description = "Currently only supports 'legacy' P2PKH Bitcoin addresses. Supply BIP32 'm' private key in base58, starting with 'xprv' for mainnet, 'tprv' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = BitcoinSendRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "transaction hash"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String sendBitcoin(@HeaderParam(Security.API_KEY_HEADER) String apiKey, BitcoinSendRequest bitcoinSendRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (bitcoinSendRequest.bitcoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (bitcoinSendRequest.feePerByte != null && bitcoinSendRequest.feePerByte <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		Bitcoin bitcoin = Bitcoin.getInstance();
+
+		if (!bitcoin.isValidAddress(bitcoinSendRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!bitcoin.isValidDeterministicKey(bitcoinSendRequest.xprv58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Transaction spendTransaction = bitcoin.buildSpend(bitcoinSendRequest.xprv58,
+				bitcoinSendRequest.receivingAddress,
+				bitcoinSendRequest.bitcoinAmount,
+				bitcoinSendRequest.feePerByte);
+
+		if (spendTransaction == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+		try {
+			bitcoin.broadcastTransaction(spendTransaction);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+
+		return spendTransaction.getTxId().toString();
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainDogecoinACCTv1Resource.java

@@ -0,0 +1,143 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.qortal.account.PrivateKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainSecretRequest;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crosschain.DogecoinACCTv1;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.Transformer;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.util.Arrays;
+
+@Path("/crosschain/DogecoinACCTv1")
+@Tag(name = "Cross-Chain (DogecoinACCTv1)")
+public class CrossChainDogecoinACCTv1Resource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/redeemmessage")
+	@Operation(
+		summary = "Signs and broadcasts a 'redeem' MESSAGE transaction that sends secrets to AT, releasing funds to partner",
+		description = "Specify address of cross-chain AT that needs to be messaged, Alice's trade private key, the 32-byte secret,<br>"
+			+ "and an address for receiving QORT from AT. All of these can be found in Alice's trade bot data.<br>"
+			+ "AT needs to be in 'trade' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to use the private key that the AT considers the trade 'partner' otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainSecretRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public boolean buildRedeemMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainSecretRequest secretRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] partnerPrivateKey = secretRequest.partnerPrivateKey;
+
+		if (partnerPrivateKey == null || partnerPrivateKey.length != Transformer.PRIVATE_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		if (secretRequest.atAddress == null || !Crypto.isValidAtAddress(secretRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (secretRequest.secret == null || secretRequest.secret.length != DogecoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.receivingAddress == null || !Crypto.isValidAddress(secretRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, secretRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = DogecoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.TRADING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			byte[] partnerPublicKey = new PrivateKeyAccount(null, partnerPrivateKey).getPublicKey();
+			String partnerAddress = Crypto.toAddress(partnerPublicKey);
+
+			// MESSAGE must come from address that AT considers trade partner
+			if (!crossChainTradeData.qortalPartnerAddress.equals(partnerAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			// Good to make MESSAGE
+
+			byte[] messageData = DogecoinACCTv1.buildRedeemMessage(secretRequest.secret, secretRequest.receivingAddress);
+
+			PrivateKeyAccount sender = new PrivateKeyAccount(repository, partnerPrivateKey);
+			MessageTransaction messageTransaction = MessageTransaction.build(repository, sender, Group.NO_GROUP, secretRequest.atAddress, messageData, false, false);
+
+			messageTransaction.computeNonce();
+			messageTransaction.sign(sender);
+
+			// reset repository state to prevent deadlock
+			repository.discardChanges();
+			ValidationResult result = messageTransaction.importAsUnconfirmed();
+
+			if (result != ValidationResult.OK)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			return true;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// Must be correct AT - check functionality using code hash
+		if (!Arrays.equals(atData.getCodeHash(), DogecoinACCTv1.CODE_BYTES_HASH))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainDogecoinResource.java

@@ -0,0 +1,175 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.bitcoinj.core.Transaction;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.DogecoinSendRequest;
+import org.qortal.crosschain.ForeignBlockchainException;
+import org.qortal.crosschain.Dogecoin;
+import org.qortal.crosschain.SimpleTransaction;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.util.List;
+
+@Path("/crosschain/doge")
+@Tag(name = "Cross-Chain (Dogecoin)")
+public class CrossChainDogecoinResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/walletbalance")
+	@Operation(
+		summary = "Returns DOGE balance for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "balance (satoshis)"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String getDogecoinWalletBalance(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Dogecoin dogecoin = Dogecoin.getInstance();
+
+		if (!dogecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			Long balance = dogecoin.getWalletBalanceFromTransactions(key58);
+			if (balance == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+			return balance.toString();
+
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/wallettransactions")
+	@Operation(
+		summary = "Returns transactions for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(array = @ArraySchema( schema = @Schema( implementation = SimpleTransaction.class ) ) )
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public List<SimpleTransaction> getDogecoinWalletTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Dogecoin dogecoin = Dogecoin.getInstance();
+
+		if (!dogecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			return dogecoin.getWalletTransactions(key58);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/send")
+	@Operation(
+		summary = "Sends DOGE from hierarchical, deterministic BIP32 wallet to specific address",
+		description = "Currently only supports 'legacy' P2PKH Dogecoin addresses. Supply BIP32 'm' private key in base58, starting with 'xprv' for mainnet, 'tprv' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = DogecoinSendRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "transaction hash"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String sendBitcoin(@HeaderParam(Security.API_KEY_HEADER) String apiKey, DogecoinSendRequest dogecoinSendRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (dogecoinSendRequest.dogecoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (dogecoinSendRequest.feePerByte != null && dogecoinSendRequest.feePerByte <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		Dogecoin dogecoin = Dogecoin.getInstance();
+
+		if (!dogecoin.isValidAddress(dogecoinSendRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!dogecoin.isValidDeterministicKey(dogecoinSendRequest.xprv58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Transaction spendTransaction = dogecoin.buildSpend(dogecoinSendRequest.xprv58,
+				dogecoinSendRequest.receivingAddress,
+				dogecoinSendRequest.dogecoinAmount,
+				dogecoinSendRequest.feePerByte);
+
+		if (spendTransaction == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+		try {
+			dogecoin.broadcastTransaction(spendTransaction);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+
+		return spendTransaction.getTxId().toString();
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainHtlcResource.java

@@ -0,0 +1,657 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.math.BigDecimal;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bitcoinj.core.*;
+import org.bitcoinj.script.Script;
+import org.qortal.api.*;
+import org.qortal.api.model.CrossChainBitcoinyHTLCStatus;
+import org.qortal.crosschain.*;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.crosschain.TradeBotData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+@Path("/crosschain/htlc")
+@Tag(name = "Cross-Chain (Hash time-locked contracts)")
+public class CrossChainHtlcResource {
+
+	private static final Logger LOGGER = LogManager.getLogger(CrossChainHtlcResource.class);
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Path("/address/{blockchain}/{refundPKH}/{locktime}/{redeemPKH}/{hashOfSecret}")
+	@Operation(
+		summary = "Returns HTLC address based on trade info",
+		description = "Public key hashes (PKH) and hash of secret should be 20 bytes (base58 encoded). Locktime is seconds since epoch.",
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_CRITERIA})
+	public String deriveHtlcAddress(@PathParam("blockchain") String blockchainName,
+			@PathParam("refundPKH") String refundPKH,
+			@PathParam("locktime") int lockTime,
+			@PathParam("redeemPKH") String redeemPKH,
+			@PathParam("hashOfSecret") String hashOfSecret) {
+		SupportedBlockchain blockchain = SupportedBlockchain.valueOf(blockchainName);
+		if (blockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		byte[] refunderPubKeyHash;
+		byte[] redeemerPubKeyHash;
+		byte[] decodedHashOfSecret;
+
+		try {
+			refunderPubKeyHash = Base58.decode(refundPKH);
+			redeemerPubKeyHash = Base58.decode(redeemPKH);
+
+			if (refunderPubKeyHash.length != 20 || redeemerPubKeyHash.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		}
+
+		try {
+			decodedHashOfSecret = Base58.decode(hashOfSecret);
+			if (decodedHashOfSecret.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		byte[] redeemScript = BitcoinyHTLC.buildScript(refunderPubKeyHash, lockTime, redeemerPubKeyHash, decodedHashOfSecret);
+
+		Bitcoiny bitcoiny = (Bitcoiny) blockchain.getInstance();
+
+		return bitcoiny.deriveP2shAddress(redeemScript);
+	}
+
+	@GET
+	@Path("/status/{blockchain}/{refundPKH}/{locktime}/{redeemPKH}/{hashOfSecret}")
+	@Operation(
+		summary = "Checks HTLC status",
+		description = "Public key hashes (PKH) and hash of secret should be 20 bytes (base58 encoded). Locktime is seconds since epoch.",
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CrossChainBitcoinyHTLCStatus.class))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	@SecurityRequirement(name = "apiKey")
+	public CrossChainBitcoinyHTLCStatus checkHtlcStatus(@HeaderParam(Security.API_KEY_HEADER) String apiKey,
+			@PathParam("blockchain") String blockchainName,
+			@PathParam("refundPKH") String refundPKH,
+			@PathParam("locktime") int lockTime,
+			@PathParam("redeemPKH") String redeemPKH,
+			@PathParam("hashOfSecret") String hashOfSecret) {
+		Security.checkApiCallAllowed(request);
+
+		SupportedBlockchain blockchain = SupportedBlockchain.valueOf(blockchainName);
+		if (blockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		byte[] refunderPubKeyHash;
+		byte[] redeemerPubKeyHash;
+		byte[] decodedHashOfSecret;
+
+		try {
+			refunderPubKeyHash = Base58.decode(refundPKH);
+			redeemerPubKeyHash = Base58.decode(redeemPKH);
+
+			if (refunderPubKeyHash.length != 20 || redeemerPubKeyHash.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		}
+
+		try {
+			decodedHashOfSecret = Base58.decode(hashOfSecret);
+			if (decodedHashOfSecret.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		byte[] redeemScript = BitcoinyHTLC.buildScript(refunderPubKeyHash, lockTime, redeemerPubKeyHash, decodedHashOfSecret);
+
+		Bitcoiny bitcoiny = (Bitcoiny) blockchain.getInstance();
+
+		String p2shAddress = bitcoiny.deriveP2shAddress(redeemScript);
+
+		long now = NTP.getTime();
+
+		try {
+			int medianBlockTime = bitcoiny.getMedianBlockTime();
+
+			// Check P2SH is funded
+			long p2shBalance = bitcoiny.getConfirmedBalance(p2shAddress.toString());
+
+			CrossChainBitcoinyHTLCStatus htlcStatus = new CrossChainBitcoinyHTLCStatus();
+			htlcStatus.bitcoinP2shAddress = p2shAddress;
+			htlcStatus.bitcoinP2shBalance = BigDecimal.valueOf(p2shBalance, 8);
+
+			List<TransactionOutput> fundingOutputs = bitcoiny.getUnspentOutputs(p2shAddress.toString());
+
+			if (p2shBalance > 0L && !fundingOutputs.isEmpty()) {
+				htlcStatus.canRedeem = now >= medianBlockTime * 1000L;
+				htlcStatus.canRefund = now >= lockTime * 1000L;
+			}
+
+			if (now >= medianBlockTime * 1000L) {
+				// See if we can extract secret
+				htlcStatus.secret = BitcoinyHTLC.findHtlcSecret(bitcoiny, htlcStatus.bitcoinP2shAddress);
+			}
+
+			return htlcStatus;
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/redeem/{ataddress}")
+	@Operation(
+			summary = "Redeems HTLC associated with supplied AT",
+			description = "To be used by a QORT seller (Bob) who needs to redeem LTC/DOGE/etc proceeds that are stuck in a P2SH.<br>" +
+					"This requires Bob's trade bot data to be present in the database for this AT.<br>" +
+					"It will fail if the buyer has yet to redeem the QORT held in the AT.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	@SecurityRequirement(name = "apiKey")
+	public boolean redeemHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("ataddress") String atAddress) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Attempt to find secret from the buyer's message to AT
+			byte[] decodedSecret = acct.findSecretA(repository, crossChainTradeData);
+			if (decodedSecret == null) {
+				LOGGER.info(() -> String.format("Unable to find secret-A from redeem message to AT %s", atAddress));
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+			TradeBotData tradeBotData = allTradeBotData.stream().filter(tradeBotDataItem -> tradeBotDataItem.getAtAddress().equals(atAddress)).findFirst().orElse(null);
+
+			// Search for the tradePrivateKey in the tradebot data
+			byte[] decodedPrivateKey = null;
+			if (tradeBotData != null)
+				decodedPrivateKey = tradeBotData.getTradePrivateKey();
+
+			// Search for the foreign blockchain receiving address in the tradebot data
+			byte[] foreignBlockchainReceivingAccountInfo = null;
+			if (tradeBotData != null)
+				// Use receiving address PKH from tradebot data
+				foreignBlockchainReceivingAccountInfo = tradeBotData.getReceivingAccountInfo();
+
+			return this.doRedeemHtlc(atAddress, decodedPrivateKey, decodedSecret, foreignBlockchainReceivingAccountInfo);
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/redeemAll")
+	@Operation(
+			summary = "Redeems HTLC for all applicable ATs in tradebot data",
+			description = "To be used by a QORT seller (Bob) who needs to redeem LTC/DOGE/etc proceeds that are stuck in P2SH transactions.<br>" +
+					"This requires Bob's trade bot data to be present in the database for any ATs that need redeeming.<br>" +
+					"Returns true if at least one trade is redeemed. More detail is available in the log.txt.* file.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	@SecurityRequirement(name = "apiKey")
+	public boolean redeemAllHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+		boolean success = false;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+
+			for (TradeBotData tradeBotData : allTradeBotData) {
+				String atAddress = tradeBotData.getAtAddress();
+				if (atAddress == null) {
+					LOGGER.info("Missing AT address in tradebot data", atAddress);
+					continue;
+				}
+
+				String tradeState = tradeBotData.getState();
+				if (tradeState == null) {
+					LOGGER.info("Missing trade state for AT {}", atAddress);
+					continue;
+				}
+
+				if (tradeState.startsWith("ALICE")) {
+					LOGGER.info("AT {} isn't redeemable because it is a buy order", atAddress);
+					continue;
+				}
+
+				ATData atData = repository.getATRepository().fromATAddress(atAddress);
+				if (atData == null) {
+					LOGGER.info("Couldn't find AT with address {}", atAddress);
+					continue;
+				}
+
+				ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+				if (acct == null) {
+					continue;
+				}
+
+				CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+				if (crossChainTradeData == null) {
+					LOGGER.info("Couldn't find crosschain trade data for AT {}", atAddress);
+					continue;
+				}
+
+				// Attempt to find secret from the buyer's message to AT
+				byte[] decodedSecret = acct.findSecretA(repository, crossChainTradeData);
+				if (decodedSecret == null) {
+					LOGGER.info("Unable to find secret-A from redeem message to AT {}", atAddress);
+					continue;
+				}
+
+				// Search for the tradePrivateKey in the tradebot data
+				byte[] decodedPrivateKey = tradeBotData.getTradePrivateKey();
+
+				// Search for the foreign blockchain receiving address PKH in the tradebot data
+				byte[] foreignBlockchainReceivingAccountInfo = tradeBotData.getReceivingAccountInfo();
+
+				try {
+					LOGGER.info("Attempting to redeem P2SH balance associated with AT {}...", atAddress);
+					boolean redeemed = this.doRedeemHtlc(atAddress, decodedPrivateKey, decodedSecret, foreignBlockchainReceivingAccountInfo);
+					if (redeemed) {
+						LOGGER.info("Redeemed P2SH balance associated with AT {}", atAddress);
+						success = true;
+					}
+					else {
+						LOGGER.info("Couldn't redeem P2SH balance associated with AT {}. Already redeemed?", atAddress);
+					}
+				} catch (ApiException e) {
+					LOGGER.info("Couldn't redeem P2SH balance associated with AT {}. Missing data?", atAddress);
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+
+		return success;
+	}
+
+	private boolean doRedeemHtlc(String atAddress, byte[] decodedTradePrivateKey, byte[] decodedSecret,
+								 byte[] foreignBlockchainReceivingAccountInfo) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Validate trade private key
+			if (decodedTradePrivateKey == null || decodedTradePrivateKey.length != 32)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Validate secret
+			if (decodedSecret == null || decodedSecret.length != 32)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Validate receiving address
+			if (foreignBlockchainReceivingAccountInfo == null || foreignBlockchainReceivingAccountInfo.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Make sure the receiving address isn't a QORT address, given that we can share the same field for both QORT and foreign blockchains
+			if (Crypto.isValidAddress(foreignBlockchainReceivingAccountInfo))
+				if (Base58.encode(foreignBlockchainReceivingAccountInfo).startsWith("Q"))
+					// This is likely a QORT address, not a foreign blockchain
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+
+			// Use secret-A to redeem P2SH-A
+
+			Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+			if (bitcoiny.getClass() == Bitcoin.class) {
+				LOGGER.info("Redeeming a Bitcoin HTLC is not yet supported");
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			int lockTime = crossChainTradeData.lockTimeA;
+			byte[] redeemScriptA = BitcoinyHTLC.buildScript(crossChainTradeData.partnerForeignPKH, lockTime, crossChainTradeData.creatorForeignPKH, crossChainTradeData.hashOfSecretA);
+			String p2shAddressA = bitcoiny.deriveP2shAddress(redeemScriptA);
+			LOGGER.info(String.format("Redeeming P2SH address: %s", p2shAddressA));
+
+			// Fee for redeem/refund is subtracted from P2SH-A balance.
+			long feeTimestamp = calcFeeTimestamp(lockTime, crossChainTradeData.tradeTimeout);
+			long p2shFee = bitcoiny.getP2shFee(feeTimestamp);
+			long minimumAmountA = crossChainTradeData.expectedForeignAmount + p2shFee;
+			BitcoinyHTLC.Status htlcStatusA = BitcoinyHTLC.determineHtlcStatus(bitcoiny.getBlockchainProvider(), p2shAddressA, minimumAmountA);
+
+			switch (htlcStatusA) {
+				case UNFUNDED:
+				case FUNDING_IN_PROGRESS:
+					// P2SH-A suddenly not funded? Our best bet at this point is to hope for AT auto-refund
+					return false;
+
+				case REDEEM_IN_PROGRESS:
+				case REDEEMED:
+					// Double-check that we have redeemed P2SH-A...
+					return false;
+
+				case REFUND_IN_PROGRESS:
+				case REFUNDED:
+					// Wait for AT to auto-refund
+					return false;
+
+				case FUNDED: {
+					Coin redeemAmount = Coin.valueOf(crossChainTradeData.expectedForeignAmount);
+					ECKey redeemKey = ECKey.fromPrivate(decodedTradePrivateKey);
+					List<TransactionOutput> fundingOutputs = bitcoiny.getUnspentOutputs(p2shAddressA);
+
+					Transaction p2shRedeemTransaction = BitcoinyHTLC.buildRedeemTransaction(bitcoiny.getNetworkParameters(), redeemAmount, redeemKey,
+							fundingOutputs, redeemScriptA, decodedSecret, foreignBlockchainReceivingAccountInfo);
+
+					bitcoiny.broadcastTransaction(p2shRedeemTransaction);
+					LOGGER.info(String.format("P2SH address %s redeemed!", p2shAddressA));
+					return true;
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, e);
+		}
+
+		return false;
+	}
+
+	@POST
+	@Path("/refund/{ataddress}")
+	@Operation(
+			summary = "Refunds HTLC associated with supplied AT",
+			description = "To be used by a QORT buyer (Alice) who needs to refund their LTC/DOGE/etc that is stuck in a P2SH.<br>" +
+					"This requires Alice's trade bot data to be present in the database for this AT.<br>" +
+					"It will fail if it's already redeemed by the seller, or if the lockTime (60 minutes) hasn't passed yet.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	@SecurityRequirement(name = "apiKey")
+	public boolean refundHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("ataddress") String atAddress) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+			TradeBotData tradeBotData = allTradeBotData.stream().filter(tradeBotDataItem -> tradeBotDataItem.getAtAddress().equals(atAddress)).findFirst().orElse(null);
+			if (tradeBotData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			if (tradeBotData.getForeignKey() == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Determine foreign blockchain receive address for refund
+			Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+			String receiveAddress = bitcoiny.getUnusedReceiveAddress(tradeBotData.getForeignKey());
+
+			return this.doRefundHtlc(atAddress, receiveAddress);
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, e);
+		}
+	}
+
+
+	@POST
+	@Path("/refundAll")
+	@Operation(
+			summary = "Refunds HTLC for all applicable ATs in tradebot data",
+			description = "To be used by a QORT buyer (Alice) who needs to refund their LTC/DOGE/etc proceeds that are stuck in P2SH transactions.<br>" +
+					"This requires Alice's trade bot data to be present in the database for this AT.<br>" +
+					"It will fail if it's already redeemed by the seller, or if the lockTime (60 minutes) hasn't passed yet.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	@SecurityRequirement(name = "apiKey")
+	public boolean refundAllHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
+		Security.checkApiCallAllowed(request);
+		boolean success = false;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+
+			for (TradeBotData tradeBotData : allTradeBotData) {
+				String atAddress = tradeBotData.getAtAddress();
+				if (atAddress == null) {
+					LOGGER.info("Missing AT address in tradebot data", atAddress);
+					continue;
+				}
+
+				String tradeState = tradeBotData.getState();
+				if (tradeState == null) {
+					LOGGER.info("Missing trade state for AT {}", atAddress);
+					continue;
+				}
+
+				if (tradeState.startsWith("BOB")) {
+					LOGGER.info("AT {} isn't refundable because it is a sell order", atAddress);
+					continue;
+				}
+
+				ATData atData = repository.getATRepository().fromATAddress(atAddress);
+				if (atData == null) {
+					LOGGER.info("Couldn't find AT with address {}", atAddress);
+					continue;
+				}
+
+				ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+				if (acct == null) {
+					continue;
+				}
+
+				CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+				if (crossChainTradeData == null) {
+					LOGGER.info("Couldn't find crosschain trade data for AT {}", atAddress);
+					continue;
+				}
+
+				if (tradeBotData.getForeignKey() == null) {
+					LOGGER.info("Couldn't find foreign key for AT {}", atAddress);
+					continue;
+				}
+
+				try {
+					// Determine foreign blockchain receive address for refund
+					Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+					String receivingAddress = bitcoiny.getUnusedReceiveAddress(tradeBotData.getForeignKey());
+
+					LOGGER.info("Attempting to refund P2SH balance associated with AT {}...", atAddress);
+					boolean refunded = this.doRefundHtlc(atAddress, receivingAddress);
+					if (refunded) {
+						LOGGER.info("Refunded P2SH balance associated with AT {}", atAddress);
+						success = true;
+					}
+					else {
+						LOGGER.info("Couldn't refund P2SH balance associated with AT {}. Already redeemed?", atAddress);
+					}
+				} catch (ApiException | ForeignBlockchainException e) {
+					LOGGER.info("Couldn't refund P2SH balance associated with AT {}. Missing data?", atAddress);
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+
+		return success;
+	}
+
+
+	private boolean doRefundHtlc(String atAddress, String receiveAddress) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// If the AT is "finished" then it will have a zero balance
+			// In these cases we should avoid HTLC refunds if tbe QORT haven't been returned to the seller
+			if (atData.getIsFinished() && crossChainTradeData.mode != AcctMode.REFUNDED && crossChainTradeData.mode != AcctMode.CANCELLED) {
+				LOGGER.info(String.format("Skipping AT %s because the QORT has already been redemed", atAddress));
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+			TradeBotData tradeBotData = allTradeBotData.stream().filter(tradeBotDataItem -> tradeBotDataItem.getAtAddress().equals(atAddress)).findFirst().orElse(null);
+			if (tradeBotData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+			if (bitcoiny.getClass() == Bitcoin.class) {
+				LOGGER.info("Refunding a Bitcoin HTLC is not yet supported");
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			int lockTime = tradeBotData.getLockTimeA();
+
+			// We can't refund P2SH-A until lockTime-A has passed
+			if (NTP.getTime() <= lockTime * 1000L)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_TOO_SOON);
+
+			// We can't refund P2SH-A until median block time has passed lockTime-A (see BIP113)
+			int medianBlockTime = bitcoiny.getMedianBlockTime();
+			if (medianBlockTime <= lockTime)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_TOO_SOON);
+
+			byte[] redeemScriptA = BitcoinyHTLC.buildScript(tradeBotData.getTradeForeignPublicKeyHash(), lockTime, crossChainTradeData.creatorForeignPKH, tradeBotData.getHashOfSecret());
+			String p2shAddressA = bitcoiny.deriveP2shAddress(redeemScriptA);
+			LOGGER.info(String.format("Refunding P2SH address: %s", p2shAddressA));
+
+			// Fee for redeem/refund is subtracted from P2SH-A balance.
+			long feeTimestamp = calcFeeTimestamp(lockTime, crossChainTradeData.tradeTimeout);
+			long p2shFee = bitcoiny.getP2shFee(feeTimestamp);
+			long minimumAmountA = crossChainTradeData.expectedForeignAmount + p2shFee;
+			BitcoinyHTLC.Status htlcStatusA = BitcoinyHTLC.determineHtlcStatus(bitcoiny.getBlockchainProvider(), p2shAddressA, minimumAmountA);
+
+			switch (htlcStatusA) {
+				case UNFUNDED:
+				case FUNDING_IN_PROGRESS:
+					// Still waiting for P2SH-A to be funded...
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_TOO_SOON);
+
+				case REDEEM_IN_PROGRESS:
+				case REDEEMED:
+				case REFUND_IN_PROGRESS:
+				case REFUNDED:
+					// Too late!
+					return false;
+
+				case FUNDED:{
+					Coin refundAmount = Coin.valueOf(crossChainTradeData.expectedForeignAmount);
+					ECKey refundKey = ECKey.fromPrivate(tradeBotData.getTradePrivateKey());
+					List<TransactionOutput> fundingOutputs = bitcoiny.getUnspentOutputs(p2shAddressA);
+
+					// Validate the destination foreign blockchain address
+					Address receiving = Address.fromString(bitcoiny.getNetworkParameters(), receiveAddress);
+					if (receiving.getOutputScriptType() != Script.ScriptType.P2PKH)
+						throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+					Transaction p2shRefundTransaction = BitcoinyHTLC.buildRefundTransaction(bitcoiny.getNetworkParameters(), refundAmount, refundKey,
+							fundingOutputs, redeemScriptA, lockTime, receiving.getHash());
+
+					bitcoiny.broadcastTransaction(p2shRefundTransaction);
+					return true;
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, e);
+		}
+
+		return false;
+	}
+
+	private long calcFeeTimestamp(int lockTimeA, int tradeTimeout) {
+		return (lockTimeA - tradeTimeout * 60) * 1000L;
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainLitecoinACCTv1Resource.java

@@ -0,0 +1,148 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.qortal.account.PrivateKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainSecretRequest;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crosschain.LitecoinACCTv1;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.Transformer;
+import org.qortal.transform.transaction.MessageTransactionTransformer;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.util.Arrays;
+import java.util.Random;
+
+@Path("/crosschain/LitecoinACCTv1")
+@Tag(name = "Cross-Chain (LitecoinACCTv1)")
+public class CrossChainLitecoinACCTv1Resource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/redeemmessage")
+	@Operation(
+		summary = "Signs and broadcasts a 'redeem' MESSAGE transaction that sends secrets to AT, releasing funds to partner",
+		description = "Specify address of cross-chain AT that needs to be messaged, Alice's trade private key, the 32-byte secret,<br>"
+			+ "and an address for receiving QORT from AT. All of these can be found in Alice's trade bot data.<br>"
+			+ "AT needs to be in 'trade' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to use the private key that the AT considers the trade 'partner' otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainSecretRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public boolean buildRedeemMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainSecretRequest secretRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] partnerPrivateKey = secretRequest.partnerPrivateKey;
+
+		if (partnerPrivateKey == null || partnerPrivateKey.length != Transformer.PRIVATE_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		if (secretRequest.atAddress == null || !Crypto.isValidAtAddress(secretRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (secretRequest.secret == null || secretRequest.secret.length != LitecoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.receivingAddress == null || !Crypto.isValidAddress(secretRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, secretRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = LitecoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.TRADING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			byte[] partnerPublicKey = new PrivateKeyAccount(null, partnerPrivateKey).getPublicKey();
+			String partnerAddress = Crypto.toAddress(partnerPublicKey);
+
+			// MESSAGE must come from address that AT considers trade partner
+			if (!crossChainTradeData.qortalPartnerAddress.equals(partnerAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			// Good to make MESSAGE
+
+			byte[] messageData = LitecoinACCTv1.buildRedeemMessage(secretRequest.secret, secretRequest.receivingAddress);
+
+			PrivateKeyAccount sender = new PrivateKeyAccount(repository, partnerPrivateKey);
+			MessageTransaction messageTransaction = MessageTransaction.build(repository, sender, Group.NO_GROUP, secretRequest.atAddress, messageData, false, false);
+
+			messageTransaction.computeNonce();
+			messageTransaction.sign(sender);
+
+			// reset repository state to prevent deadlock
+			repository.discardChanges();
+			ValidationResult result = messageTransaction.importAsUnconfirmed();
+
+			if (result != ValidationResult.OK)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			return true;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// Must be correct AT - check functionality using code hash
+		if (!Arrays.equals(atData.getCodeHash(), LitecoinACCTv1.CODE_BYTES_HASH))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainLitecoinResource.java

