Moved trimming and pruning classes into a single package (org.qortal.controller.repository)

Note - the rebuildLatestAtStates() must never be used by two different classes at the same time, or AT states could be incorrectly deleted. It is okay at the moment as we don't run the AT states trimmer and pruner in the same app session. However we should probably synchronize this method so that we don't accidentally call it from two places in the future.

.github/workflows/pr-testing.yml

@@ -0,0 +1,33 @@
+name: PR testing
+
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  mavenTesting:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Cache local Maven repository
+      uses: actions/cache@v2
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    - name: Set up the Java JDK
+      uses: actions/setup-java@v2
+      with:
+        java-version: '11'
+        distribution: 'adopt'
+
+    - name: Run all tests
+      run: |
+        mvn -B clean test -DskipTests=false --file pom.xml
+        if [ -f "target/site/jacoco/index.html" ]; then echo "Total coverage: $(cat target/site/jacoco/index.html | grep -o 'Total[^%]*%' | grep -o '[0-9]*%')"; fi
+
+    - name: Log coverage percentage
+      run: |
+        if [ ! -f "target/site/jacoco/index.html" ]; then echo "No coverage information available"; fi
+        if [ -f "target/site/jacoco/index.html" ]; then echo "Total coverage: $(cat target/site/jacoco/index.html | grep -o 'Total[^%]*%' | grep -o '[0-9]*%')"; fi

.gitignore

@@ -1,6 +1,8 @@
 /db*
+/lists/
 /bin/
 /target/
+/qortal-backup/
 /log.txt.*
 /arbitrary*
 /Qortal-BTC*
@@ -14,5 +16,13 @@
 /settings.json
 /testnet*
 /settings*.json
-/testchain.json
-/run-testnet.sh
+/testchain*.json
+/run-testnet*.sh
+/.idea
+/qortal.iml
+.DS_Store
+/src/main/resources/resources
+/*.jar
+/run.pid
+/run.log
+/WindowsInstaller/Install Files/qortal.jar

AutoUpdates.md

@@ -1,5 +1,20 @@
 # Auto Updates
 
+## TL;DR: how-to
+
+* Prepare new release version (see way below for details)
+* Assuming you are in git 'master' branch, at HEAD
+* Shutdown local node if running
+* Build auto-update download: `tools/build-auto-update.sh` - uploads auto-update file into new git branch
+* Restart local node
+* Publish auto-update transaction using *private key* for **non-admin** member of "dev" group:
+	`tools/publish-auto-update.sh non-admin-dev-member-private-key-in-base58`
+* Wait for auto-update `ARBITRARY` transaction to be confirmed into a block
+* Have "dev" group admins 'approve' auto-update using `tools/approve-auto-update.sh`
+	This tool will prompt for *private key* of **admin** of "dev" group
+* A minimum number of admins are required for approval, and a minimum number of blocks must pass also.
+* Nodes will start to download, and apply, the update over the next 20 minutes or so (see CHECK_INTERVAL in AutoUpdate.java)
+
 ## Theory
 * Using a specific git commit (e.g. abcdef123) we produce a determinstic JAR with consistent hash.
 * To avoid issues with over-eager anti-virus / firewalls we obfuscate JAR using very simplistic XOR-based method.
@@ -25,8 +40,8 @@ The same method is used to obfuscate and de-obfuscate:
 
 ## Typical download locations
 The git SHA1 commit hash is used to replace `%s` in various download locations, e.g.:
-* https://github.com/QORT/qortal/raw/%s/qortal.update
-* https://raw.githubusercontent.com@151.101.16.133/QORT/qortal/%s/qortal.update
+* https://github.com/Qortal/qortal/raw/%s/qortal.update
+* https://raw.githubusercontent.com@151.101.16.133/Qortal/qortal/%s/qortal.update
 
 These locations are part of the org.qortal.settings.Settings class and can be overriden in settings.json like:
 ```
@@ -45,4 +60,12 @@ $ java -cp qortal.jar org.qortal.XorUpdate
 usage: XorUpdate <input-file> <output-file>
 $ java -cp qortal.jar org.qortal.XorUpdate qortal.jar qortal.update
 $
-```
+```
+
+## Preparing new release version
+
+* Shutdown local node
+* Modify `pom.xml` and increase version inside `<version>` tag
+* Commit new `pom.xml` and push to github, e.g. `git commit -m 'Bumped to v1.4.2' -- pom.xml; git push`
+* Tag this new commit with same version: `git tag v1.4.2`
+* Push tag up to github: `git push origin v1.4.2`

DATABASE.md

@@ -4,10 +4,10 @@ You can examine your node's database using [HSQLDB's "sqltool"](http://www.hsqld
 It's a good idea to install "rlwrap" (ReadLine wrapper) too as sqltool doesn't support command history/editing.
 
 Typical command line for sqltool would be:
-`rlwrap java -cp ${HSQLDB_JAR}:${SQLTOOL_JAR} org.hsqldb.cmdline.SqlTool --rcFile=${SQLTOOL_RC} qora`
+`rlwrap java -cp ${HSQLDB_JAR}:${SQLTOOL_JAR} org.hsqldb.cmdline.SqlTool --rcFile=${SQLTOOL_RC} qortal`
 
 `${HSQLDB_JAR}` should be set with pathname where Maven downloaded hsqldb, 
-typically `${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar`
+typically `${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.1/hsqldb-2.5.1.jar`
 
 `${SQLTOOL_JAR}` should be set with pathname where Maven downloaded sqltool,
 typically  `${HOME}/.m2/repository/org/hsqldb/sqltool/2.5.0/sqltool-2.5.0.jar`
@@ -25,10 +25,16 @@ Above `url` component `file:db/blockchain` assumes you will call `sqltool` from
 
 Another idea is to assign a shell alias in your `.bashrc` like:
 ```
-export HSQLDB_JAR=${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar
+export HSQLDB_JAR=${HOME}/.m2/repository/org/hsqldb/hsqldb/2.5.1/hsqldb-2.5.1.jar
 export SQLTOOL_JAR=${HOME}/.m2/repository/org/hsqldb/sqltool/2.5.0/sqltool-2.5.0.jar
 alias sqltool='rlwrap java -cp ${HSQLDB_JAR}:${SQLTOOL_JAR} org.hsqldb.cmdline.SqlTool --rcFile=${SQLTOOL_RC}'
 ```
 So you can simply type: `sqltool qortal`
 
 Don't forget to use `SHUTDOWN;` before exiting sqltool so that database files are closed cleanly.
+
+## Quick and dirty version
+
+With `sqltool-2.5.0.jar` and `qortal.jar` in current directory, and database in `db/`
+
+`java -cp qortal.jar:sqltool-2.5.0.jar org.hsqldb.cmdline.SqlTool --inlineRc=url=jdbc:hsqldb:file:db/blockchain`

README.md

@@ -9,4 +9,4 @@
 - Create basic *settings.json* file: `echo '{}' > settings.json`
 - Run JAR in same working directory as *settings.json*: `java -jar target/qortal-1.0.jar`
 - Wrap in shell script, add JVM flags, redirection, backgrounding, etc. as necessary.
-- Or use supplied example shell script: *run.sh*
+- Or use supplied example shell script: *start.sh*

TestNets.md

@@ -0,0 +1,69 @@
+# How to build a testnet
+
+## Create testnet blockchain config
+
+- You can begin by copying the mainnet blockchain config `src/main/resources/blockchain.json`
+- Insert `"isTestChain": true,` after the opening `{`
+- Modify testnet genesis block
+
+### Testnet genesis block
+
+- Set `timestamp` to a nearby future value, e.g. 15 mins from 'now'
+	This is to give yourself enough time to set up other testnet nodes
+- Retain the initial `ISSUE_ASSET` transactions!
+- Add `ACCOUNT_FLAGS` transactions with `"andMask": -1, "orMask": 1, "xorMask": 0` to create founders
+- Add at least one `REWARD_SHARE` transaction otherwise no-one can mint initial blocks!
+	You will need to calculate `rewardSharePublicKey` (and private key),
+	or make a new account on mainnet and use self-share key values
+- Add `ACCOUNT_LEVEL` transactions to set initial level of accounts as needed