@@ -0,0 +1,177 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.bitcoinj.core.Transaction;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.LitecoinSendRequest;
+import org.qortal.crosschain.ForeignBlockchainException;
+import org.qortal.crosschain.Litecoin;
+import org.qortal.crosschain.SimpleTransaction;
+
+@Path("/crosschain/ltc")
+@Tag(name = "Cross-Chain (Litecoin)")
+public class CrossChainLitecoinResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/walletbalance")
+	@Operation(
+		summary = "Returns LTC balance for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "balance (satoshis)"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String getLitecoinWalletBalance(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Litecoin litecoin = Litecoin.getInstance();
+
+		if (!litecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			Long balance = litecoin.getWalletBalanceFromTransactions(key58);
+			if (balance == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+			return balance.toString();
+
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/wallettransactions")
+	@Operation(
+		summary = "Returns transactions for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(array = @ArraySchema( schema = @Schema( implementation = SimpleTransaction.class ) ) )
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public List<SimpleTransaction> getLitecoinWalletTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Litecoin litecoin = Litecoin.getInstance();
+
+		if (!litecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			return litecoin.getWalletTransactions(key58);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/send")
+	@Operation(
+		summary = "Sends LTC from hierarchical, deterministic BIP32 wallet to specific address",
+		description = "Currently only supports 'legacy' P2PKH Litecoin addresses. Supply BIP32 'm' private key in base58, starting with 'xprv' for mainnet, 'tprv' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = LitecoinSendRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "transaction hash"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String sendBitcoin(@HeaderParam(Security.API_KEY_HEADER) String apiKey, LitecoinSendRequest litecoinSendRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (litecoinSendRequest.litecoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (litecoinSendRequest.feePerByte != null && litecoinSendRequest.feePerByte <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		Litecoin litecoin = Litecoin.getInstance();
+
+		if (!litecoin.isValidAddress(litecoinSendRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!litecoin.isValidDeterministicKey(litecoinSendRequest.xprv58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Transaction spendTransaction = litecoin.buildSpend(litecoinSendRequest.xprv58,
+				litecoinSendRequest.receivingAddress,
+				litecoinSendRequest.litecoinAmount,
+				litecoinSendRequest.feePerByte);
+
+		if (spendTransaction == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+		try {
+			litecoin.broadcastTransaction(spendTransaction);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+
+		return spendTransaction.getTxId().toString();
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainTradeBotResource.java

@@ -0,0 +1,298 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.qortal.account.Account;
+import org.qortal.account.PublicKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.TradeBotCreateRequest;
+import org.qortal.api.model.crosschain.TradeBotRespondRequest;
+import org.qortal.asset.Asset;
+import org.qortal.controller.Controller;
+import org.qortal.controller.tradebot.AcctTradeBot;
+import org.qortal.controller.tradebot.TradeBot;
+import org.qortal.crosschain.ForeignBlockchain;
+import org.qortal.crosschain.SupportedBlockchain;
+import org.qortal.crosschain.ACCT;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.crosschain.TradeBotData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.Base58;
+
+@Path("/crosschain/tradebot")
+@Tag(name = "Cross-Chain (Trade-Bot)")
+public class CrossChainTradeBotResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Operation(
+		summary = "List current trade-bot states",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = TradeBotData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public List<TradeBotData> getTradeBotStates(
+			@HeaderParam(Security.API_KEY_HEADER) String apiKey,
+			@Parameter(
+					description = "Limit to specific blockchain",
+					example = "LITECOIN",
+					schema = @Schema(implementation = SupportedBlockchain.class)
+				) @QueryParam("foreignBlockchain") SupportedBlockchain foreignBlockchain) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+
+			if (foreignBlockchain == null)
+				return allTradeBotData;
+
+			return allTradeBotData.stream().filter(tradeBotData -> tradeBotData.getForeignBlockchain().equals(foreignBlockchain.name())).collect(Collectors.toList());
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/create")
+	@Operation(
+		summary = "Create a trade offer (trade-bot entry)",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = TradeBotCreateRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.INSUFFICIENT_BALANCE, ApiError.REPOSITORY_ISSUE, ApiError.ORDER_SIZE_TOO_SMALL})
+	@SuppressWarnings("deprecation")
+	@SecurityRequirement(name = "apiKey")
+	public String tradeBotCreator(@HeaderParam(Security.API_KEY_HEADER) String apiKey, TradeBotCreateRequest tradeBotCreateRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (tradeBotCreateRequest.foreignBlockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		ForeignBlockchain foreignBlockchain = tradeBotCreateRequest.foreignBlockchain.getInstance();
+
+		// We prefer foreignAmount to deprecated bitcoinAmount
+		if (tradeBotCreateRequest.foreignAmount == null)
+			tradeBotCreateRequest.foreignAmount = tradeBotCreateRequest.bitcoinAmount;
+
+		if (!foreignBlockchain.isValidAddress(tradeBotCreateRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (tradeBotCreateRequest.tradeTimeout < 60)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (tradeBotCreateRequest.foreignAmount == null || tradeBotCreateRequest.foreignAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ORDER_SIZE_TOO_SMALL);
+
+		if (tradeBotCreateRequest.foreignAmount < foreignBlockchain.getMinimumOrderAmount())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ORDER_SIZE_TOO_SMALL);
+
+		if (tradeBotCreateRequest.qortAmount <= 0 || tradeBotCreateRequest.fundingQortAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ORDER_SIZE_TOO_SMALL);
+
+		if (!Controller.getInstance().isUpToDate())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCKCHAIN_NEEDS_SYNC);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Do some simple checking first
+			Account creator = new PublicKeyAccount(repository, tradeBotCreateRequest.creatorPublicKey);
+
+			if (creator.getConfirmedBalance(Asset.QORT) < tradeBotCreateRequest.fundingQortAmount)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INSUFFICIENT_BALANCE);
+
+			byte[] unsignedBytes = TradeBot.getInstance().createTrade(repository, tradeBotCreateRequest);
+			if (unsignedBytes == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			return Base58.encode(unsignedBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/respond")
+	@Operation(
+		summary = "Respond to a trade offer. NOTE: WILL SPEND FUNDS!)",
+		description = "Start a new trade-bot entry to respond to chosen trade offer.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = TradeBotRespondRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE, ApiError.REPOSITORY_ISSUE})
+	@SuppressWarnings("deprecation")
+	@SecurityRequirement(name = "apiKey")
+	public String tradeBotResponder(@HeaderParam(Security.API_KEY_HEADER) String apiKey, TradeBotRespondRequest tradeBotRespondRequest) {
+		Security.checkApiCallAllowed(request);
+
+		final String atAddress = tradeBotRespondRequest.atAddress;
+
+		// We prefer foreignKey to deprecated xprv58
+		if (tradeBotRespondRequest.foreignKey == null)
+			tradeBotRespondRequest.foreignKey = tradeBotRespondRequest.xprv58;
+
+		if (tradeBotRespondRequest.foreignKey == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		if (atAddress == null || !Crypto.isValidAtAddress(atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (tradeBotRespondRequest.receivingAddress == null || !Crypto.isValidAddress(tradeBotRespondRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!Controller.getInstance().isUpToDate())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCKCHAIN_NEEDS_SYNC);
+
+		// Extract data from cross-chain trading AT
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, atAddress);
+
+			// TradeBot uses AT's code hash to map to ACCT
+			ACCT acct = TradeBot.getInstance().getAcctUsingAtData(atData);
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			if (!acct.getBlockchain().isValidWalletKey(tradeBotRespondRequest.foreignKey))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			if (crossChainTradeData.mode != AcctMode.OFFERING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			AcctTradeBot.ResponseResult result = TradeBot.getInstance().startResponse(repository, atData, acct, crossChainTradeData,
+					tradeBotRespondRequest.foreignKey, tradeBotRespondRequest.receivingAddress);
+
+			switch (result) {
+				case OK:
+					return "true";
+
+				case BALANCE_ISSUE:
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+				case NETWORK_ISSUE:
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+				default:
+					return "false";
+			}
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@DELETE
+	@Operation(
+		summary = "Delete completed trade",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					example = "93MB2qRDNVLxbmmPuYpLdAqn3u2x9ZhaVZK5wELHueP8"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String tradeBotDelete(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String tradePrivateKey58) {
+		Security.checkApiCallAllowed(request);
+
+		final byte[] tradePrivateKey;
+		try {
+			tradePrivateKey = Base58.decode(tradePrivateKey58);
+
+			if (tradePrivateKey.length != 32)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+		} catch (NumberFormatException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Handed off to TradeBot
+			return TradeBot.getInstance().deleteEntry(repository, tradePrivateKey) ? "true" : "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+}

src/main/java/org/qortal/api/resource/ListsResource.java

@@ -0,0 +1,176 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import org.qortal.api.*;
+import org.qortal.api.model.ListRequest;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.account.AccountData;
+import org.qortal.list.ResourceListManager;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+
+@Path("/lists")
+@Tag(name = "Lists")
+public class ListsResource {
+
+	@Context
+	HttpServletRequest request;
+
+
+	@POST
+	@Path("/{listName}")
+	@Operation(
+			summary = "Add items to a new or existing list",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.APPLICATION_JSON,
+							schema = @Schema(
+									implementation = ListRequest.class
+							)
+					)
+			),
+			responses = {
+					@ApiResponse(
+							description = "Returns true if all items were processed, false if any couldn't be " +
+									"processed, or an exception on failure. If false or an exception is returned, " +
+									"the list will not be updated, and the request will need to be re-issued.",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String addItemstoList(@HeaderParam(Security.API_KEY_HEADER) String apiKey,
+								 @PathParam("listName") String listName,
+								 ListRequest listRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (listName == null) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		if (listRequest == null || listRequest.items == null) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		int successCount = 0;
+		int errorCount = 0;
+
+		for (String item : listRequest.items) {
+
+			boolean success = ResourceListManager.getInstance().addToList(listName, item, false);
+			if (success) {
+				successCount++;
+			}
+			else {
+				errorCount++;
+			}
+		}
+
+		if (successCount > 0 && errorCount == 0) {
+			// All were successful, so save the list
+			ResourceListManager.getInstance().saveList(listName);
+			return "true";
+		}
+		else {
+			// Something went wrong, so revert
+			ResourceListManager.getInstance().revertList(listName);
+			return "false";
+		}
+	}
+
+	@DELETE
+	@Path("/{listName}")
+	@Operation(
+			summary = "Remove one or more items from a list",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.APPLICATION_JSON,
+							schema = @Schema(
+									implementation = ListRequest.class
+							)
+					)
+			),
+			responses = {
+					@ApiResponse(
+							description = "Returns true if all items were processed, false if any couldn't be " +
+									"processed, or an exception on failure. If false or an exception is returned, " +
+									"the list will not be updated, and the request will need to be re-issued.",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String removeItemsFromList(@HeaderParam(Security.API_KEY_HEADER) String apiKey,
+									  @PathParam("listName") String listName,
+									  ListRequest listRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (listRequest == null || listRequest.items == null) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		int successCount = 0;
+		int errorCount = 0;
+
+		for (String address : listRequest.items) {
+
+			// Attempt to remove the item
+			// Don't save as we will do this at the end of the process
+			boolean success = ResourceListManager.getInstance().removeFromList(listName, address, false);
+			if (success) {
+				successCount++;
+			}
+			else {
+				errorCount++;
+			}
+		}
+
+		if (successCount > 0 && errorCount == 0) {
+			// All were successful, so save the list
+			ResourceListManager.getInstance().saveList(listName);
+			return "true";
+		}
+		else {
+			// Something went wrong, so revert
+			ResourceListManager.getInstance().revertList(listName);
+			return "false";
+		}
+	}
+
+	@GET
+	@Path("/{listName}")
+	@Operation(
+			summary = "Fetch all items in a list",
+			responses = {
+					@ApiResponse(
+							description = "A JSON array of items",
+							content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = String.class)))
+					)
+			}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public String getItemsInList(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("listName") String listName) {
+		Security.checkApiCallAllowed(request);
+		return ResourceListManager.getInstance().getJSONStringForList(listName);
+	}
+
+}

src/main/java/org/qortal/api/resource/PeersResource.java

@@ -6,30 +6,34 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
+import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
-import org.qortal.api.ApiError;
-import org.qortal.api.ApiErrors;
-import org.qortal.api.ApiException;
-import org.qortal.api.ApiExceptionFactory;
-import org.qortal.api.Security;
+import org.qortal.api.*;
 import org.qortal.api.model.ConnectedPeer;
+import org.qortal.api.model.PeersSummary;
+import org.qortal.controller.Controller;
+import org.qortal.controller.Synchronizer;
+import org.qortal.controller.Synchronizer.SynchronizationResult;
+import org.qortal.data.block.BlockSummaryData;
 import org.qortal.data.network.PeerData;
 import org.qortal.network.Network;
+import org.qortal.network.Peer;
 import org.qortal.network.PeerAddress;
 import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
 import org.qortal.utils.ExecuteProduceConsume;
 import org.qortal.utils.NTP;
 
@@ -122,7 +126,8 @@ public class PeersResource {
 			)
 		}
 	)
-	public ExecuteProduceConsume.StatsSnapshot getEngineStats() {
+	@SecurityRequirement(name = "apiKey")
+	public ExecuteProduceConsume.StatsSnapshot getEngineStats(@HeaderParam(Security.API_KEY_HEADER) String apiKey) {
 		Security.checkApiCallAllowed(request);
 
 		return Network.getInstance().getStatsSnapshot();
@@ -159,7 +164,8 @@ public class PeersResource {
 	@ApiErrors({
 		ApiError.INVALID_NETWORK_ADDRESS, ApiError.REPOSITORY_ISSUE
 	})
-	public String addPeer(String address) {
+	@SecurityRequirement(name = "apiKey")
+	public String addPeer(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String address) {
 		Security.checkApiCallAllowed(request);
 
 		final Long addedWhen = NTP.getTime();
@@ -213,7 +219,8 @@ public class PeersResource {
 	@ApiErrors({
 		ApiError.INVALID_NETWORK_ADDRESS, ApiError.REPOSITORY_ISSUE
 	})
-	public String removePeer(String address) {
+	@SecurityRequirement(name = "apiKey")
+	public String removePeer(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String address) {
 		Security.checkApiCallAllowed(request);
 
 		try {
@@ -248,7 +255,8 @@ public class PeersResource {
 	@ApiErrors({
 		ApiError.REPOSITORY_ISSUE
 	})
-	public String removeKnownPeers(String address) {
+	@SecurityRequirement(name = "apiKey")
+	public String removeKnownPeers(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String address) {
 		Security.checkApiCallAllowed(request);
 
 		try {
@@ -260,4 +268,100 @@ public class PeersResource {
 		}
 	}
 
+	@POST
+	@Path("/commonblock")
+	@Operation(
+		summary = "Report common block with given peer.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string", example = "node2.qortal.org"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "the block",
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = BlockSummaryData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public List<BlockSummaryData> commonBlock(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String targetPeerAddress) {
+		Security.checkApiCallAllowed(request);
+
+		try {
+			// Try to resolve passed address to make things easier
+			PeerAddress peerAddress = PeerAddress.fromString(targetPeerAddress);
+			InetSocketAddress resolvedAddress = peerAddress.toSocketAddress();
+
+			List<Peer> peers = Network.getInstance().getHandshakedPeers();
+			Peer targetPeer = peers.stream().filter(peer -> peer.getResolvedAddress().equals(resolvedAddress)).findFirst().orElse(null);
+
+			if (targetPeer == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			try (final Repository repository = RepositoryManager.getRepository()) {
+				int ourInitialHeight = Controller.getInstance().getChainHeight();
+				boolean force = true;
+				List<BlockSummaryData> peerBlockSummaries = new ArrayList<>();
+
+				SynchronizationResult findCommonBlockResult = Synchronizer.getInstance().fetchSummariesFromCommonBlock(repository, targetPeer, ourInitialHeight, force, peerBlockSummaries, true);
+				if (findCommonBlockResult != SynchronizationResult.OK)
+					return null;
+
+				return peerBlockSummaries;
+			}
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+		} catch (UnknownHostException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (InterruptedException e) {
+			return null;
+		}
+	}
+
+	@GET
+	@Path("/summary")
+	@Operation(
+			summary = "Returns total inbound and outbound connections for connected peers",
+			responses = {
+					@ApiResponse(
+							content = @Content(
+									mediaType = MediaType.APPLICATION_JSON,
+									array = @ArraySchema(
+											schema = @Schema(
+													implementation = PeersSummary.class
+											)
+									)
+							)
+					)
+			}
+	)
+	public PeersSummary peersSummary() {
+		PeersSummary peersSummary = new PeersSummary();
+
+		List<Peer> connectedPeers = Network.getInstance().getConnectedPeers().stream().collect(Collectors.toList());
+		for (Peer peer : connectedPeers) {
+			if (!peer.isOutbound()) {
+				peersSummary.inboundConnections++;
+			}
+			else {
+				peersSummary.outboundConnections++;
+			}
+		}
+		return peersSummary;
+	}
+
 }

src/main/java/org/qortal/api/resource/RenderResource.java

@@ -0,0 +1,200 @@
+package org.qortal.api.resource;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.io.*;
+import java.nio.file.Paths;
+import java.util.Map;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.arbitrary.*;
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.controller.arbitrary.ArbitraryDataRenderManager;
+import org.qortal.data.transaction.ArbitraryTransactionData.*;
+import org.qortal.repository.DataException;
+import org.qortal.settings.Settings;
+import org.qortal.arbitrary.ArbitraryDataFile.*;
+import org.qortal.utils.Base58;
+
+
+@Path("/render")
+@Tag(name = "Render")
+public class RenderResource {
+
+    private static final Logger LOGGER = LogManager.getLogger(RenderResource.class);
+
+    @Context HttpServletRequest request;
+    @Context HttpServletResponse response;
+    @Context ServletContext context;
+
+    @POST
+    @Path("/preview")
+    @Operation(
+            summary = "Generate preview URL based on a user-supplied path and service",
+            requestBody = @RequestBody(
+                    required = true,
+                    content = @Content(
+                            mediaType = MediaType.TEXT_PLAIN,
+                            schema = @Schema(
+                                    type = "string", example = "/Users/user/Documents/MyStaticWebsite"
+                            )
+                    )
+            ),
+            responses = {
+                    @ApiResponse(
+                            description = "a temporary URL to preview the website",
+                            content = @Content(
+                                    mediaType = MediaType.TEXT_PLAIN,
+                                    schema = @Schema(
+                                            type = "string"
+                                    )
+                            )
+                    )
+            }
+    )
+    @SecurityRequirement(name = "apiKey")
+    public String preview(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String directoryPath) {
+        Security.checkApiCallAllowed(request);
+        Method method = Method.PUT;
+        Compression compression = Compression.ZIP;
+
+        ArbitraryDataWriter arbitraryDataWriter = new ArbitraryDataWriter(Paths.get(directoryPath), null, Service.WEBSITE, null, method, compression);
+        try {
+            arbitraryDataWriter.save();
+        } catch (IOException | DataException | InterruptedException | MissingDataException e) {
+            LOGGER.info("Unable to create arbitrary data file: {}", e.getMessage());
+            throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE);
+        } catch (RuntimeException e) {
+            LOGGER.info("Unable to create arbitrary data file: {}", e.getMessage());
+            throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+        }
+
+        ArbitraryDataFile arbitraryDataFile = arbitraryDataWriter.getArbitraryDataFile();
+        if (arbitraryDataFile != null) {
+            String digest58 = arbitraryDataFile.digest58();
+            if (digest58 != null) {
+                return "http://localhost:12393/render/hash/" + digest58 + "?secret=" + Base58.encode(arbitraryDataFile.getSecret());
+            }
+        }
+        return "Unable to generate preview URL";
+    }
+
+    @POST
+    @Path("/authorize/{resourceId}")
+    @SecurityRequirement(name = "apiKey")
+    public boolean authorizeResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("resourceId") String resourceId) {
+        Security.checkApiCallAllowed(request);
+        Security.disallowLoopbackRequestsIfAuthBypassEnabled(request);
+        ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, null, null);
+        ArbitraryDataRenderManager.getInstance().addToAuthorizedResources(resource);
+        return true;
+    }
+
+    @POST
+    @Path("authorize/{service}/{resourceId}")
+    @SecurityRequirement(name = "apiKey")
+    public boolean authorizeResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey,
+                                     @PathParam("service") Service service,
+                                     @PathParam("resourceId") String resourceId) {
+        Security.checkApiCallAllowed(request);
+        Security.disallowLoopbackRequestsIfAuthBypassEnabled(request);
+        ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, service, null);
+        ArbitraryDataRenderManager.getInstance().addToAuthorizedResources(resource);
+        return true;
+    }
+
+    @POST
+    @Path("authorize/{service}/{resourceId}/{identifier}")
+    @SecurityRequirement(name = "apiKey")
+    public boolean authorizeResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey,
+                                     @PathParam("service") Service service,
+                                     @PathParam("resourceId") String resourceId,
+                                     @PathParam("identifier") String identifier) {
+        Security.checkApiCallAllowed(request);
+        Security.disallowLoopbackRequestsIfAuthBypassEnabled(request);
+        ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, service, identifier);
+        ArbitraryDataRenderManager.getInstance().addToAuthorizedResources(resource);
+        return true;
+    }
+
+    @GET
+    @Path("/signature/{signature}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getIndexBySignature(@PathParam("signature") String signature) {
+        Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null);
+        return this.get(signature, ResourceIdType.SIGNATURE, null, "/", null, "/render/signature", true, true);
+    }
+
+    @GET
+    @Path("/signature/{signature}/{path:.*}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getPathBySignature(@PathParam("signature") String signature, @PathParam("path") String inPath) {
+        Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null);
+        return this.get(signature, ResourceIdType.SIGNATURE, null, inPath,null, "/render/signature", true, true);
+    }
+
+    @GET
+    @Path("/hash/{hash}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getIndexByHash(@PathParam("hash") String hash58, @QueryParam("secret") String secret58) {
+        Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null);
+        return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, "/", secret58, "/render/hash", true, false);
+    }
+
+    @GET
+    @Path("/hash/{hash}/{path:.*}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getPathByHash(@PathParam("hash") String hash58, @PathParam("path") String inPath,
+                                             @QueryParam("secret") String secret58) {
+        Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null);
+        return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, inPath, secret58, "/render/hash", true, false);
+    }
+
+    @GET
+    @Path("{service}/{name}/{path:.*}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getPathByName(@PathParam("service") Service service,
+                                             @PathParam("name") String name,
+                                             @PathParam("path") String inPath) {
+        Security.requirePriorAuthorization(request, name, service, null);
+        String prefix = String.format("/render/%s", service);
+        return this.get(name, ResourceIdType.NAME, service, inPath, null, prefix, true, true);
+    }
+
+    @GET
+    @Path("{service}/{name}")
+    @SecurityRequirement(name = "apiKey")
+    public HttpServletResponse getIndexByName(@PathParam("service") Service service,
+                                              @PathParam("name") String name) {
+        Security.requirePriorAuthorization(request, name, service, null);
+        String prefix = String.format("/render/%s", service);
+        return this.get(name, ResourceIdType.NAME, service, "/", null, prefix, true, true);
+    }
+
+
+
+    private HttpServletResponse get(String resourceId, ResourceIdType resourceIdType, Service service, String inPath,
+                                    String secret58, String prefix, boolean usePrefix, boolean async) {
+
+        ArbitraryDataRenderer renderer = new ArbitraryDataRenderer(resourceId, resourceIdType, service, inPath,
+                secret58, prefix, usePrefix, async, request, response, context);
+        return renderer.render();
+    }
+
+}

src/main/java/org/qortal/api/resource/TransactionsResource.java

@@ -9,6 +9,8 @@ import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -44,6 +46,7 @@ import org.qortal.transform.transaction.TransactionTransformer;
 import org.qortal.utils.Base58;
 
 import com.google.common.primitives.Bytes;
+import org.qortal.utils.NTP;
 
 @Path("/transactions")
 @Tag(name = "Transactions")
@@ -348,7 +351,7 @@ public class TransactionsResource {
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			List<byte[]> signatures = repository.getTransactionRepository().getSignaturesMatchingCriteria(startBlock, blockLimit, txGroupId,
-					txTypes, null, address, confirmationStatus, limit, offset, reverse);
+					txTypes, null, null, address, confirmationStatus, limit, offset, reverse);
 
 			// Expand signatures to transactions
 			List<TransactionData> transactions = new ArrayList<>(signatures.size());
@@ -363,6 +366,83 @@ public class TransactionsResource {
 		}
 	}
 
+	@GET
+	@Path("/unitfee")
+	@Operation(
+			summary = "Get transaction unit fee",
+			responses = {
+					@ApiResponse(
+							content = @Content(
+									mediaType = MediaType.TEXT_PLAIN,
+									schema = @Schema(
+											type = "number"
+									)
+							)
+					)
+			}
+	)
+	@ApiErrors({
+			ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE
+	})
+	public long getTransactionUnitFee(@QueryParam("txType") TransactionType txType,
+                                      @QueryParam("timestamp") Long timestamp,
+									  @QueryParam("level") Integer accountLevel) {
+		try {
+			if (timestamp == null) {
+				timestamp = NTP.getTime();
+			}
+
+			Constructor<?> constructor = txType.constructor;
+			Transaction transaction = (Transaction) constructor.newInstance(null, null);
+			// FUTURE: add accountLevel parameter to transaction.getUnitFee() if needed
+			return transaction.getUnitFee(timestamp);
+
+		} catch (InstantiationException | IllegalAccessException | InvocationTargetException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA, e);
+		}
+	}
+
+	@POST
+	@Path("/fee")
+	@Operation(
+			summary = "Get recommended fee for supplied transaction data",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.TEXT_PLAIN,
+							schema = @Schema(
+									type = "string"
+							)
+					)
+			)
+	)
+	@ApiErrors({
+			ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE
+	})
+	public long getRecommendedTransactionFee(String rawInputBytes58) {
+		byte[] rawInputBytes = Base58.decode(rawInputBytes58);
+		if (rawInputBytes.length == 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.JSON);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			// Append null signature on the end before transformation
+			byte[] rawBytes = Bytes.concat(rawInputBytes, new byte[TransactionTransformer.SIGNATURE_LENGTH]);
+
+			TransactionData transactionData = TransactionTransformer.fromBytes(rawBytes);
+			if (transactionData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			Transaction transaction = Transaction.fromData(repository, transactionData);
+			return transaction.calcRecommendedFee();
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}  catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+	}
+
 	@GET
 	@Path("/creator/{publickey}")
 	@Operation(
@@ -418,32 +498,83 @@ public class TransactionsResource {
 	}
 
 	@POST
-	@Path("/sign")
+	@Path("/convert")
 	@Operation(
-		summary = "Sign a raw, unsigned transaction",
-		requestBody = @RequestBody(
-			required = true,
-			content = @Content(
-				mediaType = MediaType.APPLICATION_JSON,
-				schema = @Schema(
-					implementation = SimpleTransactionSignRequest.class
-				)
-			)
-		),
-		responses = {
-			@ApiResponse(
-				description = "raw, signed transaction encoded in Base58",
-				content = @Content(
-					mediaType = MediaType.TEXT_PLAIN,
-					schema = @Schema(
-						type = "string"
+			summary = "Convert transaction bytes into bytes for signing",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.TEXT_PLAIN,
+							schema = @Schema(
+									type = "string",
+									description = "raw, unsigned transaction in base58 encoding",
+									example = "raw transaction base58"
+							)
 					)
-				)
-			)
-		}
+			),
+			responses = {
+					@ApiResponse(
+							description = "raw, unsigned transaction encoded in Base58, ready for signing",
+							content = @Content(
+									mediaType = MediaType.TEXT_PLAIN,
+									schema = @Schema(
+											type = "string"
+									)
+							)
+					)
+			}
 	)
 	@ApiErrors({
-		ApiError.NON_PRODUCTION, ApiError.INVALID_PRIVATE_KEY, ApiError.TRANSFORMATION_ERROR
+			ApiError.NON_PRODUCTION, ApiError.TRANSFORMATION_ERROR
+	})
+	public String convertTransactionForSigning(String rawInputBytes58) {
+		byte[] rawInputBytes = Base58.decode(rawInputBytes58);
+		if (rawInputBytes.length == 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.JSON);
+
+		try {
+			// Append null signature on the end before transformation
+			byte[] rawBytes = Bytes.concat(rawInputBytes, new byte[TransactionTransformer.SIGNATURE_LENGTH]);
+
+			TransactionData transactionData = TransactionTransformer.fromBytes(rawBytes);
+			if (transactionData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			byte[] convertedBytes = TransactionTransformer.toBytesForSigning(transactionData);
+
+			return Base58.encode(convertedBytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+	}
+
+	@POST
+	@Path("/sign")
+	@Operation(
+			summary = "Sign a raw, unsigned transaction",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.APPLICATION_JSON,
+							schema = @Schema(
+									implementation = SimpleTransactionSignRequest.class
+							)
+					)
+			),
+			responses = {
+					@ApiResponse(
+							description = "raw, signed transaction encoded in Base58",
+							content = @Content(
+									mediaType = MediaType.TEXT_PLAIN,
+									schema = @Schema(
+											type = "string"
+									)
+							)
+					)
+			}
+	)
+	@ApiErrors({
+			ApiError.NON_PRODUCTION, ApiError.INVALID_PRIVATE_KEY, ApiError.TRANSFORMATION_ERROR
 	})
 	public String signTransaction(SimpleTransactionSignRequest signRequest) {
 		if (Settings.getInstance().isApiRestricted())
@@ -510,14 +641,19 @@ public class TransactionsResource {
 		if (!Controller.getInstance().isUpToDate())
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCKCHAIN_NEEDS_SYNC);
 
+		byte[] rawBytes = Base58.decode(rawBytes58);
+
+		TransactionData transactionData;
+		try {
+			transactionData = TransactionTransformer.fromBytes(rawBytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+
+		if (transactionData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			byte[] rawBytes = Base58.decode(rawBytes58);
-
-			TransactionData transactionData = TransactionTransformer.fromBytes(rawBytes);
-
-			if (transactionData == null)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-
 			Transaction transaction = Transaction.fromData(repository, transactionData);
 
 			if (!transaction.isSignatureValid())
@@ -535,16 +671,9 @@ public class TransactionsResource {
 				blockchainLock.unlock();
 			}
 
-			// Notify controller of new transaction
-			Controller.getInstance().onNewTransaction(transactionData, null);
-
 			return "true";
 		} catch (NumberFormatException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA, e);
-		} catch (TransformationException e) {
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		} catch (InterruptedException e) {

src/main/java/org/qortal/api/resource/UtilsResource.java

@@ -33,7 +33,6 @@ import org.qortal.transaction.Transaction.TransactionType;
 import org.qortal.transform.Transformer;
 import org.qortal.transform.transaction.TransactionTransformer;
 import org.qortal.transform.transaction.TransactionTransformer.Transformation;
-import org.qortal.utils.BIP39;
 import org.qortal.utils.Base58;
 
 import com.google.common.hash.HashCode;
@@ -195,123 +194,6 @@ public class UtilsResource {
 		return Base58.encode(random);
 	}
 
-	@GET
-	@Path("/mnemonic")
-	@Operation(
-		summary = "Generate 12-word BIP39 mnemonic",
-		description = "Optionally pass 16-byte, base58-encoded entropy or entropy will be internally generated.<br>"
-				+ "Example entropy input: YcVfxkQb6JRzqk5kF2tNLv",
-		responses = {
-			@ApiResponse(
-				description = "mnemonic",
-				content = @Content(
-					mediaType = MediaType.TEXT_PLAIN,
-					schema = @Schema(
-						type = "string"
-					)
-				)
-			)
-		}
-	)
-	@ApiErrors({ApiError.NON_PRODUCTION, ApiError.INVALID_DATA})
-	public String getMnemonic(@QueryParam("entropy") String suppliedEntropy) {
-		if (Settings.getInstance().isApiRestricted())
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
-
-		/*
-		 * BIP39 word lists have 2048 entries so can be represented by 11 bits.
-		 * UUID (128bits) and another 4 bits gives 132 bits.
-		 * 132 bits, divided by 11, gives 12 words.
-		 */
-		byte[] entropy;
-		if (suppliedEntropy != null) {
-			// Use caller-supplied entropy input
-			try {
-				entropy = Base58.decode(suppliedEntropy);
-			} catch (NumberFormatException e) {
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-			}
-
-			// Must be 16-bytes
-			if (entropy.length != 16)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-		} else {
-			// Generate entropy internally
-			UUID uuid = UUID.randomUUID();
-
-			byte[] uuidMSB = Longs.toByteArray(uuid.getMostSignificantBits());
-			byte[] uuidLSB = Longs.toByteArray(uuid.getLeastSignificantBits());
-			entropy = Bytes.concat(uuidMSB, uuidLSB);
-		}
-
-		// Use SHA256 to generate more bits
-		byte[] hash = Crypto.digest(entropy);
-
-		// Append first 4 bits from hash to end. (Actually 8 bits but we only use 4).
-		byte checksum = (byte) (hash[0] & 0xf0);
-		entropy = Bytes.concat(entropy, new byte[] {
-			checksum
-		});
-
-		return BIP39.encode(entropy, "en");
-	}
-
-	@POST
-	@Path("/mnemonic")
-	@Operation(
-		summary = "Calculate binary entropy from 12-word BIP39 mnemonic",
-		description = "Returns the base58-encoded binary form, or \"false\" if mnemonic is invalid.",
-		requestBody = @RequestBody(
-			required = true,
-			content = @Content(
-				mediaType = MediaType.TEXT_PLAIN,
-				schema = @Schema(
-					type = "string"
-				)
-			)
-		),
-		responses = {
-			@ApiResponse(
-				description = "entropy in base58",
-				content = @Content(
-					mediaType = MediaType.TEXT_PLAIN,
-					schema = @Schema(
-						type = "string"
-					)
-				)
-			)
-		}
-	)
-	@ApiErrors({ApiError.NON_PRODUCTION})
-	public String fromMnemonic(String mnemonic) {
-		if (Settings.getInstance().isApiRestricted())
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
-
-		if (mnemonic.isEmpty())
-			return "false";
-
-		// Strip leading/trailing whitespace if any
-		mnemonic = mnemonic.trim();
-
-		String[] phraseWords = mnemonic.split(" ");
-		if (phraseWords.length != 12)
-			return "false";
-
-		// Convert BIP39 mnemonic to binary
-		byte[] binary = BIP39.decode(phraseWords, "en");
-		if (binary == null)
-			return "false";
-
-		byte[] entropy = Arrays.copyOf(binary, 16); // 132 bits is 16.5 bytes, but we're discarding checksum nybble
-
-		byte checksumNybble = (byte) (binary[16] & 0xf0);
-		byte[] checksum = Crypto.digest(entropy);
-		if (checksumNybble != (byte) (checksum[0] & 0xf0))
-			return "false";
-
-		return Base58.encode(entropy);
-	}
-
 	@POST
 	@Path("/privatekey")
 	@Operation(

src/main/java/org/qortal/api/websocket/ApiWebSocket.java

@@ -107,7 +107,9 @@ abstract class ApiWebSocket extends WebSocketServlet {
 
 	public void onWebSocketClose(Session session, int statusCode, String reason) {
 		synchronized (SESSIONS_BY_CLASS) {
-			SESSIONS_BY_CLASS.get(this.getClass()).remove(session);
+			List<Session> sessions = SESSIONS_BY_CLASS.get(this.getClass());
+			if (sessions != null)
+				sessions.remove(session);
 		}
 	}
 

src/main/java/org/qortal/api/websocket/BlocksWebSocket.java

@@ -13,9 +13,9 @@ import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
 import org.eclipse.jetty.websocket.api.annotations.WebSocket;
 import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
 import org.qortal.api.ApiError;
-import org.qortal.api.model.BlockInfo;
 import org.qortal.controller.Controller;
 import org.qortal.data.block.BlockData;
+import org.qortal.data.block.BlockSummaryData;
 import org.qortal.event.Event;
 import org.qortal.event.EventBus;
 import org.qortal.event.Listener;
@@ -41,10 +41,10 @@ public class BlocksWebSocket extends ApiWebSocket implements Listener {
 			return;
 
 		BlockData blockData = ((Controller.NewBlockEvent) event).getBlockData();
-		BlockInfo blockInfo = new BlockInfo(blockData);
+		BlockSummaryData blockSummary = new BlockSummaryData(blockData);
 
 		for (Session session : getSessions())
-			sendBlockInfo(session, blockInfo);
+			sendBlockSummary(session, blockSummary);
 	}
 
 	@OnWebSocketConnect
@@ -85,13 +85,13 @@ public class BlocksWebSocket extends ApiWebSocket implements Listener {
 					return;
 				}
 
-				List<BlockInfo> blockInfos = repository.getBlockRepository().getBlockInfos(height, null, 1);
-				if (blockInfos == null || blockInfos.isEmpty()) {
+				List<BlockSummaryData> blockSummaries = repository.getBlockRepository().getBlockSummaries(height, height);
+				if (blockSummaries == null || blockSummaries.isEmpty()) {
 					sendError(session, ApiError.BLOCK_UNKNOWN);
 					return;
 				}
 
-				sendBlockInfo(session, blockInfos.get(0));
+				sendBlockSummary(session, blockSummaries.get(0));
 			} catch (DataException e) {
 				sendError(session, ApiError.REPOSITORY_ISSUE);
 			}
@@ -114,23 +114,23 @@ public class BlocksWebSocket extends ApiWebSocket implements Listener {
 		}
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			List<BlockInfo> blockInfos = repository.getBlockRepository().getBlockInfos(height, null, 1);
-			if (blockInfos == null || blockInfos.isEmpty()) {
+			List<BlockSummaryData> blockSummaries = repository.getBlockRepository().getBlockSummaries(height, height);
+			if (blockSummaries == null || blockSummaries.isEmpty()) {
 				sendError(session, ApiError.BLOCK_UNKNOWN);
 				return;
 			}
 
-			sendBlockInfo(session, blockInfos.get(0));
+			sendBlockSummary(session, blockSummaries.get(0));
 		} catch (DataException e) {
 			sendError(session, ApiError.REPOSITORY_ISSUE);
 		}
 	}
 
-	private void sendBlockInfo(Session session, BlockInfo blockInfo) {
+	private void sendBlockSummary(Session session, BlockSummaryData blockSummary) {
 		StringWriter stringWriter = new StringWriter();
 
 		try {
-			marshall(stringWriter, blockInfo);
+			marshall(stringWriter, blockSummary);
 
 			session.getRemote().sendStringByFuture(stringWriter.toString());
 		} catch (IOException | WebSocketException e) {

src/main/java/org/qortal/api/websocket/ChatMessagesWebSocket.java

@@ -115,6 +115,9 @@ public class ChatMessagesWebSocket extends ApiWebSocket {
 	}
 
 	private void onNotify(Session session, ChatTransactionData chatTransactionData, List<String> involvingAddresses) {
+		if (chatTransactionData == null)
+			return;
+
 		// We only want direct/non-group messages where sender/recipient match our addresses
 		String recipient = chatTransactionData.getRecipient();
 		if (recipient == null)

src/main/java/org/qortal/api/websocket/PresenceWebSocket.java

@@ -0,0 +1,244 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Collections;
+import java.util.EnumMap;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.controller.Controller;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.transaction.PresenceTransactionData;
+import org.qortal.data.transaction.TransactionData;
+import org.qortal.event.Event;
+import org.qortal.event.EventBus;
+import org.qortal.event.Listener;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.PresenceTransaction.PresenceType;
+import org.qortal.transaction.Transaction.TransactionType;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class PresenceWebSocket extends ApiWebSocket implements Listener {
+
+	@XmlAccessorType(XmlAccessType.FIELD)
+	@SuppressWarnings("unused")
+	private static class PresenceInfo {
+		private final PresenceType presenceType;
+		private final String publicKey;
+		private final long timestamp;
+		private final String address;
+
+		protected PresenceInfo() {
+			this.presenceType = null;
+			this.publicKey = null;
+			this.timestamp = 0L;
+			this.address = null;
+		}
+
+		public PresenceInfo(PresenceType presenceType, String pubKey58, long timestamp) {
+			this.presenceType = presenceType;
+			this.publicKey = pubKey58;
+			this.timestamp = timestamp;
+			this.address = Crypto.toAddress(Base58.decode(this.publicKey));
+		}
+
+		public PresenceType getPresenceType() {
+			return this.presenceType;
+		}
+
+		public String getPublicKey() {
+			return this.publicKey;
+		}
+
+		public long getTimestamp() {
+			return this.timestamp;
+		}
+
+		public String getAddress() {
+			return this.address;
+		}
+	}
+
+	/** Outer map key is PresenceType (enum), inner map key is public key in base58, inner map value is timestamp */
+	private static final Map<PresenceType, Map<String, Long>> currentEntries = Collections.synchronizedMap(new EnumMap<>(PresenceType.class));
+
+	/** (Optional) PresenceType used for filtering by that Session. */
+	private static final Map<Session, PresenceType> sessionPresenceTypes = Collections.synchronizedMap(new HashMap<>());
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(PresenceWebSocket.class);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			populateCurrentInfo(repository);
+		} catch (DataException e) {
+			// How to fail properly?
+			return;
+		}
+
+		EventBus.INSTANCE.addListener(this::listen);
+	}
+
+	@Override
+	public void listen(Event event) {
+		// We use NewBlockEvent as a proxy for 1-minute timer
+		if (!(event instanceof Controller.NewTransactionEvent) && !(event instanceof Controller.NewBlockEvent))
+			return;
+
+		removeOldEntries();
+
+		if (event instanceof Controller.NewBlockEvent)
+			// We only wanted a chance to cull old entries
+			return;
+
+		TransactionData transactionData = ((Controller.NewTransactionEvent) event).getTransactionData();
+
+		if (transactionData.getType() != TransactionType.PRESENCE)
+			return;
+
+		PresenceTransactionData presenceData = (PresenceTransactionData) transactionData;
+		PresenceType presenceType = presenceData.getPresenceType();
+
+		// Put/replace for this publickey making sure we keep newest timestamp
+		String pubKey58 = Base58.encode(presenceData.getCreatorPublicKey());
+		long ourTimestamp = presenceData.getTimestamp();
+		long computedTimestamp = mergePresence(presenceType, pubKey58, ourTimestamp);
+
+		if (computedTimestamp != ourTimestamp)
+			// nothing changed
+			return;
+
+		List<PresenceInfo> presenceInfo = Collections.singletonList(new PresenceInfo(presenceType, pubKey58, computedTimestamp));
+
+		// Notify sessions
+		for (Session session : getSessions()) {
+			PresenceType sessionPresenceType = sessionPresenceTypes.get(session);
+
+			if (sessionPresenceType == null || sessionPresenceType == presenceType)
+				sendPresenceInfo(session, presenceInfo);
+		}
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
+		List<String> presenceTypes = queryParams.get("presenceType");
+
+		// We only support ONE presenceType
+		String presenceTypeName = presenceTypes == null || presenceTypes.isEmpty() ? null : presenceTypes.get(0);
+
+		PresenceType presenceType = presenceTypeName == null ? null : PresenceType.fromString(presenceTypeName);
+
+		// Make sure that if caller does give a presenceType, that it is a valid/known one.
+		if (presenceTypeName != null && presenceType == null) {
+			session.close(4003, "unknown presenceType: " + presenceTypeName);
+			return;
+		}
+
+		// Save session's requested PresenceType, if given
+		if (presenceType != null)
+			sessionPresenceTypes.put(session, presenceType);
+
+		List<PresenceInfo> presenceInfo;
+
+		synchronized (currentEntries) {
+			presenceInfo = currentEntries.entrySet().stream()
+					.filter(entry -> presenceType == null ? true : entry.getKey() == presenceType)
+					.flatMap(entry -> entry.getValue().entrySet().stream().map(innerEntry -> new PresenceInfo(entry.getKey(), innerEntry.getKey(), innerEntry.getValue())))
+					.collect(Collectors.toList());
+		}
+
+		if (!sendPresenceInfo(session, presenceInfo)) {
+			session.close(4002, "websocket issue");
+			return;
+		}
+
+		super.onWebSocketConnect(session);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		// clean up
+		sessionPresenceTypes.remove(session);
+
+		super.onWebSocketClose(session, statusCode, reason);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* ignored */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private boolean sendPresenceInfo(Session session, List<PresenceInfo> presenceInfo) {
+		try {
+			StringWriter stringWriter = new StringWriter();
+			marshall(stringWriter, presenceInfo);
+
+			String output = stringWriter.toString();
+			session.getRemote().sendStringByFuture(output);
+		} catch (IOException e) {
+			// No output this time?
+			return false;
+		}
+
+		return true;
+	}
+
+	private static void populateCurrentInfo(Repository repository) throws DataException {
+		// We want ALL PRESENCE transactions
+
+		List<TransactionData> presenceTransactionsData = repository.getTransactionRepository().getUnconfirmedTransactions(TransactionType.PRESENCE, null);
+
+		for (TransactionData transactionData : presenceTransactionsData) {
+			PresenceTransactionData presenceData = (PresenceTransactionData) transactionData;
+
+			PresenceType presenceType = presenceData.getPresenceType();
+
+			// Put/replace for this publickey making sure we keep newest timestamp
+			String pubKey58 = Base58.encode(presenceData.getCreatorPublicKey());
+			long ourTimestamp = presenceData.getTimestamp();
+
+			mergePresence(presenceType, pubKey58, ourTimestamp);
+		}
+	}
+
+	private static long mergePresence(PresenceType presenceType, String pubKey58, long ourTimestamp) {
+		Map<String, Long> typedPubkeyTimestamps = currentEntries.computeIfAbsent(presenceType, someType -> Collections.synchronizedMap(new HashMap<>()));
+		return typedPubkeyTimestamps.compute(pubKey58, (somePubKey58, currentTimestamp) -> (currentTimestamp == null || currentTimestamp < ourTimestamp) ? ourTimestamp : currentTimestamp);
+	}
+
+	private static void removeOldEntries() {
+		long now = NTP.getTime();
+
+		currentEntries.entrySet().forEach(entry -> {
+			long expiryThreshold = now - entry.getKey().getLifetime();
+			entry.getValue().entrySet().removeIf(pubkeyTimestamp -> pubkeyTimestamp.getValue() < expiryThreshold);
+		});
+	}
+
+}

src/main/java/org/qortal/api/websocket/TradeBotWebSocket.java

@@ -15,7 +15,8 @@ import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
 import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
 import org.eclipse.jetty.websocket.api.annotations.WebSocket;
 import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
-import org.qortal.controller.TradeBot;
+import org.qortal.controller.tradebot.TradeBot;
+import org.qortal.crosschain.SupportedBlockchain;
 import org.qortal.data.crosschain.TradeBotData;
 import org.qortal.event.Event;
 import org.qortal.event.EventBus;
@@ -30,7 +31,9 @@ import org.qortal.utils.Base58;
 public class TradeBotWebSocket extends ApiWebSocket implements Listener {
 
 	/** Cache of trade-bot entry states, keyed by trade-bot entry's "trade private key" (base58) */
-	private static final Map<String, TradeBotData.State> PREVIOUS_STATES = new HashMap<>();
+	private static final Map<String, Integer> PREVIOUS_STATES = new HashMap<>();
+
+	private static final Map<Session, String> sessionBlockchain = Collections.synchronizedMap(new HashMap<>());
 
 	@Override
 	public void configure(WebSocketServletFactory factory) {
@@ -42,7 +45,7 @@ public class TradeBotWebSocket extends ApiWebSocket implements Listener {
 				// How do we properly fail here?
 				return;
 
-			PREVIOUS_STATES.putAll(tradeBotEntries.stream().collect(Collectors.toMap(entry -> Base58.encode(entry.getTradePrivateKey()), TradeBotData::getState)));
+			PREVIOUS_STATES.putAll(tradeBotEntries.stream().collect(Collectors.toMap(entry -> Base58.encode(entry.getTradePrivateKey()), TradeBotData::getStateValue)));
 		} catch (DataException e) {
 			// No output this time
 		}
@@ -59,35 +62,59 @@ public class TradeBotWebSocket extends ApiWebSocket implements Listener {
 		String tradePrivateKey58 = Base58.encode(tradeBotData.getTradePrivateKey());
 
 		synchronized (PREVIOUS_STATES) {
-			if (PREVIOUS_STATES.get(tradePrivateKey58) == tradeBotData.getState())
+			Integer previousStateValue = PREVIOUS_STATES.get(tradePrivateKey58);
+			if (previousStateValue != null && previousStateValue == tradeBotData.getStateValue())
 				// Not changed
 				return;
 
-			PREVIOUS_STATES.put(tradePrivateKey58, tradeBotData.getState());
+			PREVIOUS_STATES.put(tradePrivateKey58, tradeBotData.getStateValue());
 		}
 
 		List<TradeBotData> tradeBotEntries = Collections.singletonList(tradeBotData);
-		for (Session session : getSessions())
-			sendEntries(session, tradeBotEntries);
+
+		for (Session session : getSessions()) {
+			// Only send if this session has this/no preferred blockchain
+			String preferredBlockchain = sessionBlockchain.get(session);
+
+			if (preferredBlockchain == null || preferredBlockchain.equals(tradeBotData.getForeignBlockchain()))
+				sendEntries(session, tradeBotEntries);
+		}
 	}
 
 	@OnWebSocketConnect
 	@Override
 	public void onWebSocketConnect(Session session) {
+		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
+
+		List<String> foreignBlockchains = queryParams.get("foreignBlockchain");
+		final String foreignBlockchain = foreignBlockchains == null ? null : foreignBlockchains.get(0);
+
+		// Make sure blockchain (if any) is valid
+		if (foreignBlockchain != null && SupportedBlockchain.fromString(foreignBlockchain) == null) {
+			session.close(4003, "unknown blockchain: " + foreignBlockchain);
+			return;
+		}
+
+		// save session's preferred blockchain (if any)
+		sessionBlockchain.put(session, foreignBlockchain);
+
 		// Send all known trade-bot entries
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			List<TradeBotData> tradeBotEntries = repository.getCrossChainRepository().getAllTradeBotData();
-			if (tradeBotEntries == null) {
-				session.close(4001, "repository issue fetching trade-bot entries");
-				return;
-			}
+
+			// Optional filtering
+			if (foreignBlockchain != null)
+				tradeBotEntries = tradeBotEntries.stream()
+						.filter(tradeBotData -> tradeBotData.getForeignBlockchain().equals(foreignBlockchain))
+						.collect(Collectors.toList());
 
 			if (!sendEntries(session, tradeBotEntries)) {
 				session.close(4002, "websocket issue");
 				return;
 			}
 		} catch (DataException e) {
-			// No output this time
+			session.close(4001, "repository issue fetching trade-bot entries");
+			return;
 		}
 
 		super.onWebSocketConnect(session);
@@ -96,6 +123,9 @@ public class TradeBotWebSocket extends ApiWebSocket implements Listener {
 	@OnWebSocketClose
 	@Override
 	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		// clean up
+		sessionBlockchain.remove(session);
+
 		super.onWebSocketClose(session, statusCode, reason);
 	}
 

src/main/java/org/qortal/api/websocket/TradeOffersWebSocket.java

@@ -3,10 +3,13 @@ package org.qortal.api.websocket;
 import java.io.IOException;
 import java.io.StringWriter;
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.function.Predicate;
+import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 import org.apache.logging.log4j.LogManager;
@@ -20,7 +23,9 @@ import org.eclipse.jetty.websocket.api.annotations.WebSocket;
 import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
 import org.qortal.api.model.CrossChainOfferSummary;
 import org.qortal.controller.Controller;
-import org.qortal.crosschain.BTCACCT;
+import org.qortal.crosschain.SupportedBlockchain;
+import org.qortal.crosschain.ACCT;
+import org.qortal.crosschain.AcctMode;
 import org.qortal.data.at.ATStateData;
 import org.qortal.data.block.BlockData;
 import org.qortal.data.crosschain.CrossChainTradeData;
@@ -30,6 +35,7 @@ import org.qortal.event.Listener;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.ByteArray;
 import org.qortal.utils.NTP;
 
 @WebSocket
@@ -38,18 +44,23 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 
 	private static final Logger LOGGER = LogManager.getLogger(TradeOffersWebSocket.class);
 
-	private static final Map<String, BTCACCT.Mode> previousAtModes = new HashMap<>();
+	private static class CachedOfferInfo {
+		public final Map<String, AcctMode> previousAtModes = new HashMap<>();
 
-	// OFFERING
-	private static final Map<String, CrossChainOfferSummary> currentSummaries = new HashMap<>();
-	// REDEEMED/REFUNDED/CANCELLED
-	private static final Map<String, CrossChainOfferSummary> historicSummaries = new HashMap<>();
+		// OFFERING
+		public final Map<String, CrossChainOfferSummary> currentSummaries = new HashMap<>();
+		// REDEEMED/REFUNDED/CANCELLED
+		public final Map<String, CrossChainOfferSummary> historicSummaries = new HashMap<>();
+	}
+	// Manual synchronization
+	private static final Map<String, CachedOfferInfo> cachedInfoByBlockchain = new HashMap<>();
 
 	private static final Predicate<CrossChainOfferSummary> isHistoric = offerSummary
-			-> offerSummary.getMode() == BTCACCT.Mode.REDEEMED
-			|| offerSummary.getMode() == BTCACCT.Mode.REFUNDED
-			|| offerSummary.getMode() == BTCACCT.Mode.CANCELLED;
+			-> offerSummary.getMode() == AcctMode.REDEEMED
+			|| offerSummary.getMode() == AcctMode.REFUNDED
+			|| offerSummary.getMode() == AcctMode.CANCELLED;
 
+	private static final Map<Session, String> sessionBlockchain = Collections.synchronizedMap(new HashMap<>());
 
 	@Override
 	public void configure(WebSocketServletFactory factory) {
@@ -75,7 +86,6 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 		BlockData blockData = ((Controller.NewBlockEvent) event).getBlockData();
 
 		// Process any new info
-		List<CrossChainOfferSummary> crossChainOfferSummaries;
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			// Find any new/changed trade ATs since this block
@@ -84,60 +94,77 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 			final Long expectedValue = null;
 			final Integer minimumFinalHeight = blockData.getHeight();
 
-			List<ATStateData> atStates = repository.getATRepository().getMatchingFinalATStates(BTCACCT.CODE_BYTES_HASH,
-					isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
-					null, null, null);
+			for (SupportedBlockchain blockchain : SupportedBlockchain.values()) {
+				Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(blockchain);
 
-			if (atStates == null)
-				return;
+				List<CrossChainOfferSummary> crossChainOfferSummaries = new ArrayList<>();
 
-			crossChainOfferSummaries = produceSummaries(repository, atStates, blockData.getTimestamp());
+				synchronized (cachedInfoByBlockchain) {
+					CachedOfferInfo cachedInfo = cachedInfoByBlockchain.computeIfAbsent(blockchain.name(), k -> new CachedOfferInfo());
+
+					for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+						byte[] codeHash = acctInfo.getKey().value;
+						ACCT acct = acctInfo.getValue().get();
+
+						List<ATStateData> atStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+								isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
+								null, null, null);
+
+						crossChainOfferSummaries.addAll(produceSummaries(repository, acct, atStates, blockData.getTimestamp()));
+					}
+
+					// Remove any entries unchanged from last time
+					crossChainOfferSummaries.removeIf(offerSummary -> cachedInfo.previousAtModes.get(offerSummary.getQortalAtAddress()) == offerSummary.getMode());
+
+					// Skip to next blockchain if nothing has changed (for this blockchain)
+					if (crossChainOfferSummaries.isEmpty())
+						continue;
+
+					// Update
+					for (CrossChainOfferSummary offerSummary : crossChainOfferSummaries) {
+						String offerAtAddress = offerSummary.getQortalAtAddress();
+
+						cachedInfo.previousAtModes.put(offerAtAddress, offerSummary.getMode());
+						LOGGER.trace(() -> String.format("Block height: %d, AT: %s, mode: %s", blockData.getHeight(), offerAtAddress, offerSummary.getMode().name()));
+
+						switch (offerSummary.getMode()) {
+							case OFFERING:
+								cachedInfo.currentSummaries.put(offerAtAddress, offerSummary);
+								cachedInfo.historicSummaries.remove(offerAtAddress);
+								break;
+
+							case REDEEMED:
+							case REFUNDED:
+							case CANCELLED:
+								cachedInfo.currentSummaries.remove(offerAtAddress);
+								cachedInfo.historicSummaries.put(offerAtAddress, offerSummary);
+								break;
+
+							case TRADING:
+								cachedInfo.currentSummaries.remove(offerAtAddress);
+								cachedInfo.historicSummaries.remove(offerAtAddress);
+								break;
+						}
+					}
+
+					// Remove any historic offers that are over 24 hours old
+					final long tooOldTimestamp = NTP.getTime() - 24 * 60 * 60 * 1000L;
+					cachedInfo.historicSummaries.values().removeIf(historicSummary -> historicSummary.getTimestamp() < tooOldTimestamp);
+				}
+
+				// Notify sessions
+				for (Session session : getSessions()) {
+					// Only send if this session has this/no preferred blockchain
+					String preferredBlockchain = sessionBlockchain.get(session);
+
+					if (preferredBlockchain == null || preferredBlockchain.equals(blockchain.name()))
+						sendOfferSummaries(session, crossChainOfferSummaries);
+				}
+
+			}
 		} catch (DataException e) {
 			// No output this time
-			return;
 		}
-
-		synchronized (previousAtModes) {
-			// Remove any entries unchanged from last time
-			crossChainOfferSummaries.removeIf(offerSummary -> previousAtModes.get(offerSummary.getQortalAtAddress()) == offerSummary.getMode());
-
-			// Don't send anything if no results
-			if (crossChainOfferSummaries.isEmpty())
-				return;
-
-			// Update
-			for (CrossChainOfferSummary offerSummary : crossChainOfferSummaries) {
-				previousAtModes.put(offerSummary.qortalAtAddress, offerSummary.getMode());
-				LOGGER.trace(() -> String.format("Block height: %d, AT: %s, mode: %s", blockData.getHeight(), offerSummary.qortalAtAddress, offerSummary.getMode().name()));
-
-				switch (offerSummary.getMode()) {
-					case OFFERING:
-						currentSummaries.put(offerSummary.qortalAtAddress, offerSummary);
-						historicSummaries.remove(offerSummary.qortalAtAddress);
-						break;
-
-					case REDEEMED:
-					case REFUNDED:
-					case CANCELLED:
-						currentSummaries.remove(offerSummary.qortalAtAddress);
-						historicSummaries.put(offerSummary.qortalAtAddress, offerSummary);
-						break;
-
-					case TRADING:
-						currentSummaries.remove(offerSummary.qortalAtAddress);
-						historicSummaries.remove(offerSummary.qortalAtAddress);
-						break;
-				}
-			}
-
-			// Remove any historic offers that are over 24 hours old
-			final long tooOldTimestamp = NTP.getTime() - 24 * 60 * 60 * 1000L;
-			historicSummaries.values().removeIf(historicSummary -> historicSummary.getTimestamp() < tooOldTimestamp);
-		}
-
-		// Notify sessions
-		for (Session session : getSessions())
-			sendOfferSummaries(session, crossChainOfferSummaries);
 	}
 