+- Add `GENESIS` transactions to add QORT/LEGACY_QORA funds to accounts as needed
+
+## Testnet `settings.json`
+
+- Create a new `settings-test.json`
+- Make sure to add `"isTestNet": true,`
+- Make sure to reference testnet blockchain config file: `"blockchainConfig": "testchain.json",`
+- It is a good idea to use a separate database: `"repositoryPath": "db-testnet",`
+- You might also need to add `"bitcoinNet": "TEST3",` and `"litecoinNet": "TEST3",`
+
+## Other nodes
+
+- Copy `testchain.json` and `settings-test.json` to other nodes
+- Alternatively, you can run multiple nodes on the same machine by:
+	* Copying `settings-test.json` to `settings-test-1.json`
+	* Configure different `repositoryPath`
+	* Configure use of different ports:
+		+ `"apiPort": 22391,`
+		+ `"listenPort": 22392,`
+
+## Starting-up
+
+- Start up at least as many nodes as `minBlockchainPeers` (or adjust this value instead)
+- Probably best to perform API call `DELETE /peers/known`
+- Add other nodes via API call `POST /peers <peer-hostname-or-IP>`
+- Add minting private key to node(s) via API call `POST /admin/mintingaccounts <minting-private-key>`
+	This key must have corresponding `REWARD_SHARE` transaction in testnet genesis block
+- Wait for genesis block timestamp to pass
+- A node should mint block 2 approximately 60 seconds after genesis block timestamp
+- Other testnet nodes will sync *as long as there is at least `minBlockchainPeers` peers with an "up-to-date" chain`
+- You can also use API call `POST /admin/forcesync <connected-peer-IP-and-port>` on stuck nodes
+
+## Dealing with stuck chain
+
+Maybe your nodes have been offline and no-one has minted a recent testnet block.
+Your options are:
+
+- Start a new testnet from scratch
+- Fire up your testnet node(s)
+- Force one of your nodes to mint by:
+	+ Set a debugger breakpoint on Settings.getMinBlockchainPeers()
+	+ When breakpoint is hit, change `this.minBlockchainPeers` to zero, then continue
+- Once one of your nodes has minted blocks up to 'now', you can use "forcesync" on the other nodes
+
+## Tools
+
+- `qort` tool, but use `-t` option for default testnet API port (62391)
+- `qort` tool, but first set shell variable: `export BASE_URL=some-node-hostname-or-ip:port`
+- `qort` tool, but prepend with one-time shell variable: `BASE_URL=some-node-hostname-or-ip:port qort ......`
+- `peer-heights`, but use `-t` option, or `BASE_URL` shell variable as above
+

WindowsInstaller/Install Files/AppData/settings.json

@@ -0,0 +1,3 @@
+{
+  "apiDocumentationEnabled": true
+}

WindowsInstaller/Install Files/log4j2.properties

@@ -0,0 +1,70 @@
+rootLogger.level = info
+# On Windows, uncomment next line to set dirname:
+# property.dirname = ${sys:user.home}\\AppData\\Local\\qortal\\
+property.filename = ${sys:log4j2.filenameTemplate:-log.txt}
+
+rootLogger.appenderRef.console.ref = stdout
+rootLogger.appenderRef.rolling.ref = FILE
+
+# Suppress extraneous bitcoinj library output
+logger.bitcoinj.name = org.bitcoinj
+logger.bitcoinj.level = error
+
+# Override HSQLDB logging level to "warn" as too much is logged at "info"
+logger.hsqldb.name = hsqldb.db
+logger.hsqldb.level = warn
+
+# Support optional, per-session HSQLDB debugging
+logger.hsqldbRepository.name = org.qortal.repository.hsqldb
+logger.hsqldbRepository.level = debug
+
+# Suppress extraneous Jersey warning
+logger.jerseyInject.name = org.glassfish.jersey.internal.inject.Providers
+logger.jerseyInject.level = off
+
+# Suppress extraneous Jersey EOF 'errors' (actually remote peers disconnecting early)
+logger.jerseyEOF.name = org.glassfish.jersey.server.internal
+logger.jerseyEOF.level = off
+
+# Suppress extraneous Jetty entries