 	@OnWebSocketConnect
@@ -146,13 +173,36 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
 		final boolean includeHistoric = queryParams.get("includeHistoric") != null;
 
+		List<String> foreignBlockchains = queryParams.get("foreignBlockchain");
+		final String foreignBlockchain = foreignBlockchains == null ? null : foreignBlockchains.get(0);
+
+		// Make sure blockchain (if any) is valid
+		if (foreignBlockchain != null && SupportedBlockchain.fromString(foreignBlockchain) == null) {
+			session.close(4003, "unknown blockchain: " + foreignBlockchain);
+			return;
+		}
+
+		// Save session's preferred blockchain, if given
+		if (foreignBlockchain != null)
+			sessionBlockchain.put(session, foreignBlockchain);
+
 		List<CrossChainOfferSummary> crossChainOfferSummaries = new ArrayList<>();
 
-		synchronized (previousAtModes) {
-			crossChainOfferSummaries.addAll(currentSummaries.values());
+		synchronized (cachedInfoByBlockchain) {
+			Collection<CachedOfferInfo> cachedInfos;
 
-			if (includeHistoric)
-				crossChainOfferSummaries.addAll(historicSummaries.values());
+			if (foreignBlockchain == null)
+				// No preferred blockchain, so iterate through all of them
+				cachedInfos = cachedInfoByBlockchain.values();
+			else
+				cachedInfos = Collections.singleton(cachedInfoByBlockchain.computeIfAbsent(foreignBlockchain, k -> new CachedOfferInfo()));
+
+			for (CachedOfferInfo cachedInfo : cachedInfos) {
+				crossChainOfferSummaries.addAll(cachedInfo.currentSummaries.values());
+
+				if (includeHistoric)
+					crossChainOfferSummaries.addAll(cachedInfo.historicSummaries.values());
+			}
 		}
 
 		if (!sendOfferSummaries(session, crossChainOfferSummaries)) {
@@ -166,6 +216,9 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 	@OnWebSocketClose
 	@Override
 	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		// clean up
+		sessionBlockchain.remove(session);
+
 		super.onWebSocketClose(session, statusCode, reason);
 	}
 
@@ -197,22 +250,34 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 	private static void populateCurrentSummaries(Repository repository) throws DataException {
 		// We want ALL OFFERING trades
 		Boolean isFinished = Boolean.FALSE;
-		Integer dataByteOffset = BTCACCT.MODE_BYTE_OFFSET;
-		Long expectedValue = (long) BTCACCT.Mode.OFFERING.value;
+		Long expectedValue = (long) AcctMode.OFFERING.value;
 		Integer minimumFinalHeight = null;
 
-		List<ATStateData> initialAtStates = repository.getATRepository().getMatchingFinalATStates(BTCACCT.CODE_BYTES_HASH,
-				isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
-				null, null, null);
+		for (SupportedBlockchain blockchain : SupportedBlockchain.values()) {
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(blockchain);
 
-		if (initialAtStates == null)
-			throw new DataException("Couldn't fetch current trades from repository");
+			CachedOfferInfo cachedInfo = cachedInfoByBlockchain.computeIfAbsent(blockchain.name(), k -> new CachedOfferInfo());
 
-		// Save initial AT modes
-		previousAtModes.putAll(initialAtStates.stream().collect(Collectors.toMap(ATStateData::getATAddress, atState -> BTCACCT.Mode.OFFERING)));
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
 
-		// Convert to offer summaries
-		currentSummaries.putAll(produceSummaries(repository, initialAtStates, null).stream().collect(Collectors.toMap(CrossChainOfferSummary::getQortalAtAddress, offerSummary -> offerSummary)));
+				Integer dataByteOffset = acct.getModeByteOffset();
+				List<ATStateData> initialAtStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+					isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
+					null, null, null);
+
+				if (initialAtStates == null)
+					throw new DataException("Couldn't fetch current trades from repository");
+
+				// Save initial AT modes
+				cachedInfo.previousAtModes.putAll(initialAtStates.stream().collect(Collectors.toMap(ATStateData::getATAddress, atState -> AcctMode.OFFERING)));
+
+				// Convert to offer summaries
+				cachedInfo.currentSummaries.putAll(produceSummaries(repository, acct, initialAtStates, null).stream()
+										.collect(Collectors.toMap(CrossChainOfferSummary::getQortalAtAddress, offerSummary -> offerSummary)));
+			}
+		}
 	}
 
 	private static void populateHistoricSummaries(Repository repository) throws DataException {
@@ -228,33 +293,44 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 		Long expectedValue = null;
 		++minimumFinalHeight; // because height is just *before* timestamp
 
-		List<ATStateData> historicAtStates = repository.getATRepository().getMatchingFinalATStates(BTCACCT.CODE_BYTES_HASH,
-				isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
-				null, null, null);
+		for (SupportedBlockchain blockchain : SupportedBlockchain.values()) {
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(blockchain);
 
-		if (historicAtStates == null)
-			throw new DataException("Couldn't fetch historic trades from repository");
+			CachedOfferInfo cachedInfo = cachedInfoByBlockchain.computeIfAbsent(blockchain.name(), k -> new CachedOfferInfo());
 
-		for (ATStateData historicAtState : historicAtStates) {
-			CrossChainOfferSummary historicOfferSummary = produceSummary(repository, historicAtState, null);
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
 
-			if (!isHistoric.test(historicOfferSummary))
-				continue;
+				List<ATStateData> historicAtStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+					isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
+					null, null, null);
 
-			// Add summary to initial burst
-			historicSummaries.put(historicOfferSummary.getQortalAtAddress(), historicOfferSummary);
+				if (historicAtStates == null)
+					throw new DataException("Couldn't fetch historic trades from repository");
 
-			// Save initial AT mode
-			previousAtModes.put(historicOfferSummary.getQortalAtAddress(), historicOfferSummary.getMode());
+				for (ATStateData historicAtState : historicAtStates) {
+					CrossChainOfferSummary historicOfferSummary = produceSummary(repository, acct, historicAtState, null);
+
+					if (!isHistoric.test(historicOfferSummary))
+						continue;
+
+					// Add summary to initial burst
+					cachedInfo.historicSummaries.put(historicOfferSummary.getQortalAtAddress(), historicOfferSummary);
+
+					// Save initial AT mode
+					cachedInfo.previousAtModes.put(historicOfferSummary.getQortalAtAddress(), historicOfferSummary.getMode());
+				}
+			}
 		}
 	}
 
-	private static CrossChainOfferSummary produceSummary(Repository repository, ATStateData atState, Long timestamp) throws DataException {
-		CrossChainTradeData crossChainTradeData = BTCACCT.populateTradeData(repository, atState);
+	private static CrossChainOfferSummary produceSummary(Repository repository, ACCT acct, ATStateData atState, Long timestamp) throws DataException {
+		CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atState);
 
 		long atStateTimestamp;
 
-		if (crossChainTradeData.mode == BTCACCT.Mode.OFFERING)
+		if (crossChainTradeData.mode == AcctMode.OFFERING)
 			// We want when trade was created, not when it was last updated
 			atStateTimestamp = crossChainTradeData.creationTimestamp;
 		else
@@ -263,11 +339,11 @@ public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
 		return new CrossChainOfferSummary(crossChainTradeData, atStateTimestamp);
 	}
 
-	private static List<CrossChainOfferSummary> produceSummaries(Repository repository, List<ATStateData> atStates, Long timestamp) throws DataException {
+	private static List<CrossChainOfferSummary> produceSummaries(Repository repository, ACCT acct, List<ATStateData> atStates, Long timestamp) throws DataException {
 		List<CrossChainOfferSummary> offerSummaries = new ArrayList<>();
 
 		for (ATStateData atState : atStates)
-			offerSummaries.add(produceSummary(repository, atState, timestamp));
+			offerSummaries.add(produceSummary(repository, acct, atState, timestamp));
 
 		return offerSummaries;
 	}

src/main/java/org/qortal/arbitrary/ArbitraryDataBuildQueueItem.java

@@ -0,0 +1,101 @@
+package org.qortal.arbitrary;
+
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.arbitrary.ArbitraryDataFile.*;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.repository.DataException;
+import org.qortal.utils.NTP;
+
+import java.io.IOException;
+
+public class ArbitraryDataBuildQueueItem extends ArbitraryDataResource {
+
+    private final Long creationTimestamp;
+    private Long buildStartTimestamp = null;
+    private Long buildEndTimestamp = null;
+    private Integer priority = 0;
+    private boolean failed = false;
+
+    private static int HIGH_PRIORITY_THRESHOLD = 5;
+
+    /* The maximum amount of time to spend on a single build */
+    // TODO: interrupt an in-progress build
+    public static long BUILD_TIMEOUT = 60*1000L; // 60 seconds
+    /* The amount of time to remember that a build has failed, to avoid retries */
+    public static long FAILURE_TIMEOUT = 5*60*1000L; // 5 minutes
+
+    public ArbitraryDataBuildQueueItem(String resourceId, ResourceIdType resourceIdType, Service service, String identifier) {
+        super(resourceId, resourceIdType, service, identifier);
+
+        this.creationTimestamp = NTP.getTime();
+    }
+
+    public void prepareForBuild() {
+        this.buildStartTimestamp = NTP.getTime();
+    }
+
+    public void build() throws IOException, DataException, MissingDataException {
+        Long now = NTP.getTime();
+        if (now == null) {
+            this.buildStartTimestamp = null;
+            throw new DataException("NTP time hasn't synced yet");
+        }
+
+        if (this.buildStartTimestamp == null) {
+            this.buildStartTimestamp = now;
+        }
+        ArbitraryDataReader arbitraryDataReader =
+                new ArbitraryDataReader(this.resourceId, this.resourceIdType, this.service, this.identifier);
+
+        try {
+            arbitraryDataReader.loadSynchronously(true);
+        } finally {
+            this.buildEndTimestamp = NTP.getTime();
+        }
+    }
+
+    public boolean isBuilding() {
+        return this.buildStartTimestamp != null;
+    }
+
+    public boolean isQueued() {
+        return this.buildStartTimestamp == null;
+    }
+
+    public boolean hasReachedBuildTimeout(Long now) {
+        if (now == null || this.creationTimestamp == null) {
+            return true;
+        }
+        return now - this.creationTimestamp > BUILD_TIMEOUT;
+    }
+
+    public boolean hasReachedFailureTimeout(Long now) {
+        if (now == null || this.buildStartTimestamp == null) {
+            return true;
+        }
+        return now - this.buildStartTimestamp > FAILURE_TIMEOUT;
+    }
+
+    public Long getBuildStartTimestamp() {
+        return this.buildStartTimestamp;
+    }
+
+    public Integer getPriority() {
+        if (this.priority != null) {
+            return this.priority;
+        }
+        return 0;
+    }
+
+    public void setPriority(Integer priority) {
+        this.priority = priority;
+    }
+
+    public boolean isHighPriority() {
+        return this.priority >= HIGH_PRIORITY_THRESHOLD;
+    }
+
+    public void setFailed(boolean failed) {
+        this.failed = failed;
+    }
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataBuilder.java

@@ -0,0 +1,280 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataCache;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.data.transaction.ArbitraryTransactionData;
+import org.qortal.data.transaction.ArbitraryTransactionData.Method;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.arbitrary.ArbitraryDataFile.ResourceIdType;
+import org.qortal.settings.Settings;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class ArbitraryDataBuilder {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataBuilder.class);
+
+    private final String name;
+    private final Service service;
+    private final String identifier;
+
+    private boolean canRequestMissingFiles;
+
+    private List<ArbitraryTransactionData> transactions;
+    private ArbitraryTransactionData latestPutTransaction;
+    private final List<Path> paths;
+    private byte[] latestSignature;
+    private Path finalPath;
+    private int layerCount;
+
+    public ArbitraryDataBuilder(String name, Service service, String identifier) {
+        this.name = name;
+        this.service = service;
+        this.identifier = identifier;
+        this.paths = new ArrayList<>();
+
+        // By default we can request missing files
+        // Callers can use setCanRequestMissingFiles(false) to prevent it
+        this.canRequestMissingFiles = true;
+    }
+
+    /**
+     * Process transactions, but do not build anything
+     * This is useful for checking the status of a given resource
+     *
+     * @throws DataException
+     * @throws IOException
+     * @throws MissingDataException
+     */
+    public void process() throws DataException, IOException, MissingDataException {
+        this.fetchTransactions();
+        this.validateTransactions();
+        this.processTransactions();
+        this.validatePaths();
+        this.findLatestSignature();
+    }
+
+    /**
+     * Build the latest state of a given resource
+     *
+     * @throws DataException
+     * @throws IOException
+     * @throws MissingDataException
+     */
+    public void build() throws DataException, IOException, MissingDataException {
+        this.process();
+        this.buildLatestState();
+        this.cacheLatestSignature();
+    }
+
+    private void fetchTransactions() throws DataException {
+        try (final Repository repository = RepositoryManager.getRepository()) {
+
+            // Get the most recent PUT
+            ArbitraryTransactionData latestPut = repository.getArbitraryRepository()
+                    .getLatestTransaction(this.name, this.service, Method.PUT, this.identifier);
+            if (latestPut == null) {
+                String message = String.format("Couldn't find PUT transaction for name %s, service %s and identifier %s",
+                        this.name, this.service, this.identifierString());
+                throw new DataException(message);
+            }
+            this.latestPutTransaction = latestPut;
+
+            // Load all transactions since the latest PUT
+            List<ArbitraryTransactionData> transactionDataList = repository.getArbitraryRepository()
+                    .getArbitraryTransactions(this.name, this.service, this.identifier, latestPut.getTimestamp());
+
+            this.transactions = transactionDataList;
+            this.layerCount = transactionDataList.size();
+        }
+    }
+
+    private void validateTransactions() throws DataException {
+        List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+        ArbitraryTransactionData latestPut = this.latestPutTransaction;
+
+        if (latestPut == null) {
+            throw new DataException("Cannot PATCH without existing PUT. Deploy using PUT first.");
+        }
+        if (latestPut.getMethod() != Method.PUT) {
+            throw new DataException("Expected PUT but received PATCH");
+        }
+        if (transactionDataList.size() == 0) {
+            throw new DataException(String.format("No transactions found for name %s, service %s, " +
+                            "identifier: %s, since %d", name, service, this.identifierString(), latestPut.getTimestamp()));
+        }
+
+        // Verify that the signature of the first transaction matches the latest PUT
+        ArbitraryTransactionData firstTransaction = transactionDataList.get(0);
+        if (!Arrays.equals(firstTransaction.getSignature(), latestPut.getSignature())) {
+            throw new DataException("First transaction did not match latest PUT transaction");
+        }
+
+        // Remove the first transaction, as it should be the only PUT
+        transactionDataList.remove(0);
+
+        for (ArbitraryTransactionData transactionData : transactionDataList) {
+            if (transactionData == null) {
+                throw new DataException("Transaction not found");
+            }
+            if (transactionData.getMethod() != Method.PATCH) {
+                throw new DataException("Expected PATCH but received PUT");
+            }
+        }
+    }
+
+    private void processTransactions() throws IOException, DataException, MissingDataException {
+        List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+
+        int count = 0;
+        for (ArbitraryTransactionData transactionData : transactionDataList) {
+            LOGGER.trace("Found arbitrary transaction {}", Base58.encode(transactionData.getSignature()));
+            count++;
+
+            // Build the data file, overwriting anything that was previously there
+            String sig58 = Base58.encode(transactionData.getSignature());
+            ArbitraryDataReader arbitraryDataReader = new ArbitraryDataReader(sig58, ResourceIdType.TRANSACTION_DATA,
+                    this.service, this.identifier);
+            arbitraryDataReader.setTransactionData(transactionData);
+            arbitraryDataReader.setCanRequestMissingFiles(this.canRequestMissingFiles);
+            boolean hasMissingData = false;
+            try {
+                arbitraryDataReader.loadSynchronously(true);
+            }
+            catch (MissingDataException e) {
+                hasMissingData = true;
+            }
+
+            // Handle missing data
+            if (hasMissingData) {
+                if (!this.canRequestMissingFiles) {
+                    throw new MissingDataException("Files are missing but were not requested.");
+                }
+                if (count == transactionDataList.size()) {
+                    // This is the final transaction in the list, so we need to fail
+                    throw new MissingDataException("Requesting missing files. Please wait and try again.");
+                }
+                // There are more transactions, so we should process them to give them the opportunity to request data
+                continue;
+            }
+
+            // By this point we should have all data needed to build the layers
+            Path path = arbitraryDataReader.getFilePath();
+            if (path == null) {
+                throw new DataException(String.format("Null path when building data from transaction %s", sig58));
+            }
+            if (!Files.exists(path)) {
+                throw new DataException(String.format("Path doesn't exist when building data from transaction %s", sig58));
+            }
+            paths.add(path);
+        }
+    }
+
+    private void findLatestSignature() throws DataException {
+        if (this.transactions.size() == 0) {
+            throw new DataException("Unable to find latest signature from empty transaction list");
+        }
+
+        // Find the latest signature
+        ArbitraryTransactionData latestTransaction = this.transactions.get(this.transactions.size() - 1);
+        if (latestTransaction == null) {
+            throw new DataException("Unable to find latest signature from null transaction");
+        }
+
+        this.latestSignature = latestTransaction.getSignature();
+    }
+
+    private void validatePaths() throws DataException {
+        if (this.paths.isEmpty()) {
+            throw new DataException("No paths available from which to build latest state");
+        }
+    }
+
+    private void buildLatestState() throws IOException, DataException {
+        if (this.paths.size() == 1) {
+            // No patching needed
+            this.finalPath = this.paths.get(0);
+            return;
+        }
+
+        Path pathBefore = this.paths.get(0);
+        boolean validateAllLayers = Settings.getInstance().shouldValidateAllDataLayers();
+
+        // Loop from the second path onwards
+        for (int i=1; i<paths.size(); i++) {
+            String identifierPrefix = this.identifier != null ? String.format("[%s]", this.identifier) : "";
+            LOGGER.debug(String.format("[%s][%s]%s Applying layer %d...", this.service, this.name, identifierPrefix, i));
+
+            // Create an instance of ArbitraryDataCombiner
+            Path pathAfter = this.paths.get(i);
+            byte[] signatureBefore = this.transactions.get(i-1).getSignature();
+            ArbitraryDataCombiner combiner = new ArbitraryDataCombiner(pathBefore, pathAfter, signatureBefore);
+
+            // We only want to validate this layer's hash if it's the final layer, or if the settings
+            // indicate that we should validate interim layers too
+            boolean isFinalLayer = (i == paths.size() - 1);
+            combiner.setShouldValidateHashes(isFinalLayer || validateAllLayers);
+
+            // Now combine this layer with the last, and set the output path to the "before" path for the next cycle
+            combiner.combine();
+            combiner.cleanup();
+            pathBefore = combiner.getFinalPath();
+        }
+        this.finalPath = pathBefore;
+    }
+
+    private void cacheLatestSignature() throws IOException, DataException {
+        byte[] latestTransactionSignature = this.transactions.get(this.transactions.size()-1).getSignature();
+        if (latestTransactionSignature == null) {
+            throw new DataException("Missing latest transaction signature");
+        }
+        Long now = NTP.getTime();
+        if (now == null) {
+            throw new DataException("NTP time not synced yet");
+        }
+
+        ArbitraryDataMetadataCache cache = new ArbitraryDataMetadataCache(this.finalPath);
+        cache.setSignature(latestTransactionSignature);
+        cache.setTimestamp(NTP.getTime());
+        cache.write();
+    }
+
+    private String identifierString() {
+        return identifier != null ? identifier : "";
+    }
+
+    public Path getFinalPath() {
+        return this.finalPath;
+    }
+
+    public byte[] getLatestSignature() {
+        return this.latestSignature;
+    }
+
+    public int getLayerCount() {
+        return this.layerCount;
+    }
+
+    /**
+     * Use the below setter to ensure that we only read existing
+     * data without requesting any missing files,
+     *
+     * @param canRequestMissingFiles
+     */
+    public void setCanRequestMissingFiles(boolean canRequestMissingFiles) {
+        this.canRequestMissingFiles = canRequestMissingFiles;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataCache.java

@@ -0,0 +1,162 @@
+package org.qortal.arbitrary;
+
+import org.qortal.arbitrary.ArbitraryDataFile.*;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataCache;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.controller.arbitrary.ArbitraryDataManager;
+import org.qortal.data.transaction.ArbitraryTransactionData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.FilesystemUtils;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Arrays;
+
+public class ArbitraryDataCache {
+
+    private final boolean overwrite;
+    private final Path filePath;
+    private final String resourceId;
+    private final ResourceIdType resourceIdType;
+    private final Service service;
+    private final String identifier;
+
+    public ArbitraryDataCache(Path filePath, boolean overwrite, String resourceId,
+                              ResourceIdType resourceIdType, Service service, String identifier) {
+        this.filePath = filePath;
+        this.overwrite = overwrite;
+        this.resourceId = resourceId;
+        this.resourceIdType = resourceIdType;
+        this.service = service;
+        this.identifier = identifier;
+    }
+
+    public boolean isCachedDataAvailable() {
+        return !this.shouldInvalidate();
+    }
+
+    public boolean shouldInvalidate() {
+        try {
+            // If the user has requested an overwrite, always invalidate the cache
+            if (this.overwrite) {
+                return true;
+            }
+
+            // Overwrite is false, but we still need to invalidate if no files exist
+            if (!Files.exists(this.filePath) || FilesystemUtils.isDirectoryEmpty(this.filePath)) {
+                return true;
+            }
+
+            // We might want to overwrite anyway, if an updated version is available
+            if (this.shouldInvalidateResource()) {
+                return true;
+            }
+
+        } catch (IOException e) {
+            // Something went wrong, so invalidate the cache just in case
+            return true;
+        }
+
+        // No need to invalidate the cache
+        // Remember that it's up to date, so that we won't check again for a while
+        ArbitraryDataManager.getInstance().addResourceToCache(this.getArbitraryDataResource());
+
+        return false;
+    }
+
+    private boolean shouldInvalidateResource() {
+        switch (this.resourceIdType) {
+
+            case NAME:
+                return this.shouldInvalidateName();
+
+            default:
+                // Other resource ID types remain constant, so no need to invalidate
+                return false;
+        }
+    }
+
+    private boolean shouldInvalidateName() {
+        // To avoid spamming the database too often, we shouldn't check sigs or invalidate when rate limited
+        if (this.rateLimitInEffect()) {
+            return false;
+        }
+
+        // If the state's sig doesn't match the latest transaction's sig, we need to invalidate
+        // This means that an updated layer is available
+        return this.shouldInvalidateDueToSignatureMismatch();
+    }
+
+    /**
+     * rateLimitInEffect()
+     *
+     * When loading a website, we need to check the cache for every static asset loaded by the page.
+     * This would involve asking the database for the latest transaction every time.
+     * To reduce database load and page load times, we maintain an in-memory list to "rate limit" lookups.
+     * Once a resource ID is in this in-memory list, we will avoid cache invalidations until it
+     * has been present in the list for a certain amount of time.
+     * Items are automatically removed from the list when a new arbitrary transaction arrives, so this
+     * should not prevent updates from taking effect immediately.
+     *
+     * @return whether to avoid lookups for this resource due to the in-memory cache
+     */
+    private boolean rateLimitInEffect() {
+        return ArbitraryDataManager.getInstance().isResourceCached(this.getArbitraryDataResource());
+    }
+
+    private boolean shouldInvalidateDueToSignatureMismatch() {
+
+        // Fetch the latest transaction for this name and service
+        byte[] latestTransactionSig = this.fetchLatestTransactionSignature();
+
+        // Now fetch the transaction signature stored in the cache metadata
+        byte[] cachedSig = this.fetchCachedSignature();
+
+        // If either are null, we should invalidate
+        if (latestTransactionSig == null || cachedSig == null) {
+            return true;
+        }
+
+        // Check if they match
+        return !Arrays.equals(latestTransactionSig, cachedSig);
+    }
+
+    private byte[] fetchLatestTransactionSignature() {
+        try (final Repository repository = RepositoryManager.getRepository()) {
+
+            // Find latest transaction for name and service, with any method
+            ArbitraryTransactionData latestTransaction = repository.getArbitraryRepository()
+                    .getLatestTransaction(this.resourceId, this.service, null, this.identifier);
+
+            if (latestTransaction != null) {
+                return latestTransaction.getSignature();
+            }
+
+        } catch (DataException e) {
+            return null;
+        }
+
+        return null;
+    }
+
+    private byte[] fetchCachedSignature() {
+        try {
+            // Fetch the transaction signature stored in the cache metadata
+            ArbitraryDataMetadataCache cache = new ArbitraryDataMetadataCache(this.filePath);
+            cache.read();
+            return cache.getSignature();
+
+        } catch (IOException | DataException e) {
+            return null;
+        }
+    }
+
+    private ArbitraryDataResource getArbitraryDataResource() {
+        // TODO: pass an ArbitraryDataResource into the constructor, rather than individual components
+        return new ArbitraryDataResource(this.resourceId, this.resourceIdType, this.service, this.identifier);
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataCombiner.java

@@ -0,0 +1,170 @@
+package org.qortal.arbitrary;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataPatch;
+import org.qortal.repository.DataException;
+import org.qortal.settings.Settings;
+import org.qortal.utils.Base58;
+import org.qortal.utils.FilesystemUtils;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.nio.file.DirectoryNotEmptyException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Arrays;
+
+public class ArbitraryDataCombiner {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataCombiner.class);
+
+    private final Path pathBefore;
+    private final Path pathAfter;
+    private final byte[] signatureBefore;
+    private boolean shouldValidateHashes;
+    private Path finalPath;
+    private ArbitraryDataMetadataPatch metadata;
+
+    public ArbitraryDataCombiner(Path pathBefore, Path pathAfter, byte[] signatureBefore) {
+        this.pathBefore = pathBefore;
+        this.pathAfter = pathAfter;
+        this.signatureBefore = signatureBefore;
+    }
+
+    public void combine() throws IOException, DataException {
+        try {
+            this.preExecute();
+            this.readMetadata();
+            this.validatePreviousSignature();
+            this.validatePreviousHash();
+            this.process();
+            this.validateCurrentHash();
+
+        } finally {
+            this.postExecute();
+        }
+    }
+
+    public void cleanup() {
+        this.cleanupPath(this.pathBefore);
+        this.cleanupPath(this.pathAfter);
+    }
+
+    private void cleanupPath(Path path) {
+        // Delete pathBefore, if it exists in our data/temp directory
+        if (FilesystemUtils.pathInsideDataOrTempPath(path)) {
+            File directory = new File(path.toString());
+            try {
+                FileUtils.deleteDirectory(directory);
+            } catch (IOException e) {
+                // This will eventually be cleaned up by a maintenance process, so log the error and continue
+                LOGGER.debug("Unable to cleanup directory {}", directory.toString());
+            }
+        }
+
+        // Delete the parent directory of pathBefore if it is empty (and exists in our data/temp directory)
+        Path parentDirectory = path.getParent();
+        if (FilesystemUtils.pathInsideDataOrTempPath(parentDirectory)) {
+            try {
+                Files.deleteIfExists(parentDirectory);
+            } catch (DirectoryNotEmptyException e) {
+                // No need to log anything
+            } catch (IOException e) {
+                // This will eventually be cleaned up by a maintenance process, so log the error and continue
+                LOGGER.debug("Unable to cleanup parent directory {}", parentDirectory.toString());
+            }
+        }
+    }
+
+    private void preExecute() throws DataException {
+        if (this.pathBefore == null || this.pathAfter == null) {
+            throw new DataException("No paths available to build patch");
+        }
+        if (!Files.exists(this.pathBefore) || !Files.exists(this.pathAfter)) {
+            throw new DataException("Unable to create patch because at least one path doesn't exist");
+        }
+    }
+
+    private void postExecute() {
+
+    }
+
+    private void readMetadata() throws IOException, DataException {
+        this.metadata = new ArbitraryDataMetadataPatch(this.pathAfter);
+        this.metadata.read();
+    }
+
+    private void validatePreviousSignature() throws DataException {
+        if (this.signatureBefore == null) {
+            throw new DataException("No previous signature passed to the combiner");
+        }
+
+        byte[] previousSignature = this.metadata.getPreviousSignature();
+        if (previousSignature == null) {
+            throw new DataException("Unable to extract previous signature from patch metadata");
+        }
+
+        // Compare the signatures
+        if (!Arrays.equals(previousSignature, this.signatureBefore)) {
+            throw new DataException("Previous signatures do not match - transactions out of order?");
+        }
+    }
+
+    private void validatePreviousHash() throws IOException, DataException {
+        if (!Settings.getInstance().shouldValidateAllDataLayers()) {
+            return;
+        }
+
+        byte[] previousHash = this.metadata.getPreviousHash();
+        if (previousHash == null) {
+            throw new DataException("Unable to extract previous hash from patch metadata");
+        }
+
+        ArbitraryDataDigest digest = new ArbitraryDataDigest(this.pathBefore);
+        digest.compute();
+        boolean valid = digest.isHashValid(previousHash);
+        if (!valid) {
+            String previousHash58 = Base58.encode(previousHash);
+            throw new InvalidObjectException(String.format("Previous state hash mismatch. " +
+                    "Patch prevHash: %s, actual: %s", previousHash58, digest.getHash58()));
+        }
+    }
+
+    private void process() throws IOException, DataException {
+        ArbitraryDataMerge merge = new ArbitraryDataMerge(this.pathBefore, this.pathAfter);
+        merge.compute();
+        this.finalPath = merge.getMergePath();
+    }
+
+    private void validateCurrentHash() throws IOException, DataException {
+        if (!this.shouldValidateHashes) {
+            return;
+        }
+
+        byte[] currentHash = this.metadata.getCurrentHash();
+        if (currentHash == null) {
+            throw new DataException("Unable to extract current hash from patch metadata");
+        }
+
+        ArbitraryDataDigest digest = new ArbitraryDataDigest(this.finalPath);
+        digest.compute();
+        boolean valid = digest.isHashValid(currentHash);
+        if (!valid) {
+            String currentHash58 = Base58.encode(currentHash);
+            throw new InvalidObjectException(String.format("Current state hash mismatch. " +
+                    "Patch curHash: %s, actual: %s", currentHash58, digest.getHash58()));
+        }
+	}
+
+    public void setShouldValidateHashes(boolean shouldValidateHashes) {
+        this.shouldValidateHashes = shouldValidateHashes;
+    }
+
+    public Path getFinalPath() {
+        return this.finalPath;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataCreatePatch.java

@@ -0,0 +1,141 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataPatch;
+import org.qortal.repository.DataException;
+import org.qortal.settings.Settings;
+import org.qortal.utils.FilesystemUtils;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.UUID;
+
+public class ArbitraryDataCreatePatch {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataCreatePatch.class);
+
+    private final Path pathBefore;
+    private Path pathAfter;
+    private final byte[] previousSignature;
+
+    private Path finalPath;
+    private int totalFileCount;
+    private int fileDifferencesCount;
+    private ArbitraryDataMetadataPatch metadata;
+
+    private Path workingPath;
+    private String identifier;
+
+    public ArbitraryDataCreatePatch(Path pathBefore, Path pathAfter, byte[] previousSignature) {
+        this.pathBefore = pathBefore;
+        this.pathAfter = pathAfter;
+        this.previousSignature = previousSignature;
+    }
+
+    public void create() throws DataException, IOException {
+        try {
+            this.preExecute();
+            this.copyFiles();
+            this.process();
+
+        } catch (Exception e) {
+            this.cleanupOnFailure();
+            throw e;
+
+        } finally {
+            this.postExecute();
+        }
+    }
+
+    private void preExecute() throws DataException {
+        if (this.pathBefore == null || this.pathAfter == null) {
+            throw new DataException("No paths available to build patch");
+        }
+        if (!Files.exists(this.pathBefore) || !Files.exists(this.pathAfter)) {
+            throw new DataException("Unable to create patch because at least one path doesn't exist");
+        }
+
+        this.createRandomIdentifier();
+        this.createWorkingDirectory();
+    }
+
+    private void postExecute() {
+        this.cleanupWorkingPath();
+    }
+
+    private void cleanupWorkingPath() {
+        try {
+            FilesystemUtils.safeDeleteDirectory(this.workingPath, true);
+        } catch (IOException e) {
+            LOGGER.debug("Unable to cleanup working directory");
+        }
+    }
+
+    private void cleanupOnFailure() {
+        try {
+            FilesystemUtils.safeDeleteDirectory(this.finalPath, true);
+        } catch (IOException e) {
+            LOGGER.debug("Unable to cleanup diff directory on failure");
+        }
+    }
+
+    private void createRandomIdentifier() {
+        this.identifier = UUID.randomUUID().toString();
+    }
+
+    private void createWorkingDirectory() throws DataException {
+        // Use the user-specified temp dir, as it is deterministic, and is more likely to be located on reusable storage hardware
+        String baseDir = Settings.getInstance().getTempDataPath();
+        Path tempDir = Paths.get(baseDir, "patch", this.identifier);
+        try {
+            Files.createDirectories(tempDir);
+        } catch (IOException e) {
+            throw new DataException("Unable to create temp directory");
+        }
+        this.workingPath = tempDir;
+    }
+
+    private void copyFiles() throws IOException {
+        // When dealing with single files, we need to copy them to a container directory
+        // in order for the structure to align with the previous revision and therefore
+        // make comparisons possible.
+
+        if (this.pathAfter.toFile().isFile()) {
+            // Create a "data" directory within the working directory
+            Path workingDataPath = Paths.get(this.workingPath.toString(), "data");
+            Files.createDirectories(workingDataPath);
+            // Copy to temp directory
+            // Filename is currently hardcoded to "data"
+            String filename = "data"; //this.pathAfter.getFileName().toString();
+            Files.copy(this.pathAfter, Paths.get(workingDataPath.toString(), filename));
+            // Update pathAfter to point to the new path
+            this.pathAfter = workingDataPath;
+        }
+    }
+
+    private void process() throws IOException, DataException {
+
+        ArbitraryDataDiff diff = new ArbitraryDataDiff(this.pathBefore, this.pathAfter, this.previousSignature);
+        this.finalPath = diff.getDiffPath();
+        diff.compute();
+
+        this.totalFileCount = diff.getTotalFileCount();
+        this.metadata = diff.getMetadata();
+    }
+
+    public Path getFinalPath() {
+        return this.finalPath;
+    }
+
+    public int getTotalFileCount() {
+        return this.totalFileCount;
+    }
+
+    public ArbitraryDataMetadataPatch getMetadata() {
+        return this.metadata;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataDiff.java

@@ -0,0 +1,383 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.json.JSONObject;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataPatch;
+import org.qortal.arbitrary.patch.UnifiedDiffPatch;
+import org.qortal.crypto.Crypto;
+import org.qortal.repository.DataException;
+import org.qortal.settings.Settings;
+
+import java.io.*;
+import java.nio.file.*;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.*;
+
+
+public class ArbitraryDataDiff {
+
+    /** Only create a patch if both the before and after file sizes are within defined limit **/
+    private static final long MAX_DIFF_FILE_SIZE = 100 * 1024L; // 100kiB
+
+
+    public enum DiffType {
+        COMPLETE_FILE,
+        UNIFIED_DIFF
+    }
+
+    public static class ModifiedPath {
+        private Path path;
+        private DiffType diffType;
+
+        public ModifiedPath(Path path, DiffType diffType) {
+            this.path = path;
+            this.diffType = diffType;
+        }
+
+        public ModifiedPath(JSONObject jsonObject) {
+            String pathString = jsonObject.getString("path");
+            if (pathString != null) {
+                this.path = Paths.get(pathString);
+            }
+
+            String diffTypeString = jsonObject.getString("type");
+            if (diffTypeString != null) {
+                this.diffType = DiffType.valueOf(diffTypeString);
+            }
+        }
+
+        public Path getPath() {
+            return this.path;
+        }
+
+        public DiffType getDiffType() {
+            return this.diffType;
+        }
+
+        public String toString() {
+            return this.path.toString();
+        }
+    }
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataDiff.class);
+
+    private final Path pathBefore;
+    private final Path pathAfter;
+    private final byte[] previousSignature;
+    private byte[] previousHash;
+    private byte[] currentHash;
+    private Path diffPath;
+    private String identifier;
+
+    private final List<Path> addedPaths;
+    private final List<ModifiedPath> modifiedPaths;
+    private final List<Path> removedPaths;
+
+    private int totalFileCount;
+    private ArbitraryDataMetadataPatch metadata;
+
+    public ArbitraryDataDiff(Path pathBefore, Path pathAfter, byte[] previousSignature) throws DataException {
+        this.pathBefore = pathBefore;
+        this.pathAfter = pathAfter;
+        this.previousSignature = previousSignature;
+
+        this.addedPaths = new ArrayList<>();
+        this.modifiedPaths = new ArrayList<>();
+        this.removedPaths = new ArrayList<>();
+
+        this.createRandomIdentifier();
+        this.createOutputDirectory();
+    }
+
+    public void compute() throws IOException, DataException {
+        try {
+            this.preExecute();
+            this.hashPreviousState();
+            this.findAddedOrModifiedFiles();
+            this.findRemovedFiles();
+            this.validate();
+            this.hashCurrentState();
+            this.writeMetadata();
+
+        } finally {
+            this.postExecute();
+        }
+    }
+
+    private void preExecute() {
+        LOGGER.debug("Generating diff...");
+    }
+
+    private void postExecute() {
+
+    }
+
+    private void createRandomIdentifier() {
+        this.identifier = UUID.randomUUID().toString();
+    }
+
+    private void createOutputDirectory() throws DataException {
+        // Use the user-specified temp dir, as it is deterministic, and is more likely to be located on reusable storage hardware
+        String baseDir = Settings.getInstance().getTempDataPath();
+        Path tempDir = Paths.get(baseDir, "diff", this.identifier);
+        try {
+            Files.createDirectories(tempDir);
+        } catch (IOException e) {
+            throw new DataException("Unable to create temp directory");
+        }
+        this.diffPath = tempDir;
+    }
+
+    private void hashPreviousState() throws IOException, DataException {
+        ArbitraryDataDigest digest = new ArbitraryDataDigest(this.pathBefore);
+        digest.compute();
+        this.previousHash = digest.getHash();
+    }
+
+    private void findAddedOrModifiedFiles() throws IOException {
+        try {
+            final Path pathBeforeAbsolute = this.pathBefore.toAbsolutePath();
+            final Path pathAfterAbsolute = this.pathAfter.toAbsolutePath();
+            final Path diffPathAbsolute = this.diffPath.toAbsolutePath();
+            final ArbitraryDataDiff diff = this;
+
+            // Check for additions or modifications
+            Files.walkFileTree(this.pathAfter, new FileVisitor<>() {
+
+                @Override
+                public FileVisitResult preVisitDirectory(Path after, BasicFileAttributes attrs) {
+                    return FileVisitResult.CONTINUE;
+                }
+
+                @Override
+                public FileVisitResult visitFile(Path afterPathAbsolute, BasicFileAttributes attrs) throws IOException {
+                    Path afterPathRelative = pathAfterAbsolute.relativize(afterPathAbsolute.toAbsolutePath());
+                    Path beforePathAbsolute = pathBeforeAbsolute.resolve(afterPathRelative);
+
+                    if (afterPathRelative.startsWith(".qortal")) {
+                        // Ignore the .qortal metadata folder
+                        return FileVisitResult.CONTINUE;
+                    }
+
+                    boolean wasAdded = false;
+                    boolean wasModified = false;
+
+                    if (!Files.exists(beforePathAbsolute)) {
+                        LOGGER.trace("File was added: {}", afterPathRelative.toString());
+                        diff.addedPaths.add(afterPathRelative);
+                        wasAdded = true;
+                    }
+                    else if (Files.size(afterPathAbsolute) != Files.size(beforePathAbsolute)) {
+                        // Check file size first because it's quicker
+                        LOGGER.trace("File size was modified: {}", afterPathRelative.toString());
+                        wasModified = true;
+                    }
+                    else if (!Arrays.equals(ArbitraryDataDiff.digestFromPath(afterPathAbsolute), ArbitraryDataDiff.digestFromPath(beforePathAbsolute))) {
+                        // Check hashes as a last resort
+                        LOGGER.trace("File contents were modified: {}", afterPathRelative.toString());
+                        wasModified = true;
+                    }
+
+                    if (wasAdded) {
+                        diff.copyFilePathToBaseDir(afterPathAbsolute, diffPathAbsolute, afterPathRelative);
+                    }
+                    if (wasModified) {
+                        try {
+                            diff.pathModified(beforePathAbsolute, afterPathAbsolute, afterPathRelative, diffPathAbsolute);
+                        } catch (DataException e) {
+                            // We can only throw IOExceptions because we are overriding FileVisitor.visitFile()
+                            throw new IOException(e);
+                        }
+                    }
+
+                    // Keep a tally of the total number of files to help with decision making
+                    diff.totalFileCount++;
+
+                    return FileVisitResult.CONTINUE;
+                }
+
+                @Override
+                public FileVisitResult visitFileFailed(Path file, IOException e){
+                    LOGGER.info("File visit failed: {}, error: {}", file.toString(), e.getMessage());
+                    // TODO: throw exception?
+                    return FileVisitResult.TERMINATE;
+                }
+
+                @Override
+                public FileVisitResult postVisitDirectory(Path dir, IOException e) {
+                    return FileVisitResult.CONTINUE;
+                }
+
+            });
+        } catch (IOException e) {
+            LOGGER.info("IOException when walking through file tree: {}", e.getMessage());
+            throw(e);
+        }
+    }
+
+    private void findRemovedFiles() throws IOException {
+        try {
+            final Path pathBeforeAbsolute = this.pathBefore.toAbsolutePath();
+            final Path pathAfterAbsolute = this.pathAfter.toAbsolutePath();
+            final ArbitraryDataDiff diff = this;
+
+            // Check for removals
+            Files.walkFileTree(this.pathBefore, new FileVisitor<>() {
+
+                @Override
+                public FileVisitResult preVisitDirectory(Path before, BasicFileAttributes attrs) {
+                    Path directoryPathBefore = pathBeforeAbsolute.relativize(before.toAbsolutePath());
+                    Path directoryPathAfter = pathAfterAbsolute.resolve(directoryPathBefore);
+
+                    if (directoryPathBefore.startsWith(".qortal")) {
+                        // Ignore the .qortal metadata folder
+                        return FileVisitResult.CONTINUE;
+                    }
+
+                    if (!Files.exists(directoryPathAfter)) {
+                        LOGGER.trace("Directory was removed: {}", directoryPathAfter.toString());
+                        diff.removedPaths.add(directoryPathBefore);
+                        // TODO: we might need to mark directories differently to files
+                    }
+
+                    return FileVisitResult.CONTINUE;
+                }
+
+                @Override
+                public FileVisitResult visitFile(Path before, BasicFileAttributes attrs) {
+                    Path filePathBefore = pathBeforeAbsolute.relativize(before.toAbsolutePath());
+                    Path filePathAfter = pathAfterAbsolute.resolve(filePathBefore);
+
+                    if (filePathBefore.startsWith(".qortal")) {
+                        // Ignore the .qortal metadata folder
+                        return FileVisitResult.CONTINUE;
+                    }
+
+                    if (!Files.exists(filePathAfter)) {
+                        LOGGER.trace("File was removed: {}", filePathBefore.toString());
+                        diff.removedPaths.add(filePathBefore);
+                    }
+
+                    // Keep a tally of the total number of files to help with decision making
+                    diff.totalFileCount++;
+
+                    return FileVisitResult.CONTINUE;
+                }
+
+                @Override
+                public FileVisitResult visitFileFailed(Path file, IOException e){
+                    LOGGER.info("File visit failed: {}, error: {}", file.toString(), e.getMessage());
+                    // TODO: throw exception?
+                    return FileVisitResult.TERMINATE;
+                }
+
+                @Override
+                public FileVisitResult postVisitDirectory(Path dir, IOException e) {
+                    return FileVisitResult.CONTINUE;
+                }
+
+            });
+        } catch (IOException e) {
+            throw new IOException(String.format("IOException when walking through file tree: %s", e.getMessage()));
+        }
+    }
+
+    private void validate() throws DataException {
+        if (this.addedPaths.isEmpty() && this.modifiedPaths.isEmpty() && this.removedPaths.isEmpty()) {
+            throw new DataException("Current state matches previous state. Nothing to do.");
+        }
+    }
+
+    private void hashCurrentState() throws IOException, DataException {
+        ArbitraryDataDigest digest = new ArbitraryDataDigest(this.pathAfter);
+        digest.compute();
+        this.currentHash = digest.getHash();
+    }
+
+    private void writeMetadata() throws IOException, DataException {
+        ArbitraryDataMetadataPatch metadata = new ArbitraryDataMetadataPatch(this.diffPath);
+        metadata.setAddedPaths(this.addedPaths);
+        metadata.setModifiedPaths(this.modifiedPaths);
+        metadata.setRemovedPaths(this.removedPaths);
+        metadata.setPreviousSignature(this.previousSignature);
+        metadata.setPreviousHash(this.previousHash);
+        metadata.setCurrentHash(this.currentHash);
+        metadata.write();
+        this.metadata = metadata;
+    }
+
+
+    private void pathModified(Path beforePathAbsolute, Path afterPathAbsolute, Path afterPathRelative,
+                              Path destinationBasePathAbsolute) throws IOException, DataException {
+
+        Path destination = Paths.get(destinationBasePathAbsolute.toString(), afterPathRelative.toString());
+        long beforeSize = Files.size(beforePathAbsolute);
+        long afterSize = Files.size(afterPathAbsolute);
+        DiffType diffType;
+
+        if (beforeSize > MAX_DIFF_FILE_SIZE || afterSize > MAX_DIFF_FILE_SIZE) {
+            // Files are large, so don't attempt a diff
+            this.copyFilePathToBaseDir(afterPathAbsolute, destinationBasePathAbsolute, afterPathRelative);
+            diffType = DiffType.COMPLETE_FILE;
+        }
+        else {
+            // Attempt to create patch using java-diff-utils
+            UnifiedDiffPatch unifiedDiffPatch = new UnifiedDiffPatch(beforePathAbsolute, afterPathAbsolute, destination);
+            unifiedDiffPatch.create();
+            if (unifiedDiffPatch.isValid()) {
+                diffType = DiffType.UNIFIED_DIFF;
+            }
+            else {
+                // Diff failed validation, so copy the whole file instead
+                this.copyFilePathToBaseDir(afterPathAbsolute, destinationBasePathAbsolute, afterPathRelative);
+                diffType = DiffType.COMPLETE_FILE;
+            }
+        }
+
+        ModifiedPath modifiedPath = new ModifiedPath(afterPathRelative, diffType);
+        this.modifiedPaths.add(modifiedPath);
+    }
+
+    private void copyFilePathToBaseDir(Path source, Path base, Path relativePath) throws IOException {
+        if (!Files.exists(source)) {
+            throw new IOException(String.format("File not found: %s", source.toString()));
+        }
+
+        // Ensure parent folders exist in the destination
+        Path dest = Paths.get(base.toString(), relativePath.toString());
+        File file = new File(dest.toString());
+        File parent = file.getParentFile();
+        if (parent != null) {
+            parent.mkdirs();
+        }
+
+        LOGGER.trace("Copying {} to {}", source, dest);
+        Files.copy(source, dest, StandardCopyOption.REPLACE_EXISTING);
+    }
+    
+
+    public Path getDiffPath() {
+        return this.diffPath;
+    }
+
+    public int getTotalFileCount() {
+        return this.totalFileCount;
+    }
+
+    public ArbitraryDataMetadataPatch getMetadata() {
+        return this.metadata;
+    }
+
+
+    // Utils
+
+    private static byte[] digestFromPath(Path path) {
+        try {
+            return Crypto.digest(path.toFile());
+        } catch (IOException e) {
+            return null;
+        }
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataDigest.java

@@ -0,0 +1,73 @@
+package org.qortal.arbitrary;
+
+import org.qortal.repository.DataException;
+import org.qortal.utils.Base58;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class ArbitraryDataDigest {
+
+    private final Path path;
+    private byte[] hash;
+
+    public ArbitraryDataDigest(Path path) {
+        this.path = path;
+    }
+
+    public void compute() throws IOException, DataException {
+        List<Path> allPaths = Files.walk(path).filter(Files::isRegularFile).sorted().collect(Collectors.toList());
+        Path basePathAbsolute = this.path.toAbsolutePath();
+
+        MessageDigest sha256;
+        try {
+            sha256 = MessageDigest.getInstance("SHA-256");
+        } catch (NoSuchAlgorithmException e) {
+            throw new DataException("SHA-256 hashing algorithm unavailable");
+        }
+
+        for (Path path : allPaths) {
+            // We need to work with paths relative to the base path, to ensure the same hash
+            // is generated on different systems
+            Path relativePath = basePathAbsolute.relativize(path.toAbsolutePath());
+
+            // Exclude Qortal folder since it can be different each time
+            // We only care about hashing the actual user data
+            if (relativePath.startsWith(".qortal/")) {
+                continue;
+            }
+
+            // Hash path
+            byte[] filePathBytes = relativePath.toString().getBytes(StandardCharsets.UTF_8);
+            sha256.update(filePathBytes);
+
+            // Hash contents
+            byte[] fileContent = Files.readAllBytes(path);
+            sha256.update(fileContent);
+        }
+        this.hash = sha256.digest();
+    }
+
+    public boolean isHashValid(byte[] hash) {
+        return Arrays.equals(hash, this.hash);
+    }
+
+    public byte[] getHash() {
+        return this.hash;
+    }
+
+    public String getHash58() {
+        if (this.hash == null) {
+            return null;
+        }
+        return Base58.encode(this.hash);
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataFile.java

@@ -0,0 +1,793 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.metadata.ArbitraryDataTransactionMetadata;
+import org.qortal.crypto.Crypto;
+import org.qortal.repository.DataException;
+import org.qortal.settings.Settings;
+import org.qortal.utils.Base58;
+import org.qortal.utils.FilesystemUtils;
+
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+import java.util.*;
+import java.util.stream.Stream;
+
+import static java.util.Arrays.stream;
+import static java.util.stream.Collectors.toMap;
+
+
+public class ArbitraryDataFile {
+
+    // Validation results
+    public enum ValidationResult {
+        OK(1),
+        FILE_TOO_LARGE(10),
+        FILE_NOT_FOUND(11);
+
+        public final int value;
+
+        private static final Map<Integer, ArbitraryDataFile.ValidationResult> map = stream(ArbitraryDataFile.ValidationResult.values()).collect(toMap(result -> result.value, result -> result));
+
+        ValidationResult(int value) {
+            this.value = value;
+        }
+
+        public static ArbitraryDataFile.ValidationResult valueOf(int value) {
+            return map.get(value);
+        }
+    }
+
+    // Resource ID types
+    public enum ResourceIdType {
+        SIGNATURE,
+        FILE_HASH,
+        TRANSACTION_DATA,
+        NAME
+    }
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataFile.class);
+
+    public static final long MAX_FILE_SIZE = 500 * 1024 * 1024; // 500MiB
+    public static final int CHUNK_SIZE = 1 * 1024 * 1024; // 1MiB
+    public static int SHORT_DIGEST_LENGTH = 8;
+
+    protected Path filePath;
+    protected String hash58;
+    protected byte[] signature;
+    private ArrayList<ArbitraryDataFileChunk> chunks;
+    private byte[] secret;
+
+    // Metadata
+    private byte[] metadataHash;
+    private ArbitraryDataFile metadataFile;
+    private ArbitraryDataTransactionMetadata metadata;
+
+
+    public ArbitraryDataFile() {
+    }
+
+    public ArbitraryDataFile(String hash58, byte[] signature) throws DataException {
+        this.createDataDirectory();
+        this.filePath = ArbitraryDataFile.getOutputFilePath(hash58, signature, false);
+        this.chunks = new ArrayList<>();
+        this.hash58 = hash58;
+        this.signature = signature;
+    }
+
+    public ArbitraryDataFile(byte[] fileContent, byte[] signature) throws DataException {
+        if (fileContent == null) {
+            LOGGER.error("fileContent is null");
+            return;
+        }
+
+        this.hash58 = Base58.encode(Crypto.digest(fileContent));
+        this.signature = signature;
+        LOGGER.trace(String.format("File digest: %s, size: %d bytes", this.hash58, fileContent.length));
+
+        Path outputFilePath = getOutputFilePath(this.hash58, signature, true);
+        File outputFile = outputFilePath.toFile();
+        try (FileOutputStream outputStream = new FileOutputStream(outputFile)) {
+            outputStream.write(fileContent);
+            this.filePath = outputFilePath;
+            // Verify hash
+            if (!this.hash58.equals(this.digest58())) {
+                LOGGER.error("Hash {} does not match file digest {}", this.hash58, this.digest58());
+                this.delete();
+                throw new DataException("Data file digest validation failed");
+            }
+        } catch (IOException e) {
+            throw new DataException("Unable to write data to file");
+        }
+    }
+
+    public static ArbitraryDataFile fromHash58(String hash58, byte[] signature) throws DataException {
+        return new ArbitraryDataFile(hash58, signature);
+    }
+
+    public static ArbitraryDataFile fromHash(byte[] hash, byte[] signature) throws DataException {
+        return ArbitraryDataFile.fromHash58(Base58.encode(hash), signature);
+    }
+
+    public static ArbitraryDataFile fromPath(Path path, byte[] signature) {
+        if (path == null) {
+            return null;
+        }
+        File file = path.toFile();
+        if (file.exists()) {
+            try {
+                byte[] digest = Crypto.digest(file);
+                ArbitraryDataFile arbitraryDataFile = ArbitraryDataFile.fromHash(digest, signature);
+
+                // Copy file to data directory if needed
+                if (Files.exists(path) && !arbitraryDataFile.isInBaseDirectory(path)) {
+                    arbitraryDataFile.copyToDataDirectory(path, signature);
+                }
+                // Or, if it's already in the data directory, we may need to move it
+                else if (!path.equals(arbitraryDataFile.getFilePath())) {
+                    // Wrong path, so relocate (but don't cleanup, as the source folder may still be needed by the caller)
+                    Path dest = arbitraryDataFile.getFilePath();
+                    FilesystemUtils.moveFile(path, dest, false);
+                }
+                return arbitraryDataFile;
+
+            } catch (IOException | DataException e) {
+                LOGGER.error("Couldn't compute digest for ArbitraryDataFile");
+            }
+        }
+        return null;
+    }
+
+    public static ArbitraryDataFile fromFile(File file, byte[] signature) {
+        return ArbitraryDataFile.fromPath(Paths.get(file.getPath()), signature);
+    }
+
+    private boolean createDataDirectory() {
+        // Create the data directory if it doesn't exist
+        String dataPath = Settings.getInstance().getDataPath();
+        Path dataDirectory = Paths.get(dataPath);
+        try {
+            Files.createDirectories(dataDirectory);
+        } catch (IOException e) {
+            LOGGER.error("Unable to create data directory");
+            return false;
+        }
+        return true;
+    }
+
+    private Path copyToDataDirectory(Path sourcePath, byte[] signature) throws DataException {
+        if (this.hash58 == null || this.filePath == null) {
+            return null;
+        }
+        Path outputFilePath = getOutputFilePath(this.hash58, signature, true);
+        sourcePath = sourcePath.toAbsolutePath();
+        Path destPath = outputFilePath.toAbsolutePath();
+        try {
+            return Files.copy(sourcePath, destPath, StandardCopyOption.REPLACE_EXISTING);
+        } catch (IOException e) {
+            throw new DataException(String.format("Unable to copy file %s to data directory %s", sourcePath, destPath));
+        }
+    }
+
+    public static Path getOutputFilePath(String hash58, byte[] signature, boolean createDirectories) throws DataException {
+        Path directory;
+
+        if (hash58 == null) {
+            return null;
+        }
+        if (signature != null) {
+            // Key by signature
+            String signature58 = Base58.encode(signature);
+            String sig58First2Chars = signature58.substring(0, 2).toLowerCase();
+            String sig58Next2Chars = signature58.substring(2, 4).toLowerCase();
+            directory = Paths.get(Settings.getInstance().getDataPath(), sig58First2Chars, sig58Next2Chars, signature58);
+        }
+        else {
+            // Put files without signatures in a "_misc" directory, and the files will be relocated later
+            String hash58First2Chars = hash58.substring(0, 2).toLowerCase();
+            String hash58Next2Chars = hash58.substring(2, 4).toLowerCase();
+            directory = Paths.get(Settings.getInstance().getDataPath(), "_misc", hash58First2Chars, hash58Next2Chars);
+        }
+
+        if (createDirectories) {
+            try {
+                Files.createDirectories(directory);
+            } catch (IOException e) {
+                throw new DataException("Unable to create data subdirectory");
+            }
+        }
+        return Paths.get(directory.toString(), hash58);
+    }
+
+    public ValidationResult isValid() {
+        try {
+            // Ensure the file exists on disk
+            if (!Files.exists(this.filePath)) {
+                LOGGER.error("File doesn't exist at path {}", this.filePath);
+                return ValidationResult.FILE_NOT_FOUND;
+            }
+
+            // Validate the file size
+            long fileSize = Files.size(this.filePath);
+            if (fileSize > MAX_FILE_SIZE) {
+                LOGGER.error(String.format("ArbitraryDataFile is too large: %d bytes (max size: %d bytes)", fileSize, MAX_FILE_SIZE));
+                return ArbitraryDataFile.ValidationResult.FILE_TOO_LARGE;
+            }
+
+        } catch (IOException e) {
+            return ValidationResult.FILE_NOT_FOUND;
+        }
+
+        return ValidationResult.OK;
+    }
+
+    public void validateFileSize(long expectedSize) throws DataException {
+        // Verify that we can determine the file's size
+        long fileSize = 0;
+        try {
+            fileSize = Files.size(this.getFilePath());
+        } catch (IOException e) {
+            throw new DataException(String.format("Couldn't get file size for transaction %s", Base58.encode(signature)));
+        }
+
+        // Ensure the file's size matches the size reported by the transaction
+        if (fileSize != expectedSize) {
+            throw new DataException(String.format("File size mismatch for transaction %s", Base58.encode(signature)));
+        }
+    }
+
+    private void addChunk(ArbitraryDataFileChunk chunk) {
+        this.chunks.add(chunk);
+    }
+
+    private void addChunkHashes(List<byte[]> chunkHashes) throws DataException {
+        if (chunkHashes == null || chunkHashes.isEmpty()) {
+            return;
+        }
+        for (byte[] chunkHash : chunkHashes) {
+            ArbitraryDataFileChunk chunk = ArbitraryDataFileChunk.fromHash(chunkHash, this.signature);
+            this.addChunk(chunk);
+        }
+    }
+
+    public List<byte[]> getChunkHashes() {
+        List<byte[]> hashes = new ArrayList<>();
+        if (this.chunks == null || this.chunks.isEmpty()) {
+            return hashes;
+        }
+
+        for (ArbitraryDataFileChunk chunkData : this.chunks) {
+            hashes.add(chunkData.getHash());
+        }
+
+        return hashes;
+    }
+
+    public int split(int chunkSize) throws DataException {
+        try {
+
+            File file = this.getFile();
+            byte[] buffer = new byte[chunkSize];
+            this.chunks = new ArrayList<>();
+
+            if (file != null) {
+                try (FileInputStream fileInputStream = new FileInputStream(file);
+                     BufferedInputStream bis = new BufferedInputStream(fileInputStream)) {
+
+                    int numberOfBytes;
+                    while ((numberOfBytes = bis.read(buffer)) > 0) {
+                        try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
+                            out.write(buffer, 0, numberOfBytes);
+                            out.flush();
+
+                            ArbitraryDataFileChunk chunk = new ArbitraryDataFileChunk(out.toByteArray(), this.signature);
+                            ValidationResult validationResult = chunk.isValid();
+                            if (validationResult == ValidationResult.OK) {
+                                this.chunks.add(chunk);
+                            } else {
+                                throw new DataException(String.format("Chunk %s is invalid", chunk));
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (Exception e) {
+            throw new DataException("Unable to split file into chunks");
+        }
+
+        return this.chunks.size();
+    }
+
+    public boolean join() {
+        // Ensure we have chunks
+        if (this.chunks != null && this.chunks.size() > 0) {
+
+            // Create temporary path for joined file
+            // Use the user-specified temp dir, as it is deterministic, and is more likely to be located on reusable storage hardware
+            String baseDir = Settings.getInstance().getTempDataPath();
+            Path tempDir = Paths.get(baseDir, "join");
+            try {
+                Files.createDirectories(tempDir);
+            } catch (IOException e) {
+                return false;
+            }
+
+            // Join the chunks
+            Path outputPath = Paths.get(tempDir.toString(), this.chunks.get(0).digest58());
+            File outputFile = new File(outputPath.toString());
+            try (BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(outputFile))) {
+                for (ArbitraryDataFileChunk chunk : this.chunks) {
+                    File sourceFile = chunk.filePath.toFile();
+                    BufferedInputStream in = new BufferedInputStream(new FileInputStream(sourceFile));
+                    byte[] buffer = new byte[2048];
+                    int inSize;
+                    while ((inSize = in.read(buffer)) != -1) {
+                        out.write(buffer, 0, inSize);
+                    }
+                    in.close();
+                }
+                out.close();
+
+                // Copy temporary file to data directory
+                this.filePath = this.copyToDataDirectory(outputPath, this.signature);
+                if (FilesystemUtils.pathInsideDataOrTempPath(outputPath)) {
+                    Files.delete(outputPath);
+                }
+
+                return true;
+            } catch (FileNotFoundException e) {
+                return false;
+            } catch (IOException | DataException e) {
+                return false;
+            }
+        }
+        return false;
+    }
+
+    public boolean delete() {
+        // Delete the complete file
+        // ... but only if it's inside the Qortal data or temp directory
+        if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
+            if (Files.exists(this.filePath)) {
+                try {
+                    Files.delete(this.filePath);
+                    this.cleanupFilesystem();
+                    LOGGER.debug("Deleted file {}", this.filePath);
+                    return true;
+                } catch (IOException e) {
+                    LOGGER.warn("Couldn't delete file at path {}", this.filePath);
+                }
+            }
+        }
+        return false;
+    }
+
+    public boolean delete(int attempts) {
+        // Keep trying to delete the data until it is deleted, or we reach 10 attempts
+        for (int i=0; i<attempts; i++) {
+            if (this.delete()) {
+                return true;
+            }
+            try {
+                Thread.sleep(1000L);
+            } catch (InterruptedException e) {
+                // Fall through to exit method
+            }
+        }
+        return false;
+    }
+
+    public boolean deleteAllChunks() {
+        boolean success = false;
+
+        // Delete the individual chunks
+        if (this.chunks != null && this.chunks.size() > 0) {
+            Iterator iterator = this.chunks.iterator();
+            while (iterator.hasNext()) {
+                ArbitraryDataFileChunk chunk = (ArbitraryDataFileChunk) iterator.next();
+                success = chunk.delete();
+                iterator.remove();
+            }
+        }
+        return success;
+    }
+
+    public boolean deleteMetadata() {
+        if (this.metadataFile != null && this.metadataFile.exists()) {
+            return this.metadataFile.delete();
+        }
+        return false;
+    }
+
+    public boolean deleteAll() {
+        // Delete the complete file
+        boolean fileDeleted = this.delete();
+
+        // Delete the metadata file
+        boolean metadataDeleted = this.deleteMetadata();
+
+        // Delete the individual chunks
+        boolean chunksDeleted = this.deleteAllChunks();
+
+        return fileDeleted || metadataDeleted || chunksDeleted;
+    }
+
+    protected void cleanupFilesystem() throws IOException {
+        // It is essential that use a separate path reference in this method
+        // as we don't want to modify this.filePath
+        Path path = this.filePath;
+        
+        FilesystemUtils.safeDeleteEmptyParentDirectories(path);
+    }
+
+    public byte[] getBytes() {
+        try {
+            return Files.readAllBytes(this.filePath);
+        } catch (IOException e) {
+            LOGGER.error("Unable to read bytes for file");
+            return null;
+        }
+    }
+
+
+    /* Helper methods */
+
+    private boolean isInBaseDirectory(Path filePath) {
+        Path path = filePath.toAbsolutePath();
+        String dataPath = Settings.getInstance().getDataPath();
+        String basePath = Paths.get(dataPath).toAbsolutePath().toString();
+        return path.startsWith(basePath);
+    }
+
+    public boolean exists() {
+        File file = this.filePath.toFile();
+        return file.exists();
+    }
+
+    public boolean chunkExists(byte[] hash) {
+        for (ArbitraryDataFileChunk chunk : this.chunks) {
+            if (Arrays.equals(hash, chunk.getHash())) {
+                return chunk.exists();
+            }
+        }
+        if (Arrays.equals(hash, this.metadataHash)) {
+            if (this.metadataFile != null) {
+                return this.metadataFile.exists();
+            }
+        }
+        if (Arrays.equals(this.getHash(), hash)) {
+            return this.exists();
+        }
+        return false;
+    }
+
+    public boolean allChunksExist() {
+        try {
+            if (this.metadataHash == null) {
+                // We don't have any metadata so can't check if we have the chunks
+                // Even if this transaction has no chunks, we don't have the file either (already checked above)
+                return false;
+            }
+
+            if (this.metadataFile == null) {
+                this.metadataFile = ArbitraryDataFile.fromHash(this.metadataHash, this.signature);
+            }
+
+            // If the metadata file doesn't exist, we can't check if we have the chunks
+            if (!metadataFile.getFilePath().toFile().exists()) {
+                return false;
+            }
+
+            if (this.metadata == null) {
+                this.setMetadata(new ArbitraryDataTransactionMetadata(this.metadataFile.getFilePath()));
+            }
+
+            // Read the metadata
+            List<byte[]> chunks = metadata.getChunks();
+            for (byte[] chunkHash : chunks) {
+                ArbitraryDataFileChunk chunk = ArbitraryDataFileChunk.fromHash(chunkHash, this.signature);
+                if (!chunk.exists()) {
+                    return false;
+                }
+            }
+
+            return true;
+
+        } catch (DataException e) {
+            // Something went wrong, so assume we don't have all the chunks
+            return false;
+        }
+    }
+
+    public boolean anyChunksExist() throws DataException {
+        try {
+            if (this.metadataHash == null) {
+                // We don't have any metadata so can't check if we have the chunks
+                // Even if this transaction has no chunks, we don't have the file either (already checked above)
+                return false;
+            }
+
+            if (this.metadataFile == null) {
+                this.metadataFile = ArbitraryDataFile.fromHash(this.metadataHash, this.signature);
+            }
+
+            // If the metadata file doesn't exist, we can't check if we have any chunks
+            if (!metadataFile.getFilePath().toFile().exists()) {
+                return false;
+            }
+
+            if (this.metadata == null) {
+                this.setMetadata(new ArbitraryDataTransactionMetadata(this.metadataFile.getFilePath()));
+            }
+
+            // Read the metadata
+            List<byte[]> chunks = metadata.getChunks();
+            for (byte[] chunkHash : chunks) {
+                ArbitraryDataFileChunk chunk = ArbitraryDataFileChunk.fromHash(chunkHash, this.signature);
+                if (chunk.exists()) {
+                    return true;
+                }
+            }
+
+            return false;
+
+        } catch (DataException e) {
+            // Something went wrong, so assume we don't have all the chunks
+            return false;
+        }
+    }
+
+    public boolean allFilesExist() {
+        if (this.exists()) {
+            return true;
+        }
+
+        // Complete file doesn't exist, so check the chunks
+        if (this.allChunksExist()) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Retrieve a list of file hashes for this transaction that we do not hold locally
+     *
+     * @return a List of chunk hashes, or null if we are unable to determine what is missing
+     */
+    public List<byte[]> missingHashes() {
+        List<byte[]> missingHashes = new ArrayList<>();
+        try {
+            if (this.metadataHash == null) {
+                // We don't have any metadata so can't check if we have the chunks
+                // Even if this transaction has no chunks, we don't have the file either (already checked above)
+                return null;
+            }
+
+            if (this.metadataFile == null) {
+                this.metadataFile = ArbitraryDataFile.fromHash(this.metadataHash, this.signature);
+            }
+
+            // If the metadata file doesn't exist, we can't check if we have the chunks
+            if (!metadataFile.getFilePath().toFile().exists()) {
+                return null;
+            }
+
+            if (this.metadata == null) {
+                this.setMetadata(new ArbitraryDataTransactionMetadata(this.metadataFile.getFilePath()));
+            }
+
+            // Read the metadata
+            List<byte[]> chunks = metadata.getChunks();
+            for (byte[] chunkHash : chunks) {
+                ArbitraryDataFileChunk chunk = ArbitraryDataFileChunk.fromHash(chunkHash, this.signature);
+                if (!chunk.exists()) {
+                    missingHashes.add(chunkHash);
+                }
+            }
+
+            return missingHashes;
+
+        } catch (DataException e) {
+            // Something went wrong, so we can't make a sensible decision
+            return null;
+        }
+    }
+
+    public boolean containsChunk(byte[] hash) {
+        for (ArbitraryDataFileChunk chunk : this.chunks) {
+            if (Arrays.equals(hash, chunk.getHash())) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public long size() {
+        try {
+            return Files.size(this.filePath);
+        } catch (IOException e) {
+            return 0;
+        }
+    }
+
+    public int chunkCount() {
+        return this.chunks.size();
+    }
+
+    public List<ArbitraryDataFileChunk> getChunks() {
+        return this.chunks;
+    }
+
+    public byte[] chunkHashes() throws DataException {
+        if (this.chunks != null && this.chunks.size() > 0) {
+            // Return null if we only have one chunk, with the same hash as the parent
+            if (Arrays.equals(this.digest(), this.chunks.get(0).digest())) {
+                return null;
+            }
+
+            try {
+                ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+                for (ArbitraryDataFileChunk chunk : this.chunks) {
+                    byte[] chunkHash = chunk.digest();
+                    if (chunkHash.length != 32) {
+                        LOGGER.info("Invalid chunk hash length: {}", chunkHash.length);
+                        throw new DataException("Invalid chunk hash length");
+                    }
+                    outputStream.write(chunk.digest());
+                }
+                return outputStream.toByteArray();
+            } catch (IOException e) {
+                return null;
+            }
+        }
+        return null;
+    }
+
+    public List<byte[]> chunkHashList() {
+        List<byte[]> chunks = new ArrayList<>();
+
+        if (this.chunks != null && this.chunks.size() > 0) {
+            // Return null if we only have one chunk, with the same hash as the parent
+            if (Arrays.equals(this.digest(), this.chunks.get(0).digest())) {
+                return null;
+            }
+
+            try {
+                for (ArbitraryDataFileChunk chunk : this.chunks) {
+                    byte[] chunkHash = chunk.digest();
+                    if (chunkHash.length != 32) {
+                        LOGGER.info("Invalid chunk hash length: {}", chunkHash.length);
+                        throw new DataException("Invalid chunk hash length");
+                    }
+                    chunks.add(chunkHash);
+                }
+                return chunks;
+
+            } catch (DataException e) {
+                return null;
+            }
+        }
+        return null;
+    }
+
+    private void loadMetadata() throws DataException {
+        try {
+            this.metadata.read();
+
+        } catch (DataException | IOException e) {
+            throw new DataException(e);
+        }
+    }
+
+    private File getFile() {
+        File file = this.filePath.toFile();
+        if (file.exists()) {
+            return file;
+        }
+        return null;
+    }
+
+    public Path getFilePath() {
+        return this.filePath;
+    }
+
+    public byte[] digest() {
+        File file = this.getFile();
+        if (file != null && file.exists()) {
+            try {
+                return Crypto.digest(file);
+
+            } catch (IOException e) {
+                LOGGER.error("Couldn't compute digest for ArbitraryDataFile");
+            }
+        }
+        return null;
+    }
+
+    public String digest58() {
+        if (this.digest() != null) {
+            return Base58.encode(this.digest());
+        }
+        return null;
+    }
+
+    public String shortHash58() {
+        if (this.hash58 == null) {
+            return null;
+        }
+        return this.hash58.substring(0, Math.min(this.hash58.length(), SHORT_DIGEST_LENGTH));
+    }
+
+    public String getHash58() {
+        return this.hash58;
+    }
+
+    public byte[] getHash() {
+        return Base58.decode(this.hash58);
+    }
+
+    public String printChunks() {
+        String outputString = "";
+        if (this.chunkCount() > 0) {
+            for (ArbitraryDataFileChunk chunk : this.chunks) {
+                if (outputString.length() > 0) {
+                    outputString = outputString.concat(",");
+                }
+                outputString = outputString.concat(chunk.digest58());
+            }
+        }
+        return outputString;
+    }
+
+    public void setSecret(byte[] secret) {
+        this.secret = secret;
+    }
+
+    public byte[] getSecret() {
+        return this.secret;
+    }
+
+    public byte[] getSignature() {
+        return this.signature;
+    }
+
+    public void setMetadataFile(ArbitraryDataFile metadataFile) {
+        this.metadataFile = metadataFile;
+    }
+
+    public ArbitraryDataFile getMetadataFile() {
+        return this.metadataFile;
+    }
+
+    public void setMetadataHash(byte[] hash) throws DataException {
+        this.metadataHash = hash;
+
+        if (hash == null) {
+            return;
+        }
+        this.metadataFile = ArbitraryDataFile.fromHash(hash, this.signature);
+        if (metadataFile.exists()) {
+            this.setMetadata(new ArbitraryDataTransactionMetadata(this.metadataFile.getFilePath()));
+            this.addChunkHashes(this.metadata.getChunks());
+        }
+    }
+
+    public byte[] getMetadataHash() {
+        return this.metadataHash;
+    }
+
+    public void setMetadata(ArbitraryDataTransactionMetadata metadata) throws DataException {
+        this.metadata = metadata;
+        this.loadMetadata();
+    }
+
+    @Override
+    public String toString() {
+        return this.shortHash58();
+    }
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataFileChunk.java

@@ -0,0 +1,54 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.repository.DataException;
+import org.qortal.utils.Base58;
+
+import java.io.IOException;
+import java.nio.file.Files;
+
+
+public class ArbitraryDataFileChunk extends ArbitraryDataFile {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataFileChunk.class);
+
+    public ArbitraryDataFileChunk(String hash58, byte[] signature) throws DataException {
+        super(hash58, signature);
+    }
+
+    public ArbitraryDataFileChunk(byte[] fileContent, byte[] signature) throws DataException {
+        super(fileContent, signature);
+    }
+
+    public static ArbitraryDataFileChunk fromHash58(String hash58, byte[] signature) throws DataException {
+        return new ArbitraryDataFileChunk(hash58, signature);
+    }
+
+    public static ArbitraryDataFileChunk fromHash(byte[] hash, byte[] signature) throws DataException {
+        return ArbitraryDataFileChunk.fromHash58(Base58.encode(hash), signature);
+    }
+
+    @Override
+    public ValidationResult isValid() {
+        // DataChunk validation applies here too
+        ValidationResult superclassValidationResult = super.isValid();
+        if (superclassValidationResult != ValidationResult.OK) {
+            return superclassValidationResult;
+        }
+
+        try {
+            // Validate the file size (chunks have stricter limits)
+            long fileSize = Files.size(this.filePath);
+            if (fileSize > CHUNK_SIZE) {
+                LOGGER.error(String.format("DataFileChunk is too large: %d bytes (max chunk size: %d bytes)", fileSize, CHUNK_SIZE));
+                return ValidationResult.FILE_TOO_LARGE;
+            }
+
+        } catch (IOException e) {
+            return ValidationResult.FILE_NOT_FOUND;
+        }
+
+        return ValidationResult.OK;
+    }
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataMerge.java

@@ -0,0 +1,176 @@
+package org.qortal.arbitrary;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.ArbitraryDataDiff.*;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataPatch;
+import org.qortal.arbitrary.patch.UnifiedDiffPatch;
+import org.qortal.repository.DataException;
+import org.qortal.settings.Settings;
+import org.qortal.utils.FilesystemUtils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.*;
+import java.util.List;
+import java.util.UUID;
+
+public class ArbitraryDataMerge {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataMerge.class);
+
+    private final Path pathBefore;
+    private final Path pathAfter;
+    private Path mergePath;
+    private String identifier;
+    private ArbitraryDataMetadataPatch metadata;
+
+    public ArbitraryDataMerge(Path pathBefore, Path pathAfter) {
+        this.pathBefore = pathBefore;
+        this.pathAfter = pathAfter;
+    }
+
+    public void compute() throws IOException, DataException {
+        try {
+            this.preExecute();
+            this.copyPreviousStateToMergePath();
+            this.loadMetadata();
+            this.applyDifferences();
+            this.copyMetadata();
+
+        } finally {
+            this.postExecute();
+        }
+    }
+
+    private void preExecute() throws DataException {
+        this.createRandomIdentifier();
+        this.createOutputDirectory();
+    }
+
+    private void postExecute() {
+
+    }
+
+    private void createRandomIdentifier() {
+        this.identifier = UUID.randomUUID().toString();
+    }
+
+    private void createOutputDirectory() throws DataException {
+        // Use the user-specified temp dir, as it is deterministic, and is more likely to be located on reusable storage hardware
+        String baseDir = Settings.getInstance().getTempDataPath();
+        Path tempDir = Paths.get(baseDir, "merge", this.identifier);
+        try {
+            Files.createDirectories(tempDir);
+        } catch (IOException e) {
+            throw new DataException("Unable to create temp directory");
+        }
+        this.mergePath = tempDir;
+    }
+
+    private void copyPreviousStateToMergePath() throws IOException {
+        ArbitraryDataMerge.copyDirPathToBaseDir(this.pathBefore, this.mergePath, Paths.get(""));
+    }
+
+    private void loadMetadata() throws IOException, DataException {
+        this.metadata = new ArbitraryDataMetadataPatch(this.pathAfter);
+        this.metadata.read();
+    }
+
+    private void applyDifferences() throws IOException, DataException {
+
+        List<Path> addedPaths = this.metadata.getAddedPaths();
+        for (Path path : addedPaths) {
+            LOGGER.trace("File was added: {}", path.toString());
+            Path filePath = Paths.get(this.pathAfter.toString(), path.toString());
+            ArbitraryDataMerge.copyPathToBaseDir(filePath, this.mergePath, path);
+        }
+
+        List<ModifiedPath> modifiedPaths = this.metadata.getModifiedPaths();
+        for (ModifiedPath modifiedPath : modifiedPaths) {
+            LOGGER.trace("File was modified: {}", modifiedPath.toString());
+            this.applyPatch(modifiedPath);
+        }
+
+        List<Path> removedPaths = this.metadata.getRemovedPaths();
+        for (Path path : removedPaths) {
+            LOGGER.trace("File was removed: {}", path.toString());
+            ArbitraryDataMerge.deletePathInBaseDir(this.mergePath, path);
+        }
+    }
+
+    private void applyPatch(ModifiedPath modifiedPath) throws IOException, DataException {
+        if (modifiedPath.getDiffType() == DiffType.UNIFIED_DIFF) {
+            // Create destination file from patch
+            UnifiedDiffPatch unifiedDiffPatch = new UnifiedDiffPatch(pathBefore, pathAfter, mergePath);
+            unifiedDiffPatch.apply(modifiedPath.getPath());
+        }
+        else if (modifiedPath.getDiffType() == DiffType.COMPLETE_FILE) {
+            // Copy complete file
+            Path filePath = Paths.get(this.pathAfter.toString(), modifiedPath.getPath().toString());
+            ArbitraryDataMerge.copyPathToBaseDir(filePath, this.mergePath, modifiedPath.getPath());
+        }
+        else {
+            throw new DataException(String.format("Unrecognized patch diff type: %s", modifiedPath.getDiffType()));
+        }
+    }
+
+    private void copyMetadata() throws IOException {
+        Path filePath = Paths.get(this.pathAfter.toString(), ".qortal");
+        ArbitraryDataMerge.copyPathToBaseDir(filePath, this.mergePath, Paths.get(".qortal"));
+    }
+
+
+    private static void copyPathToBaseDir(Path source, Path base, Path relativePath) throws IOException {
+        if (!Files.exists(source)) {
+            throw new IOException(String.format("File not found: %s", source.toString()));
+        }
+
+        File sourceFile = source.toFile();
+        Path dest = Paths.get(base.toString(), relativePath.toString());
+        LOGGER.trace("Copying {} to {}", source, dest);
+
+        if (sourceFile.isFile()) {
+            Files.copy(source, dest, StandardCopyOption.REPLACE_EXISTING);
+        }
+        else if (sourceFile.isDirectory()) {
+            FilesystemUtils.copyAndReplaceDirectory(source.toString(), dest.toString());
+        }
+        else {
+            throw new IOException(String.format("Invalid file: %s", source.toString()));
+        }
+    }
+
+    private static void copyDirPathToBaseDir(Path source, Path base, Path relativePath) throws IOException {
+        if (!Files.exists(source)) {
+            throw new IOException(String.format("File not found: %s", source.toString()));
+        }
+
+        Path dest = Paths.get(base.toString(), relativePath.toString());
+        LOGGER.trace("Copying {} to {}", source, dest);
+        FilesystemUtils.copyAndReplaceDirectory(source.toString(), dest.toString());
+    }
+
+    private static void deletePathInBaseDir(Path base, Path relativePath) throws IOException {
+        Path dest = Paths.get(base.toString(), relativePath.toString());
+        File file = new File(dest.toString());
+        if (file.exists() && file.isFile()) {
+            if (FilesystemUtils.pathInsideDataOrTempPath(dest)) {
+                LOGGER.trace("Deleting file {}", dest);
+                Files.delete(dest);
+            }
+        }
+        if (file.exists() && file.isDirectory()) {
+            if (FilesystemUtils.pathInsideDataOrTempPath(dest)) {
+                LOGGER.trace("Deleting directory {}", dest);
+                FileUtils.deleteDirectory(file);
+            }
+        }
+    }
+
+    public Path getMergePath() {
+        return this.mergePath;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataReader.java

@@ -0,0 +1,566 @@
+package org.qortal.arbitrary;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.controller.arbitrary.ArbitraryDataBuildManager;
+import org.qortal.controller.arbitrary.ArbitraryDataManager;
+import org.qortal.controller.arbitrary.ArbitraryDataStorageManager;
+import org.qortal.crypto.AES;
+import org.qortal.data.transaction.ArbitraryTransactionData;
+import org.qortal.data.transaction.ArbitraryTransactionData.*;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.arbitrary.ArbitraryDataFile.*;
+import org.qortal.settings.Settings;
+import org.qortal.transform.Transformer;
+import org.qortal.utils.ArbitraryTransactionUtils;
+import org.qortal.utils.Base58;
+import org.qortal.utils.FilesystemUtils;
+import org.qortal.utils.ZipUtils;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.File;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.nio.file.*;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+public class ArbitraryDataReader {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataReader.class);
+
+    private final String resourceId;
+    private final ResourceIdType resourceIdType;
+    private final Service service;
+    private final String identifier;
+    private ArbitraryTransactionData transactionData;
+    private String secret58;
+    private Path filePath;
+    private boolean canRequestMissingFiles;
+
+    // Intermediate paths
+    private final Path workingPath;
+    private final Path uncompressedPath;
+
+    // Stats (available for synchronous builds only)
+    private int layerCount;
+    private byte[] latestSignature;
+
+    public ArbitraryDataReader(String resourceId, ResourceIdType resourceIdType, Service service, String identifier) {
+        // Ensure names are always lowercase
+        if (resourceIdType == ResourceIdType.NAME) {
+            resourceId = resourceId.toLowerCase();
+        }
+
+        // If identifier is a blank string, or reserved keyword "default", treat it as null
+        if (identifier == null || identifier.equals("") || identifier.equals("default")) {
+            identifier = null;
+        }
+
+        this.resourceId = resourceId;
+        this.resourceIdType = resourceIdType;
+        this.service = service;
+        this.identifier = identifier;
+
+        this.workingPath = this.buildWorkingPath();
+        this.uncompressedPath = Paths.get(this.workingPath.toString(), "data");
+
+        // By default we can request missing files
+        // Callers can use setCanRequestMissingFiles(false) to prevent it
+        this.canRequestMissingFiles = true;
+    }
+
+    private Path buildWorkingPath() {
+        // Use the user-specified temp dir, as it is deterministic, and is more likely to be located on reusable storage hardware
+        String baseDir = Settings.getInstance().getTempDataPath();
+        String identifier = this.identifier != null ?  this.identifier : "default";
+        return Paths.get(baseDir, "reader", this.resourceIdType.toString(), this.resourceId, this.service.toString(), identifier);
+    }
+
+    public boolean isCachedDataAvailable() {
+        // If this resource is in the build queue then we shouldn't attempt to serve
+        // cached data, as it may not be fully built
+        if (ArbitraryDataBuildManager.getInstance().isInBuildQueue(this.createQueueItem())) {
+            return false;
+        }
+
+        // Not in the build queue - so check the cache itself
+        ArbitraryDataCache cache = new ArbitraryDataCache(this.uncompressedPath, false,
+                this.resourceId, this.resourceIdType, this.service, this.identifier);
+        if (cache.isCachedDataAvailable()) {
+            this.filePath = this.uncompressedPath;
+            return true;
+        }
+        return false;
+    }
+
+    public boolean isBuilding() {
+        return ArbitraryDataBuildManager.getInstance().isInBuildQueue(this.createQueueItem());
+    }
+
+    private ArbitraryDataBuildQueueItem createQueueItem() {
+        return new ArbitraryDataBuildQueueItem(this.resourceId, this.resourceIdType, this.service, this.identifier);
+    }
+
+    /**
+     * loadAsynchronously
+     *
+     * Attempts to load the resource asynchronously
+     * This adds the build task to a queue, and the result will be cached when complete
+     * To check the status of the build, periodically call isCachedDataAvailable()
+     * Once it returns true, you can then use getFilePath() to access the data itself.
+     *
+     * @param overwrite - set to true to force rebuild an existing cache
+     * @return true if added or already present in queue; false if not
+     */
+    public boolean loadAsynchronously(boolean overwrite, int priority) {
+        ArbitraryDataCache cache = new ArbitraryDataCache(this.uncompressedPath, overwrite,
+                this.resourceId, this.resourceIdType, this.service, this.identifier);
+        if (cache.isCachedDataAvailable()) {
+            // Use cached data
+            this.filePath = this.uncompressedPath;
+            return true;
+        }
+
+        ArbitraryDataBuildQueueItem item = this.createQueueItem();
+        item.setPriority(priority);
+        return ArbitraryDataBuildManager.getInstance().addToBuildQueue(item);
+    }
+
+    /**
+     * loadSynchronously
+     *
+     * Attempts to load the resource synchronously
+     * Warning: this can block for a long time when building or fetching complex data
+     * If no exception is thrown, you can then use getFilePath() to access the data immediately after returning
+     *
+     * @param overwrite - set to true to force rebuild an existing cache
+     * @throws IOException
+     * @throws DataException
+     * @throws MissingDataException
+     */
+    public void loadSynchronously(boolean overwrite) throws DataException, IOException, MissingDataException {
+        try {
+            ArbitraryDataCache cache = new ArbitraryDataCache(this.uncompressedPath, overwrite,
+                    this.resourceId, this.resourceIdType, this.service, this.identifier);
+            if (cache.isCachedDataAvailable()) {
+                // Use cached data
+                this.filePath = this.uncompressedPath;
+                return;
+            }
+
+            this.preExecute();
+            this.deleteExistingFiles();
+            this.fetch();
+            this.decrypt();
+            this.uncompress();
+            this.validate();
+
+        } catch (DataException e) {
+            this.deleteWorkingDirectory();
+            throw new DataException(e.getMessage());
+
+        } finally {
+            this.postExecute();
+        }
+    }
+
+    private void preExecute() throws DataException {
+        ArbitraryDataBuildManager.getInstance().setBuildInProgress(true);
+        this.checkEnabled();
+        this.createWorkingDirectory();
+        this.createUncompressedDirectory();
+    }
+
+    private void postExecute() {
+        ArbitraryDataBuildManager.getInstance().setBuildInProgress(false);
+    }
+
+    private void checkEnabled() throws DataException {
+        if (!Settings.getInstance().isQdnEnabled()) {
+            throw new DataException("QDN is disabled in settings");
+        }
+    }
+
+    private void createWorkingDirectory() throws DataException {
+        try {
+            Files.createDirectories(this.workingPath);
+        } catch (IOException e) {
+            throw new DataException("Unable to create temp directory");
+        }
+    }
+
+    /**
+     * Working directory should only be deleted on failure, since it is currently used to
+     * serve a cached version of the resource for subsequent requests.
+     * @throws IOException
+     */
+    private void deleteWorkingDirectory() throws IOException {
+        FilesystemUtils.safeDeleteDirectory(this.workingPath, true);
+    }
+
+    private void createUncompressedDirectory() throws DataException {
+        try {
+            // Create parent directory
+            Files.createDirectories(this.uncompressedPath.getParent());
+            // Ensure child directory doesn't already exist
+            FileUtils.deleteDirectory(this.uncompressedPath.toFile());
+
+        } catch (IOException e) {
+            throw new DataException("Unable to create uncompressed directory");
+        }
+    }
+
+    private void deleteExistingFiles() {
+        final Path uncompressedPath = this.uncompressedPath;
+        if (FilesystemUtils.pathInsideDataOrTempPath(uncompressedPath)) {
+            if (Files.exists(uncompressedPath)) {
+                LOGGER.trace("Attempting to delete path {}", this.uncompressedPath);
+                try {
+                    Files.walkFileTree(uncompressedPath, new SimpleFileVisitor<>() {
+
+                        @Override
+                        public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
+                            Files.delete(file);
+                            return FileVisitResult.CONTINUE;
+                        }
+
+                        @Override
+                        public FileVisitResult postVisitDirectory(Path dir, IOException e) throws IOException {
+                            // Don't delete the parent directory, as we want to leave an empty folder
+                            if (dir.compareTo(uncompressedPath) == 0) {
+                                return FileVisitResult.CONTINUE;
+                            }
+
+                            if (e == null) {
+                                Files.delete(dir);
+                                return FileVisitResult.CONTINUE;
+                            } else {
+                                throw e;
+                            }
+                        }
+
+                    });
+                } catch (IOException e) {
+                    LOGGER.debug("Unable to delete file or directory: {}", e.getMessage());
+                }
+            }
+        }
+    }
+
+    private void fetch() throws DataException, IOException, MissingDataException {
+        switch (resourceIdType) {
+
+            case FILE_HASH:
+                this.fetchFromFileHash();
+                break;
+
+            case NAME:
+                this.fetchFromName();
+                break;
+
+            case SIGNATURE:
+                this.fetchFromSignature();
+                break;
+
+            case TRANSACTION_DATA:
+                this.fetchFromTransactionData(this.transactionData);
+                break;
+
+            default:
+                throw new DataException(String.format("Unknown resource ID type specified: %s", resourceIdType.toString()));
+        }
+    }
+
+    private void fetchFromFileHash() throws DataException {
+        // Load data file directly from the hash (without a signature)
+        ArbitraryDataFile arbitraryDataFile = ArbitraryDataFile.fromHash58(resourceId, null);
+        // Set filePath to the location of the ArbitraryDataFile
+        this.filePath = arbitraryDataFile.getFilePath();
+    }
+
+    private void fetchFromName() throws DataException, IOException, MissingDataException {
+        try {
+
+            // Build the existing state using past transactions
+            ArbitraryDataBuilder builder = new ArbitraryDataBuilder(this.resourceId, this.service, this.identifier);
+            builder.build();
+            Path builtPath = builder.getFinalPath();
+            if (builtPath == null) {
+                throw new DataException("Unable to build path");
+            }
+
+            // Update stats
+            this.layerCount = builder.getLayerCount();
+            this.latestSignature = builder.getLatestSignature();
+
+            // Set filePath to the builtPath
+            this.filePath = builtPath;
+
+        } catch (InvalidObjectException e) {
+            // Hash validation failed. Invalidate the cache for this name, so it can be rebuilt
+            LOGGER.info("Deleting {}", this.workingPath.toString());
+            FilesystemUtils.safeDeleteDirectory(this.workingPath, false);
+            throw(e);
+        }
+    }
+
+    private void fetchFromSignature() throws DataException, IOException, MissingDataException {
+
+        // Load the full transaction data from the database so we can access the file hashes
+        ArbitraryTransactionData transactionData;
+        try (final Repository repository = RepositoryManager.getRepository()) {
+            transactionData = (ArbitraryTransactionData) repository.getTransactionRepository().fromSignature(Base58.decode(resourceId));
+        }
+        if (transactionData == null) {
+            throw new DataException(String.format("Transaction data not found for signature %s", this.resourceId));
+        }
+
+        this.fetchFromTransactionData(transactionData);
+    }
+
+    private void fetchFromTransactionData(ArbitraryTransactionData transactionData) throws DataException, IOException, MissingDataException {
+        if (transactionData == null) {
+            throw new DataException(String.format("Transaction data not found for signature %s", this.resourceId));
+        }
+
+        // Load hashes
+        byte[] digest = transactionData.getData();
+        byte[] metadataHash = transactionData.getMetadataHash();
+        byte[] signature = transactionData.getSignature();
+
+        // Load secret
+        byte[] secret = transactionData.getSecret();
+        if (secret != null) {
+            this.secret58 = Base58.encode(secret);
+        }
+
+        // Load data file(s)
+        ArbitraryDataFile arbitraryDataFile = ArbitraryDataFile.fromHash(digest, signature);
+        ArbitraryTransactionUtils.checkAndRelocateMiscFiles(transactionData);
+        arbitraryDataFile.setMetadataHash(metadataHash);
+
+        if (!arbitraryDataFile.allFilesExist()) {
+            if (ArbitraryDataStorageManager.getInstance().isNameBlocked(transactionData.getName())) {
+                throw new DataException(
+                        String.format("Unable to request missing data for file %s because the name is blocked", arbitraryDataFile));
+            }
+            else {
+                // Ask the arbitrary data manager to fetch data for this transaction
+                String message;
+                if (this.canRequestMissingFiles) {
+                    boolean requested = ArbitraryDataManager.getInstance().fetchData(transactionData);
+
+                    if (requested) {
+                        message = String.format("Requested missing data for file %s", arbitraryDataFile);
+                    } else {
+                        message = String.format("Unable to reissue request for missing file %s for signature %s due to rate limit. Please try again later.", arbitraryDataFile, Base58.encode(transactionData.getSignature()));
+                    }
+                }
+                else {
+                    message = String.format("Missing data for file %s", arbitraryDataFile);
+                }
+
+                // Throw a missing data exception, which allows subsequent layers to fetch data
+                LOGGER.trace(message);
+                throw new MissingDataException(message);
+            }
+        }
+
+        if (arbitraryDataFile.allChunksExist() && !arbitraryDataFile.exists()) {
+            // We have all the chunks but not the complete file, so join them
+            arbitraryDataFile.join();
+        }
+
+        // If the complete file still doesn't exist then something went wrong
+        if (!arbitraryDataFile.exists()) {
+            throw new IOException(String.format("File doesn't exist: %s", arbitraryDataFile));
+        }
+        // Ensure the complete hash matches the joined chunks
+        if (!Arrays.equals(arbitraryDataFile.digest(), digest)) {
+            // Delete the invalid file
+            arbitraryDataFile.delete();
+            throw new DataException("Unable to validate complete file hash");
+        }
+        // Ensure the file's size matches the size reported by the transaction (throws a DataException if not)
+        arbitraryDataFile.validateFileSize(transactionData.getSize());
+
+        // Set filePath to the location of the ArbitraryDataFile
+        this.filePath = arbitraryDataFile.getFilePath();
+    }
+
+    private void decrypt() throws DataException {
+        try {
+            // First try with explicit parameters (CBC mode with PKCS5 padding)
+            this.decryptUsingAlgo("AES/CBC/PKCS5Padding");
+
+        } catch (DataException e) {
+            // Something went wrong, so fall back to default AES params (necessary for legacy resource support)
+            this.decryptUsingAlgo("AES");
+
+            // TODO: delete files and block this resource if privateDataEnabled is false and the second attempt fails too
+        }
+    }
+
+    private void decryptUsingAlgo(String algorithm) throws DataException {
+        // Decrypt if we have the secret key.
+        byte[] secret = this.secret58 != null ? Base58.decode(this.secret58) : null;
+        if (secret != null && secret.length == Transformer.AES256_LENGTH) {
+            try {
+                Path unencryptedPath = Paths.get(this.workingPath.toString(), "zipped.zip");
+                SecretKey aesKey = new SecretKeySpec(secret, 0, secret.length, algorithm);
+                AES.decryptFile(algorithm, aesKey, this.filePath.toString(), unencryptedPath.toString());
+
+                // Replace filePath pointer with the encrypted file path
+                // Don't delete the original ArbitraryDataFile, as this is handled in the cleanup phase
+                this.filePath = unencryptedPath;
+
+            } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchPaddingException
+                    | BadPaddingException | IllegalBlockSizeException | IOException | InvalidKeyException e) {
+                throw new DataException(String.format("Unable to decrypt file at path %s: %s", this.filePath, e.getMessage()));
+            }
+        } else {
+            // Assume it is unencrypted. This will be the case when we have built a custom path by combining
+            // multiple decrypted archives into a single state.
+        }
+    }
+
+    private void uncompress() throws IOException, DataException {
+        if (this.filePath == null || !Files.exists(this.filePath)) {
+            throw new DataException("Can't uncompress non-existent file path");
+        }
+        File file = new File(this.filePath.toString());
+        if (file.isDirectory()) {
+            // Already a directory - nothing to uncompress
+            // We still need to copy the directory to its final destination if it's not already there
+            this.moveFilePathToFinalDestination();
+            return;
+        }
+
+        try {
+            // Default to ZIP compression - this is needed for previews
+            Compression compression = transactionData != null ? transactionData.getCompression() : Compression.ZIP;
+
+            // Handle each type of compression
+            if (compression == Compression.ZIP) {
+                ZipUtils.unzip(this.filePath.toString(), this.uncompressedPath.getParent().toString());
+            }
+            else if (compression == Compression.NONE) {
+                Files.createDirectories(this.uncompressedPath);
+                Path finalPath = Paths.get(this.uncompressedPath.toString(), "data");
+                this.filePath.toFile().renameTo(finalPath.toFile());
+            }
+            else {
+                throw new DataException(String.format("Unrecognized compression type: %s", transactionData.getCompression()));
+            }
+        } catch (IOException e) {
+            throw new DataException(String.format("Unable to unzip file: %s", e.getMessage()));
+        }
+
+        if (!this.uncompressedPath.toFile().exists()) {
+            throw new DataException(String.format("Unable to unzip file: %s", this.filePath));
+        }
+
+        // Delete original compressed file
+        if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
+            if (Files.exists(this.filePath)) {
+                Files.delete(this.filePath);
+            }
+        }
+
+        // Replace filePath pointer with the uncompressed file path
+        this.filePath = this.uncompressedPath;
+    }
+
+    private void validate() throws IOException, DataException {
+        if (this.service.isValidationRequired()) {
+            Service.ValidationResult result = this.service.validate(this.filePath);
+            if (result != Service.ValidationResult.OK) {
+                throw new DataException(String.format("Validation of %s failed: %s", this.service, result.toString()));
+            }
+        }
+    }
+
+
+    private void moveFilePathToFinalDestination() throws IOException, DataException {
+        if (this.filePath.compareTo(this.uncompressedPath) != 0) {
+            File source = new File(this.filePath.toString());
+            File dest = new File(this.uncompressedPath.toString());
+            if (!source.exists()) {
+                throw new DataException("Source directory doesn't exist");
+            }
+            // Ensure destination directory doesn't exist
+            FileUtils.deleteDirectory(dest);
+            // Move files to destination
+            FilesystemUtils.copyAndReplaceDirectory(source.toString(), dest.toString());
+
+            try {
+                // Delete existing
+                if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
+                    File directory = new File(this.filePath.toString());
+                    FileUtils.deleteDirectory(directory);
+                }
+
+                // ... and its parent directory if empty
+                Path parentDirectory = this.filePath.getParent();
+                if (FilesystemUtils.pathInsideDataOrTempPath(parentDirectory)) {
+                    Files.deleteIfExists(parentDirectory);
+                }
+
+            } catch (DirectoryNotEmptyException e) {
+                    // No need to log anything
+            } catch (IOException e) {
+                // This will eventually be cleaned up by a maintenance process, so log the error and continue
+                LOGGER.debug("Unable to cleanup directories: {}", e.getMessage());
+            }
+
+            // Finally, update filePath to point to uncompressedPath
+            this.filePath = this.uncompressedPath;
+        }
+    }
+
+
+    public void setTransactionData(ArbitraryTransactionData transactionData) {
+        this.transactionData = transactionData;
+    }
+
+    public void setSecret58(String secret58) {
+        this.secret58 = secret58;
+    }
+
+    public Path getFilePath() {
+        return this.filePath;
+    }
+
+    public int getLayerCount() {
+        return this.layerCount;
+    }
+
+    public byte[] getLatestSignature() {
+        return this.latestSignature;
+    }
+
+    /**
+     * Use the below setter to ensure that we only read existing
+     * data without requesting any missing files,
+     *
+     * @param canRequestMissingFiles - whether or not fetching missing files is allowed
+     */
+    public void setCanRequestMissingFiles(boolean canRequestMissingFiles) {
+        this.canRequestMissingFiles = canRequestMissingFiles;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java

@@ -0,0 +1,213 @@
+package org.qortal.arbitrary;
+
+import com.google.common.io.Resources;
+import org.apache.commons.io.FileUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.api.HTMLParser;
+import org.qortal.arbitrary.ArbitraryDataFile.*;
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.controller.Controller;
+import org.qortal.settings.Settings;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+
+public class ArbitraryDataRenderer {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataRenderer.class);
+
+    private final String resourceId;
+    private final ResourceIdType resourceIdType;
+    private final Service service;
+    private String inPath;
+    private final String secret58;
+    private final String prefix;
+    private final boolean usePrefix;
+    private final boolean async;
+    private final HttpServletRequest request;
+    private final HttpServletResponse response;
+    private final ServletContext context;
+
+    public ArbitraryDataRenderer(String resourceId, ResourceIdType resourceIdType, Service service, String inPath,
+                                 String secret58, String prefix, boolean usePrefix, boolean async,
+                                 HttpServletRequest request, HttpServletResponse response, ServletContext context) {
+
+        this.resourceId = resourceId;
+        this.resourceIdType = resourceIdType;
+        this.service = service;
+        this.inPath = inPath;
+        this.secret58 = secret58;
+        this.prefix = prefix;
+        this.usePrefix = usePrefix;
+        this.async = async;
+        this.request = request;
+        this.response = response;
+        this.context = context;
+    }
+
+    public HttpServletResponse render() {
+        if (!inPath.startsWith(File.separator)) {
+            inPath = File.separator + inPath;
+        }
+
+        // Don't render data if QDN is disabled
+        if (!Settings.getInstance().isQdnEnabled()) {
+            return ArbitraryDataRenderer.getResponse(response, 500, "QDN is disabled in settings");
+        }
+
+        ArbitraryDataReader arbitraryDataReader = new ArbitraryDataReader(resourceId, resourceIdType, service, null);
+        arbitraryDataReader.setSecret58(secret58); // Optional, used for loading encrypted file hashes only
+        try {
+            if (!arbitraryDataReader.isCachedDataAvailable()) {
+                // If async is requested, show a loading screen whilst build is in progress
+                if (async) {
+                    arbitraryDataReader.loadAsynchronously(false, 10);
+                    return this.getLoadingResponse(service, resourceId);
+                }
+
+                // Otherwise, loop until we have data
+                int attempts = 0;
+                while (!Controller.isStopping()) {
+                    attempts++;
+                    if (!arbitraryDataReader.isBuilding()) {
+                        try {
+                            arbitraryDataReader.loadSynchronously(false);
+                            break;
+                        } catch (MissingDataException e) {
+                            if (attempts > 5) {
+                                // Give up after 5 attempts
+                                return ArbitraryDataRenderer.getResponse(response, 404, "Data unavailable. Please try again later.");
+                            }
+                        }
+                    }
+                    Thread.sleep(3000L);
+                }
+            }
+
+        } catch (Exception e) {
+            LOGGER.info(String.format("Unable to load %s %s: %s", service, resourceId, e.getMessage()));
+            return ArbitraryDataRenderer.getResponse(response, 500, "Error 500: Internal Server Error");
+        }
+
+        java.nio.file.Path path = arbitraryDataReader.getFilePath();
+        if (path == null) {
+            return ArbitraryDataRenderer.getResponse(response, 404, "Error 404: File Not Found");
+        }
+        String unzippedPath = path.toString();
+
+        try {
+            String filename = this.getFilename(unzippedPath, inPath);
+            String filePath = Paths.get(unzippedPath, filename).toString();
+
+            if (HTMLParser.isHtmlFile(filename)) {
+                // HTML file - needs to be parsed
+                byte[] data = Files.readAllBytes(Paths.get(filePath)); // TODO: limit file size that can be read into memory
+                HTMLParser htmlParser = new HTMLParser(resourceId, inPath, prefix, usePrefix, data);
+                htmlParser.addAdditionalHeaderTags();
+                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline'; media-src 'self' blob:");
+                response.setContentType(context.getMimeType(filename));
+                response.setContentLength(htmlParser.getData().length);
+                response.getOutputStream().write(htmlParser.getData());
+            }
+            else {
+                // Regular file - can be streamed directly
+                File file = new File(filePath);
+                FileInputStream inputStream = new FileInputStream(file);
+                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline'; media-src 'self' blob:");
+                response.setContentType(context.getMimeType(filename));
+                int bytesRead, length = 0;
+                byte[] buffer = new byte[10240];
+                while ((bytesRead = inputStream.read(buffer)) != -1) {
+                    response.getOutputStream().write(buffer, 0, bytesRead);
+                    length += bytesRead;
+                }
+                response.setContentLength(length);
+                inputStream.close();
+            }
+            return response;
+        } catch (FileNotFoundException | NoSuchFileException e) {
+            LOGGER.info("Unable to serve file: {}", e.getMessage());
+            if (inPath.equals("/")) {
+                // Delete the unzipped folder if no index file was found
+                try {
+                    FileUtils.deleteDirectory(new File(unzippedPath));
+                } catch (IOException ioException) {
+                    LOGGER.debug("Unable to delete directory: {}", unzippedPath, e);
+                }
+            }
+        } catch (IOException e) {
+            LOGGER.info("Unable to serve file at path {}: {}", inPath, e.getMessage());
+        }
+
+        return ArbitraryDataRenderer.getResponse(response, 404, "Error 404: File Not Found");
+    }
+
+    private String getFilename(String directory, String userPath) {
+        if (userPath == null || userPath.endsWith("/") || userPath.equals("")) {
+            // Locate index file
+            List<String> indexFiles = ArbitraryDataRenderer.indexFiles();
+            for (String indexFile : indexFiles) {
+                Path path = Paths.get(directory, indexFile);
+                if (Files.exists(path)) {
+                    return userPath + indexFile;
+                }
+            }
+        }
+        return userPath;
+    }
+
+    private HttpServletResponse getLoadingResponse(Service service, String name) {
+        String responseString = "";
+        URL url = Resources.getResource("loading/index.html");
+        try {
+            responseString = Resources.toString(url, StandardCharsets.UTF_8);
+
+            // Replace vars
+            responseString = responseString.replace("%%SERVICE%%", service.toString());
+            responseString = responseString.replace("%%NAME%%", name);
+
+        } catch (IOException e) {
+            LOGGER.info("Unable to show loading screen: {}", e.getMessage());
+        }
+        return ArbitraryDataRenderer.getResponse(response, 503, responseString);
+    }
+
+    public static HttpServletResponse getResponse(HttpServletResponse response, int responseCode, String responseString) {
+        try {
+            byte[] responseData = responseString.getBytes();
+            response.setStatus(responseCode);
+            response.setContentLength(responseData.length);
+            response.getOutputStream().write(responseData);
+        } catch (IOException e) {
+            LOGGER.info("Error writing {} response", responseCode);
+        }
+        return response;
+    }
+
+    public static List<String> indexFiles() {
+        List<String> indexFiles = new ArrayList<>();
+        indexFiles.add("index.html");
+        indexFiles.add("index.htm");
+        indexFiles.add("default.html");
+        indexFiles.add("default.htm");
+        indexFiles.add("home.html");
+        indexFiles.add("home.htm");
+        return indexFiles;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataResource.java

@@ -0,0 +1,352 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.ArbitraryDataFile.ResourceIdType;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.controller.arbitrary.ArbitraryDataBuildManager;
+import org.qortal.controller.arbitrary.ArbitraryDataManager;
+import org.qortal.controller.arbitrary.ArbitraryDataStorageManager;
+import org.qortal.data.arbitrary.ArbitraryResourceStatus;
+import org.qortal.data.transaction.ArbitraryTransactionData;
+import org.qortal.list.ResourceListManager;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.settings.Settings;
+import org.qortal.utils.ArbitraryTransactionUtils;
+import org.qortal.utils.FilesystemUtils;
+import org.qortal.utils.NTP;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.qortal.data.arbitrary.ArbitraryResourceStatus.Status;
+
+public class ArbitraryDataResource {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataResource.class);
+
+    protected final String resourceId;
+    protected final ResourceIdType resourceIdType;
+    protected final Service service;
+    protected final String identifier;
+
+    private List<ArbitraryTransactionData> transactions;
+    private ArbitraryTransactionData latestPutTransaction;
+    private int layerCount;
+    private Integer localChunkCount = null;
+    private Integer totalChunkCount = null;
+
+    public ArbitraryDataResource(String resourceId, ResourceIdType resourceIdType, Service service, String identifier) {
+        this.resourceId = resourceId.toLowerCase();
+        this.resourceIdType = resourceIdType;
+        this.service = service;
+
+        // If identifier is a blank string, or reserved keyword "default", treat it as null
+        if (identifier == null || identifier.equals("") || identifier.equals("default")) {
+            identifier = null;
+        }
+        this.identifier = identifier;
+    }
+
+    public ArbitraryResourceStatus getStatus(boolean quick) {
+        // Calculate the chunk counts
+        // Avoid this for "quick" statuses, to speed things up
+        if (!quick) {
+            this.calculateChunkCounts();
+        }
+
+        if (resourceIdType != ResourceIdType.NAME) {
+            // We only support statuses for resources with a name
+            return new ArbitraryResourceStatus(Status.UNSUPPORTED, this.localChunkCount, this.totalChunkCount);
+        }
+
+        // Check if the name is blocked
+        if (ResourceListManager.getInstance()
+                .listContains("blockedNames", this.resourceId, false)) {
+            return new ArbitraryResourceStatus(Status.BLOCKED, this.localChunkCount, this.totalChunkCount);
+        }
+
+        // Check if a build has failed
+        ArbitraryDataBuildQueueItem queueItem =
+                new ArbitraryDataBuildQueueItem(resourceId, resourceIdType, service, identifier);
+        if (ArbitraryDataBuildManager.getInstance().isInFailedBuildsList(queueItem)) {
+            return new ArbitraryResourceStatus(Status.BUILD_FAILED, this.localChunkCount, this.totalChunkCount);
+        }
+
+        // Firstly check the cache to see if it's already built
+        ArbitraryDataReader arbitraryDataReader = new ArbitraryDataReader(
+                resourceId, resourceIdType, service, identifier);
+        if (arbitraryDataReader.isCachedDataAvailable()) {
+            return new ArbitraryResourceStatus(Status.READY, this.localChunkCount, this.totalChunkCount);
+        }
+
+        // Check if we have all data locally for this resource
+        if (!this.allFilesDownloaded()) {
+            if (this.isDownloading()) {
+                return new ArbitraryResourceStatus(Status.DOWNLOADING, this.localChunkCount, this.totalChunkCount);
+            }
+            else if (this.isDataPotentiallyAvailable()) {
+                return new ArbitraryResourceStatus(Status.PUBLISHED, this.localChunkCount, this.totalChunkCount);
+            }
+            return new ArbitraryResourceStatus(Status.MISSING_DATA, this.localChunkCount, this.totalChunkCount);
+        }
+
+        // Check if there's a build in progress
+        if (ArbitraryDataBuildManager.getInstance().isInBuildQueue(queueItem)) {
+            return new ArbitraryResourceStatus(Status.BUILDING, this.localChunkCount, this.totalChunkCount);
+        }
+
+        // We have all data locally
+        return new ArbitraryResourceStatus(Status.DOWNLOADED, this.localChunkCount, this.totalChunkCount);
+    }
+
+    public boolean delete() {
+        try {
+            this.fetchTransactions();
+
+            List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+
+            for (ArbitraryTransactionData transactionData : transactionDataList) {
+                byte[] hash = transactionData.getData();
+                byte[] metadataHash = transactionData.getMetadataHash();
+                byte[] signature = transactionData.getSignature();
+                ArbitraryDataFile arbitraryDataFile = ArbitraryDataFile.fromHash(hash, signature);
+                arbitraryDataFile.setMetadataHash(metadataHash);
+
+                // Delete any chunks or complete files from each transaction
+                arbitraryDataFile.deleteAll();
+            }
+
+            // Also delete cached data for the entire resource
+            this.deleteCache();
+
+            // Invalidate the hosted transactions cache as we have removed an item
+            ArbitraryDataStorageManager.getInstance().invalidateHostedTransactionsCache();
+
+            return true;
+
+        } catch (DataException | IOException e) {
+            return false;
+        }
+    }
+
+    public void deleteCache() throws IOException {
+        // Don't delete anything if there's a build in progress
+        ArbitraryDataBuildQueueItem queueItem =
+                new ArbitraryDataBuildQueueItem(resourceId, resourceIdType, service, identifier);
+        if (ArbitraryDataBuildManager.getInstance().isInBuildQueue(queueItem)) {
+            return;
+        }
+
+        String baseDir = Settings.getInstance().getTempDataPath();
+        String identifier = this.identifier != null ?  this.identifier : "default";
+        Path cachePath = Paths.get(baseDir, "reader", this.resourceIdType.toString(), this.resourceId, this.service.toString(), identifier);
+        if (cachePath.toFile().exists()) {
+            boolean success = FilesystemUtils.safeDeleteDirectory(cachePath, true);
+            if (success) {
+                LOGGER.info("Cleared cache for resource {}", this.toString());
+            }
+        }
+    }
+
+    private boolean allFilesDownloaded() {
+        // Use chunk counts to speed things up if we can
+        if (this.localChunkCount != null && this.totalChunkCount != null &&
+                this.localChunkCount >= this.totalChunkCount) {
+            return true;
+        }
+
+        try {
+            this.fetchTransactions();
+
+            List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+
+            for (ArbitraryTransactionData transactionData : transactionDataList) {
+                if (!ArbitraryTransactionUtils.completeFileExists(transactionData) ||
+                    !ArbitraryTransactionUtils.allChunksExist(transactionData)) {
+                    return false;
+                }
+            }
+            return true;
+
+        } catch (DataException e) {
+            return false;
+        }
+    }
+
+    private void calculateChunkCounts() {
+        try {
+            this.fetchTransactions();
+
+            List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+            int localChunkCount = 0;
+            int totalChunkCount = 0;
+
+            for (ArbitraryTransactionData transactionData : transactionDataList) {
+                localChunkCount += ArbitraryTransactionUtils.ourChunkCount(transactionData);
+                totalChunkCount += ArbitraryTransactionUtils.totalChunkCount(transactionData);
+            }
+
+            this.localChunkCount = localChunkCount;
+            this.totalChunkCount = totalChunkCount;
+
+        } catch (DataException e) {}
+    }
+
+    private boolean isRateLimited() {
+        try {
+            this.fetchTransactions();
+
+            List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+
+            for (ArbitraryTransactionData transactionData : transactionDataList) {
+                if (ArbitraryDataManager.getInstance().isSignatureRateLimited(transactionData.getSignature())) {
+                    return true;
+                }
+            }
+            return true;
+
+        } catch (DataException e) {
+            return false;
+        }
+    }
+
+    /**
+     * Best guess as to whether data might be available
+     * This is only used to give an indication to the user of progress
+     * @return - whether data might be available on the network
+     */
+    private boolean isDataPotentiallyAvailable() {
+        try {
+            this.fetchTransactions();
+            Long now = NTP.getTime();
+            if (now == null) {
+                return false;
+            }
+
+            List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+
+            for (ArbitraryTransactionData transactionData : transactionDataList) {
+                long lastRequestTime = ArbitraryDataManager.getInstance().lastRequestForSignature(transactionData.getSignature());
+                // If we haven't requested yet, or requested in the last 30 seconds, there's still a
+                // chance that data is on its way but hasn't arrived yet
+                if (lastRequestTime == 0 || now - lastRequestTime < 30 * 1000L) {
+                    return true;
+                }
+            }
+            return false;
+
+        } catch (DataException e) {
+            return false;
+        }
+    }
+
+
+    /**
+     * Best guess as to whether we are currently downloading a resource
+     * This is only used to give an indication to the user of progress
+     * @return - whether we are trying to download the resource
+     */
+    private boolean isDownloading() {
+        try {
+            this.fetchTransactions();
+            Long now = NTP.getTime();
+            if (now == null) {
+                return false;
+            }
+
+            List<ArbitraryTransactionData> transactionDataList = new ArrayList<>(this.transactions);
+
+            for (ArbitraryTransactionData transactionData : transactionDataList) {
+                long lastRequestTime = ArbitraryDataManager.getInstance().lastRequestForSignature(transactionData.getSignature());
+                // If were have requested data in the last 30 seconds, treat it as "downloading"
+                if (lastRequestTime > 0 && now - lastRequestTime < 30 * 1000L) {
+                    return true;
+                }
+            }
+
+            // FUTURE: we may want to check for file hashes (including the metadata file hash) in
+            // ArbitraryDataManager.arbitraryDataFileRequests and return true if one is found.
+
+            return false;
+
+        } catch (DataException e) {
+            return false;
+        }
+    }
+
+
+
+    private void fetchTransactions() throws DataException {
+        if (this.transactions != null && !this.transactions.isEmpty()) {
+            // Already fetched
+            return;
+        }
+
+        try (final Repository repository = RepositoryManager.getRepository()) {
+
+            // Get the most recent PUT
+            ArbitraryTransactionData latestPut = repository.getArbitraryRepository()
+                    .getLatestTransaction(this.resourceId, this.service, ArbitraryTransactionData.Method.PUT, this.identifier);
+            if (latestPut == null) {
+                String message = String.format("Couldn't find PUT transaction for name %s, service %s and identifier %s",
+                        this.resourceId, this.service, this.identifierString());
+                throw new DataException(message);
+            }
+            this.latestPutTransaction = latestPut;
+
+            // Load all transactions since the latest PUT
+            List<ArbitraryTransactionData> transactionDataList = repository.getArbitraryRepository()
+                    .getArbitraryTransactions(this.resourceId, this.service, this.identifier, latestPut.getTimestamp());
+
+            this.transactions = transactionDataList;
+            this.layerCount = transactionDataList.size();
+        }
+    }
+
+    private String resourceIdString() {
+        return resourceId != null ? resourceId : "";
+    }
+
+    private String resourceIdTypeString() {
+        return resourceIdType != null ? resourceIdType.toString() : "";
+    }
+
+    private String serviceString() {
+        return service != null ? service.toString() : "";
+    }
+
+    private String identifierString() {
+        return identifier != null ? identifier : "";
+    }
+
+    @Override
+    public String toString() {
+        return String.format("%s %s %s", this.serviceString(), this.resourceIdString(), this.identifierString());
+    }
+
+
+    /**
+     * @return unique key used to identify this resource
+     */
+    public String getUniqueKey() {
+        return String.format("%s-%s-%s", this.service, this.resourceId, this.identifier).toLowerCase();
+    }
+
+    public String getResourceId() {
+        return this.resourceId;
+    }
+
+    public Service getService() {
+        return this.service;
+    }
+
+    public String getIdentifier() {
+        return this.identifier;
+    }
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataTransactionBuilder.java

@@ -0,0 +1,285 @@
+package org.qortal.arbitrary;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.arbitrary.ArbitraryDataFile.ResourceIdType;
+import org.qortal.arbitrary.ArbitraryDataDiff.*;
+import org.qortal.arbitrary.metadata.ArbitraryDataMetadataPatch;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.block.BlockChain;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.PaymentData;
+import org.qortal.data.transaction.ArbitraryTransactionData;
+import org.qortal.data.transaction.ArbitraryTransactionData.*;
+import org.qortal.data.transaction.BaseTransactionData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.transaction.ArbitraryTransaction;
+import org.qortal.transaction.Transaction;
+import org.qortal.transform.Transformer;
+import org.qortal.utils.Base58;
+import org.qortal.utils.FilesystemUtils;
+import org.qortal.utils.NTP;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+
+public class ArbitraryDataTransactionBuilder {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataTransactionBuilder.class);
+
+    // Min transaction version required
+    private static final int MIN_TRANSACTION_VERSION = 5;
+
+    // Maximum number of PATCH layers allowed
+    private static final int MAX_LAYERS = 10;
+    // Maximum size difference (out of 1) allowed for PATCH transactions
+    private static final double MAX_SIZE_DIFF = 0.2f;
+    // Maximum proportion of files modified relative to total
+    private static final double MAX_FILE_DIFF = 0.5f;
+
+    private final String publicKey58;
+    private final Path path;
+    private final String name;
+    private Method method;
+    private final Service service;
+    private final String identifier;
+    private final Repository repository;
+
+    private int chunkSize = ArbitraryDataFile.CHUNK_SIZE;
+
+    private ArbitraryTransactionData arbitraryTransactionData;
+    private ArbitraryDataFile arbitraryDataFile;
+
+    public ArbitraryDataTransactionBuilder(Repository repository, String publicKey58, Path path, String name,
+                                           Method method, Service service, String identifier) {
+        this.repository = repository;
+        this.publicKey58 = publicKey58;
+        this.path = path;
+        this.name = name;
+        this.method = method;
+        this.service = service;
+
+        // If identifier is a blank string, or reserved keyword "default", treat it as null
+        if (identifier == null || identifier.equals("") || identifier.equals("default")) {
+            identifier = null;
+        }
+        this.identifier = identifier;
+    }
+
+    public void build() throws DataException {
+        try {
+            this.preExecute();
+            this.checkMethod();
+            this.createTransaction();
+        }
+        finally {
+            this.postExecute();
+        }
+    }
+
+    private void preExecute() {
+
+    }
+
+    private void postExecute() {
+
+    }
+
+    private void checkMethod() throws DataException {
+        if (this.method == null) {
+            // We need to automatically determine the method
+            this.method = this.determineMethodAutomatically();
+        }
+    }
+
+    private Method determineMethodAutomatically() throws DataException {
+        ArbitraryDataReader reader = new ArbitraryDataReader(this.name, ResourceIdType.NAME, this.service, this.identifier);
+        try {
+            reader.loadSynchronously(true);
+        } catch (Exception e) {
+            // Catch all exceptions if the existing resource cannot be loaded first time
+            // In these cases it's simplest to just use a PUT transaction
+            return Method.PUT;
+        }
+
+        try {
+            // Check layer count
+            int layerCount = reader.getLayerCount();
+            if (layerCount >= MAX_LAYERS) {
+                LOGGER.info("Reached maximum layer count ({} / {}) - using PUT", layerCount, MAX_LAYERS);
+                return Method.PUT;
+            }
+
+            // Check size of differences between this layer and previous layer
+            ArbitraryDataCreatePatch patch = new ArbitraryDataCreatePatch(reader.getFilePath(), this.path, reader.getLatestSignature());
+            patch.create();
+            long diffSize = FilesystemUtils.getDirectorySize(patch.getFinalPath());
+            long existingStateSize = FilesystemUtils.getDirectorySize(reader.getFilePath());
+            double difference = (double) diffSize / (double) existingStateSize;
+            if (difference > MAX_SIZE_DIFF) {
+                LOGGER.info("Reached maximum difference ({} / {}) - using PUT", difference, MAX_SIZE_DIFF);
+                return Method.PUT;
+            }
+
+            // Check number of modified files
+            ArbitraryDataMetadataPatch metadata = patch.getMetadata();
+            int totalFileCount = patch.getTotalFileCount();
+            int differencesCount = metadata.getFileDifferencesCount();
+            difference = (double) differencesCount / (double) totalFileCount;
+            if (difference > MAX_FILE_DIFF) {
+                LOGGER.info("Reached maximum file differences ({} / {}) - using PUT", difference, MAX_FILE_DIFF);
+                return Method.PUT;
+            }
+
+            // Check the patch types
+            // Limit this check to single file resources only for now
+            boolean atLeastOnePatch = false;
+            if (totalFileCount == 1) {
+                for (ModifiedPath path : metadata.getModifiedPaths()) {
+                    if (path.getDiffType() != DiffType.COMPLETE_FILE) {
+                        atLeastOnePatch = true;
+                    }
+                }
+            }
+            if (!atLeastOnePatch) {
+                LOGGER.info("Patch consists of complete files only - using PUT");
+                return Method.PUT;
+            }
+
+            // State is appropriate for a PATCH transaction
+            return Method.PATCH;
+        }
+        catch (IOException | DataException e) {
+            // Handle matching states separately, as it's best to block transactions with duplicate states
+            if (e.getMessage().equals("Current state matches previous state. Nothing to do.")) {
+                throw new DataException(e.getMessage());
+            }
+            LOGGER.info("Caught exception: {}", e.getMessage());
+            LOGGER.info("Unable to load existing resource - using PUT to overwrite it.");
+            return Method.PUT;
+        }
+    }
+
+    private void createTransaction() throws DataException {
+        arbitraryDataFile = null;
+        try {
+            Long now = NTP.getTime();
+            if (now == null) {
+                throw new DataException("NTP time not synced yet");
+            }
+
+            // Ensure that this chain supports transactions necessary for complex arbitrary data
+            int transactionVersion = Transaction.getVersionByTimestamp(now);
+            if (transactionVersion < MIN_TRANSACTION_VERSION) {
+                throw new DataException("Transaction version unsupported on this blockchain.");
+            }
+
+            if (publicKey58 == null || path == null) {
+                throw new DataException("Missing public key or path");
+            }
+            byte[] creatorPublicKey = Base58.decode(publicKey58);
+            final String creatorAddress = Crypto.toAddress(creatorPublicKey);
+            byte[] lastReference = repository.getAccountRepository().getLastReference(creatorAddress);
+            if (lastReference == null) {
+                // Use a random last reference on the very first transaction for an account
+                // Code copied from CrossChainResource.buildAtMessage()
+                // We already require PoW on all arbitrary transactions, so no additional logic is needed
+                Random random = new Random();
+                lastReference = new byte[Transformer.SIGNATURE_LENGTH];
+                random.nextBytes(lastReference);
+            }
+
+            Compression compression = Compression.ZIP;
+
+            // FUTURE? Use zip compression for directories, or no compression for single files
+            // Compression compression = (path.toFile().isDirectory()) ? Compression.ZIP : Compression.NONE;
+
+            ArbitraryDataWriter arbitraryDataWriter = new ArbitraryDataWriter(path, name, service, identifier, method, compression);
+            try {
+                arbitraryDataWriter.setChunkSize(this.chunkSize);
+                arbitraryDataWriter.save();
+            } catch (IOException | DataException | InterruptedException | RuntimeException | MissingDataException e) {
+                LOGGER.info("Unable to create arbitrary data file: {}", e.getMessage());
+                throw new DataException(e.getMessage());
+            }
+
+            // Get main file
+            arbitraryDataFile = arbitraryDataWriter.getArbitraryDataFile();
+            if (arbitraryDataFile == null) {
+                throw new DataException("Arbitrary data file is null");
+            }
+
+            // Get chunks metadata file
+            ArbitraryDataFile metadataFile = arbitraryDataFile.getMetadataFile();
+            if (metadataFile == null && arbitraryDataFile.chunkCount() > 1) {
+                throw new DataException(String.format("Chunks metadata data file is null but there are %d chunks", arbitraryDataFile.chunkCount()));
+            }
+
+            String digest58 = arbitraryDataFile.digest58();
+            if (digest58 == null) {
+                LOGGER.error("Unable to calculate file digest");
+                throw new DataException("Unable to calculate file digest");
+            }
+
+            final BaseTransactionData baseTransactionData = new BaseTransactionData(now, Group.NO_GROUP,
+                    lastReference, creatorPublicKey, 0L, null);
+            final int size = (int) arbitraryDataFile.size();
+            final int version = 5;
+            final int nonce = 0;
+            byte[] secret = arbitraryDataFile.getSecret();
+            final ArbitraryTransactionData.DataType dataType = ArbitraryTransactionData.DataType.DATA_HASH;
+            final byte[] digest = arbitraryDataFile.digest();
+            final byte[] metadataHash = (metadataFile != null) ? metadataFile.getHash() : null;
+            final List<PaymentData> payments = new ArrayList<>();
+
+            ArbitraryTransactionData transactionData = new ArbitraryTransactionData(baseTransactionData,
+                    version, service, nonce, size, name, identifier, method,
+                    secret, compression, digest, dataType, metadataHash, payments);
+
+            this.arbitraryTransactionData = transactionData;
+
+        } catch (DataException e) {
+            if (arbitraryDataFile != null) {
+                arbitraryDataFile.deleteAll();
+            }
+            throw(e);
+        }
+
+    }
+
+    public void computeNonce() throws DataException {
+        if (this.arbitraryTransactionData == null) {
+            throw new DataException("Arbitrary transaction data is required to compute nonce");
+        }
+
+        ArbitraryTransaction transaction = (ArbitraryTransaction) Transaction.fromData(repository, this.arbitraryTransactionData);
+        LOGGER.info("Computing nonce...");
+        transaction.computeNonce();
+
+        Transaction.ValidationResult result = transaction.isValidUnconfirmed();
+        if (result != Transaction.ValidationResult.OK) {
+            arbitraryDataFile.deleteAll();
+            throw new DataException(String.format("Arbitrary transaction invalid: %s", result));
+        }
+        LOGGER.info("Transaction is valid");
+    }
+
+    public ArbitraryTransactionData getArbitraryTransactionData() {
+        return this.arbitraryTransactionData;
+    }
+
+    public ArbitraryDataFile getArbitraryDataFile() {
+        return this.arbitraryDataFile;
+    }
+
+    public void setChunkSize(int chunkSize) {
+        this.chunkSize = chunkSize;
+    }
+
+}

src/main/java/org/qortal/arbitrary/ArbitraryDataWriter.java

@@ -0,0 +1,342 @@
+package org.qortal.arbitrary;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.arbitrary.exception.MissingDataException;
+import org.qortal.arbitrary.metadata.ArbitraryDataTransactionMetadata;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.transaction.ArbitraryTransactionData.*;
+import org.qortal.crypto.AES;
+import org.qortal.repository.DataException;
+import org.qortal.arbitrary.ArbitraryDataFile.*;
+import org.qortal.settings.Settings;
+import org.qortal.utils.Base58;
+import org.qortal.utils.FilesystemUtils;
+import org.qortal.utils.ZipUtils;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+public class ArbitraryDataWriter {
+
+    private static final Logger LOGGER = LogManager.getLogger(ArbitraryDataWriter.class);
+
+    private Path filePath;
+    private final String name;
+    private final Service service;
+    private final String identifier;
+    private final Method method;
+    private final Compression compression;
+
+    private int chunkSize = ArbitraryDataFile.CHUNK_SIZE;
+
+    private SecretKey aesKey;
+    private ArbitraryDataFile arbitraryDataFile;
+
+    // Intermediate paths to cleanup
+    private Path workingPath;
+    private Path compressedPath;
+    private Path encryptedPath;
+
+    public ArbitraryDataWriter(Path filePath, String name, Service service, String identifier, Method method, Compression compression) {
+        this.filePath = filePath;
+        this.name = name;
+        this.service = service;
+        this.method = method;
+        this.compression = compression;
+
+        // If identifier is a blank string, or reserved keyword "default", treat it as null
+        if (identifier == null || identifier.equals("") || identifier.equals("default")) {
+            identifier = null;
+        }
+        this.identifier = identifier;
+    }
+
+    public void save() throws IOException, DataException, InterruptedException, MissingDataException {
+        try {
+            this.preExecute();
+            this.validateService();
+            this.process();
+            this.compress();
+            this.encrypt();
+            this.split();
+            this.createMetadataFile();
+            this.validate();
+
+        } finally {
+            this.postExecute();
+        }
+    }
+
+    private void preExecute() throws DataException {
+        this.checkEnabled();
+
+        // Enforce compression when uploading a directory
+        File file = new File(this.filePath.toString());
+        if (file.isDirectory() && compression == Compression.NONE) {
+            throw new DataException("Unable to upload a directory without compression");
+        }
+
+        // Create temporary working directory
+        this.createWorkingDirectory();
+    }
+
+    private void postExecute() throws IOException {
+        this.cleanupFilesystem();
+    }
+
+    private void checkEnabled() throws DataException {
+        if (!Settings.getInstance().isQdnEnabled()) {
+            throw new DataException("QDN is disabled in settings");
+        }
+    }
+
+    private void createWorkingDirectory() throws DataException {
+        // Use the user-specified temp dir, as it is deterministic, and is more likely to be located on reusable storage hardware
+        String baseDir = Settings.getInstance().getTempDataPath();
+        String identifier = Base58.encode(Crypto.digest(this.filePath.toString().getBytes()));
+        Path tempDir = Paths.get(baseDir, "writer", identifier);
+        try {
+            Files.createDirectories(tempDir);
+        } catch (IOException e) {
+            throw new DataException("Unable to create temp directory");
+        }
+        this.workingPath = tempDir;
+    }
+
+    private void validateService() throws IOException, DataException {
+        if (this.service.isValidationRequired()) {
+            Service.ValidationResult result = this.service.validate(this.filePath);
+            if (result != Service.ValidationResult.OK) {
+                throw new DataException(String.format("Validation of %s failed: %s", this.service, result.toString()));
+            }
+        }
+    }
+
+    private void process() throws DataException, IOException, MissingDataException {
+        switch (this.method) {
+
+            case PUT:
+                // Nothing to do
+                break;
+
+            case PATCH:
+                this.processPatch();
+                break;
+
+            default:
+                throw new DataException(String.format("Unknown method specified: %s", method.toString()));
+        }
+    }
+
+    private void processPatch() throws DataException, IOException, MissingDataException {
+
+        // Build the existing state using past transactions
+        ArbitraryDataBuilder builder = new ArbitraryDataBuilder(this.name, this.service, this.identifier);
+        builder.build();
+        Path builtPath = builder.getFinalPath();
+
+        // Obtain the latest signature, so this can be included in the patch
+        byte[] latestSignature = builder.getLatestSignature();
+
+        // Compute a diff of the latest changes on top of the previous state
+        // Then use only the differences as our data payload
+        ArbitraryDataCreatePatch patch = new ArbitraryDataCreatePatch(builtPath, this.filePath, latestSignature);
+        patch.create();
+        this.filePath = patch.getFinalPath();
+
+        // Delete the input directory
+        if (FilesystemUtils.pathInsideDataOrTempPath(builtPath)) {
+            File directory = new File(builtPath.toString());
+            FileUtils.deleteDirectory(directory);
+        }
+
+        // Validate the patch
+        this.validatePatch();
+    }
+
+    private void validatePatch() throws DataException {
+        if (this.filePath == null) {
+            throw new DataException("Null path after creating patch");
+        }
+
+        File qortalMetadataDirectoryFile = Paths.get(this.filePath.toString(), ".qortal").toFile();
+        if (!qortalMetadataDirectoryFile.exists()) {
+            throw new DataException("Qortal metadata folder doesn't exist in patch");
+        }
+        if (!qortalMetadataDirectoryFile.isDirectory()) {
+            throw new DataException("Qortal metadata folder isn't a directory");
+        }
+
+        File qortalPatchMetadataFile = Paths.get(this.filePath.toString(), ".qortal", "patch").toFile();
+        if (!qortalPatchMetadataFile.exists()) {
+            throw new DataException("Qortal patch metadata file doesn't exist in patch");
+        }
+        if (!qortalPatchMetadataFile.isFile()) {
+            throw new DataException("Qortal patch metadata file isn't a file");
+        }
+    }
+
+    private void compress() throws InterruptedException, DataException {
+        // Compress the data if requested
+        if (this.compression != Compression.NONE) {
+            this.compressedPath = Paths.get(this.workingPath.toString(), "data.zip");
+            try {
+
+                if (this.compression == Compression.ZIP) {
+                    LOGGER.info("Compressing...");
+                    String enclosingFolderName = "data";
+                    ZipUtils.zip(this.filePath.toString(), this.compressedPath.toString(), enclosingFolderName);
+                }
+                else {
+                    throw new DataException(String.format("Unknown compression type specified: %s", compression.toString()));
+                }
+                // FUTURE: other compression types
+
+                // Delete the input directory
+                if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
+                    File directory = new File(this.filePath.toString());
+                    FileUtils.deleteDirectory(directory);
+                }
+                // Replace filePath pointer with the zipped file path
+                this.filePath = this.compressedPath;
+
+            } catch (IOException | DataException e) {
+                throw new DataException("Unable to zip directory", e);
+            }
+        }
+    }
+
+    private void encrypt() throws DataException {
+        this.encryptedPath = Paths.get(this.workingPath.toString(), "data.zip.encrypted");
+        try {
+            // Encrypt the file with AES
+            LOGGER.info("Encrypting...");
+            this.aesKey = AES.generateKey(256);
+            AES.encryptFile("AES/CBC/PKCS5Padding", this.aesKey, this.filePath.toString(), this.encryptedPath.toString());
+
+            // Delete the input file
+            if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
+                Files.delete(this.filePath);
+            }
+            // Replace filePath pointer with the encrypted file path
+            this.filePath = this.encryptedPath;
+
+        } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchPaddingException
+                | BadPaddingException | IllegalBlockSizeException | IOException | InvalidKeyException e) {
+            throw new DataException(String.format("Unable to encrypt file %s: %s", this.filePath, e.getMessage()));
+        }
+    }
+
+    private void split() throws IOException, DataException {
+        // We don't have a signature yet, so use null to put the file in a generic folder
+        this.arbitraryDataFile = ArbitraryDataFile.fromPath(this.filePath, null);
+        if (this.arbitraryDataFile == null) {
+            throw new IOException("No file available when trying to split");
+        }
+
+        int chunkCount = this.arbitraryDataFile.split(this.chunkSize);
+        if (chunkCount > 0) {
+            LOGGER.info(String.format("Successfully split into %d chunk%s", chunkCount, (chunkCount == 1 ? "" : "s")));
+        }
+        else {
+            throw new DataException("Unable to split file into chunks");
+        }
+    }
+
+    private void createMetadataFile() throws IOException, DataException {
+        // If we have at least one chunk, we need to create an index file containing their hashes
+        if (this.arbitraryDataFile.chunkCount() > 1) {
+            // Create the JSON file
+            Path chunkFilePath = Paths.get(this.workingPath.toString(), "metadata.json");
+            ArbitraryDataTransactionMetadata chunkMetadata = new ArbitraryDataTransactionMetadata(chunkFilePath);
+            chunkMetadata.setChunks(this.arbitraryDataFile.chunkHashList());
+            chunkMetadata.write();
+
+            // Create an ArbitraryDataFile from the JSON file (we don't have a signature yet)
+            ArbitraryDataFile metadataFile = ArbitraryDataFile.fromPath(chunkFilePath, null);
+            this.arbitraryDataFile.setMetadataFile(metadataFile);
+        }
+    }
+
+    private void validate() throws IOException, DataException {
+        if (this.arbitraryDataFile == null) {
+            throw new DataException("No file available when validating");
+        }
+        this.arbitraryDataFile.setSecret(this.aesKey.getEncoded());
+
+        // Validate the file
+        ValidationResult validationResult = this.arbitraryDataFile.isValid();
+        if (validationResult != ValidationResult.OK) {
+            throw new DataException(String.format("File %s failed validation: %s", this.arbitraryDataFile, validationResult));
+        }
+        LOGGER.info("Whole file hash is valid: {}", this.arbitraryDataFile.digest58());
+
+        // Validate each chunk
+        for (ArbitraryDataFileChunk chunk : this.arbitraryDataFile.getChunks()) {
+            validationResult = chunk.isValid();
+            if (validationResult != ValidationResult.OK) {
+                throw new DataException(String.format("Chunk %s failed validation: %s", chunk, validationResult));
+            }
+        }
+        LOGGER.info("Chunk hashes are valid");
+
+        // Validate chunks metadata file
+        if (this.arbitraryDataFile.chunkCount() > 1) {
+            ArbitraryDataFile metadataFile = this.arbitraryDataFile.getMetadataFile();
+            if (metadataFile == null || !metadataFile.exists()) {
+                throw new DataException("No metadata file available, but there are multiple chunks");
+            }
+            // Read the file
+            ArbitraryDataTransactionMetadata metadata = new ArbitraryDataTransactionMetadata(metadataFile.getFilePath());
+            metadata.read();
+            // Check all chunks exist
+            for (byte[] chunk : this.arbitraryDataFile.chunkHashList()) {
+                if (!metadata.containsChunk(chunk)) {
+                    throw new DataException(String.format("Missing chunk %s in metadata file", Base58.encode(chunk)));
+                }
+            }
+        }
+    }
+
+    private void cleanupFilesystem() throws IOException {
+        // Clean up
+        if (FilesystemUtils.pathInsideDataOrTempPath(this.compressedPath)) {
+            File zippedFile = new File(this.compressedPath.toString());
+            if (zippedFile.exists()) {
+                zippedFile.delete();
+            }
+        }
+        if (FilesystemUtils.pathInsideDataOrTempPath(this.encryptedPath)) {
+            File encryptedFile = new File(this.encryptedPath.toString());
+            if (encryptedFile.exists()) {
+                encryptedFile.delete();
+            }
+        }
+        if (FilesystemUtils.pathInsideDataOrTempPath(this.workingPath)) {
+            FileUtils.deleteDirectory(new File(this.workingPath.toString()));
+        }
+    }
+
+
+    public ArbitraryDataFile getArbitraryDataFile() {
+        return this.arbitraryDataFile;
+    }
+
+    public void setChunkSize(int chunkSize) {
+        this.chunkSize = chunkSize;
+    }
+
+}

src/main/java/org/qortal/arbitrary/exception/MissingDataException.java

@@ -0,0 +1,20 @@
+package org.qortal.arbitrary.exception;
+
+public class MissingDataException extends Exception {
+
+	public MissingDataException() {
+	}
+
+	public MissingDataException(String message) {
+		super(message);
+	}
+
+	public MissingDataException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	public MissingDataException(Throwable cause) {
+		super(cause);
+	}
+
+}

src/main/java/org/qortal/arbitrary/metadata/ArbitraryDataMetadata.java

@@ -0,0 +1,85 @@
+package org.qortal.arbitrary.metadata;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.qortal.repository.DataException;
+
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+/**
+ * ArbitraryDataMetadata
+ *
+ * This is a base class to handle reading and writing JSON to the supplied filePath.
+ *
+ * It is not usable on its own; it must be subclassed, with two methods overridden:
+ *
+ * readJson() - code to unserialize the JSON file
+ * buildJson() - code to serialize the JSON file
+ *
+ */
+public class ArbitraryDataMetadata {
+
+    protected static final Logger LOGGER = LogManager.getLogger(ArbitraryDataMetadata.class);
+
+    protected Path filePath;
+
+    protected String jsonString;
+
+    public ArbitraryDataMetadata(Path filePath) {
+        this.filePath = filePath;
+    }
+
+    protected void readJson() throws DataException {
+        // To be overridden
+    }
+
+    protected void buildJson() {
+        // To be overridden
+    }
+
+
+    public void read() throws IOException, DataException {
+        this.loadJson();
+        this.readJson();
+    }
+
+    public void write() throws IOException, DataException {
+        this.buildJson();
+        this.createParentDirectories();
+
+        BufferedWriter writer = new BufferedWriter(new FileWriter(this.filePath.toString()));
+        writer.write(this.jsonString);
+        writer.newLine();
+        writer.close();
+    }
+
+
+    protected void loadJson() throws IOException {
+        File metadataFile = new File(this.filePath.toString());
+        if (!metadataFile.exists()) {
+            throw new IOException(String.format("Metadata file doesn't exist: %s", this.filePath.toString()));
+        }
+
+        this.jsonString = new String(Files.readAllBytes(this.filePath));
+    }
+
+
+    protected void createParentDirectories() throws DataException {
+        try {
+            Files.createDirectories(this.filePath.getParent());
+        } catch (IOException e) {
+            throw new DataException("Unable to create parent directories");
+        }
+    }
+
+
+    public String getJsonString() {
+        return this.jsonString;
+    }
+
+}

src/main/java/org/qortal/arbitrary/metadata/ArbitraryDataMetadataCache.java

@@ -0,0 +1,69 @@
+package org.qortal.arbitrary.metadata;
+
+import org.json.JSONObject;
+import org.qortal.repository.DataException;
+import org.qortal.utils.Base58;
+
+import java.nio.file.Path;
+
+public class ArbitraryDataMetadataCache extends ArbitraryDataQortalMetadata {
+
+    private byte[] signature;
+    private long timestamp;
+
+    public ArbitraryDataMetadataCache(Path filePath) {
+        super(filePath);
+
+    }
+
+    @Override
+    protected String fileName() {
+        return "cache";
+    }
+
+    @Override
+    protected void readJson() throws DataException {
+        if (this.jsonString == null) {
+            throw new DataException("Patch JSON string is null");
+        }
+
+        JSONObject cache = new JSONObject(this.jsonString);
+        if (cache.has("signature")) {
+            String sig = cache.getString("signature");
+            if (sig != null) {
+                this.signature = Base58.decode(sig);
+            }
+        }
+        if (cache.has("timestamp")) {
+            this.timestamp = cache.getLong("timestamp");
+        }
+    }
+
+    @Override
+    protected void buildJson() {
+        JSONObject patch = new JSONObject();
+        patch.put("signature", Base58.encode(this.signature));
+        patch.put("timestamp", this.timestamp);
+
+        this.jsonString = patch.toString(2);
+        LOGGER.trace("Cache metadata: {}", this.jsonString);
+    }
+
+
+    public void setSignature(byte[] signature) {
+        this.signature = signature;
+    }
+
+    public byte[] getSignature() {
+        return this.signature;
+    }
+
+    public void setTimestamp(long timestamp) {
+        this.timestamp = timestamp;
+    }
+
+    public long getTimestamp() {
+        return this.timestamp;
+    }
+
+}