+# 2019-02-14 11:46:27 INFO  ContextHandler:851 - Started o.e.j.s.ServletContextHandler@6949e948{/,null,AVAILABLE}
+# 2019-02-14 11:46:27 INFO  AbstractConnector:289 - Started ServerConnector@50ad322b{HTTP/1.1,[http/1.1]}{0.0.0.0:9085}
+# 2019-02-14 11:46:27 INFO  Server:374 - jetty-9.4.11.v20180605; built: 2018-06-05T18:24:03.829Z; git: d5fc0523cfa96bfebfbda19606cad384d772f04c; jvm 1.8.0_181-b13
+# 2019-02-14 11:46:27 INFO  Server:411 - Started @2539ms
+logger.jetty.name = org.eclipse.jetty
+logger.jetty.level = warn
+# Even more extraneous Jetty output
+# 2019-01-26 02:18:10 WARN  ResourceService:718 - java.util.concurrent.TimeoutException: Idle timeout expired: 30000/30000 ms
+logger.jettyRS.name = org.eclipse.jetty.server.ResourceService
+logger.jettyRS.level = error
+
+# Suppress extraneous slf4j entries
+# 2019-02-14 11:46:27 INFO  log:193 - Logging initialized @1636ms to org.eclipse.jetty.util.log.Slf4jLog
+logger.slf4j.name = org.slf4j
+logger.slf4j.level = warn
+
+# Suppress extraneous Reflections entry
+# 2019-02-27 10:45:25 WARN  Reflections:179 - given scan urls are empty. set urls in the configuration
+logger.orgReflections.name = org.reflections.Reflections
+logger.orgReflections.level = off
+logger.sunReflections.name = sun.reflect.Reflection
+logger.sunReflections.level = off
+
+appender.console.type = Console
+appender.console.name = stdout
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
+appender.console.filter.threshold.type = ThresholdFilter
+appender.console.filter.threshold.level = error
+
+appender.rolling.type = RollingFile
+appender.rolling.name = FILE
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
+appender.rolling.filePattern = ${dirname:-}${filename}.%i
+appender.rolling.policy.type = SizeBasedTriggeringPolicy
+appender.rolling.policy.size = 4MB
+# Set the immediate flush to true (default)
+# appender.rolling.immediateFlush = true
+# Set the append to true (default), should not overwrite
+# appender.rolling.append=true

WindowsInstaller/Install Files/ntpcfg.bat

@@ -0,0 +1,33 @@
+@echo off
+
+:: BatchGotAdmin
+:-------------------------------------
+REM  --> Check for permissions
+>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
+
+REM --> If error flag set, we do not have admin.
+if '%errorlevel%' NEQ '0' (
+    echo Requesting administrative privileges...
+    goto UACPrompt
+) else ( goto gotAdmin )
+
+:UACPrompt
+    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
+    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
+
+    "%temp%\getadmin.vbs"
+    exit /B
+
+:gotAdmin
+    if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
+    pushd "%CD%"
+    CD /D "%~dp0"
+:--------------------------------------
+
+net stop "Windows Time"
+
+w32tm /config "/manualpeerlist:pool.ntp.org 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org cn.pool.ntp.org 0.cn.pool.ntp.org 1.cn.pool.ntp.org 2.cn.pool.ntp.org 3.cn.pool.ntp.org"
+
+net start "Windows Time"
+
+sc config w32time start= auto

WindowsInstaller/README.md

@@ -0,0 +1,26 @@
+# Windows installer
+
+## Prerequisites
+
+* AdvancedInstaller v16 or better, and enterprise licence if translations are required
+* Installed AdoptOpenJDK v11 64bit, full JDK *not* JRE
+
+## General build instructions
+
+If this is your first time opening the `qortal.aip` file then you might need to adjust
+configured paths, or create a dummy `D:` drive with the expected layout.
+
+Typical build procedure:
+
+* Place the `qortal.jar` file in `Install-Files\`
+* Open AdvancedInstaller with qortal.aip file
+* If releasing a new version, change version number in:
+	+ "Product Information" side menu
+	+ "Product Details" side menu entry
+	+ "Product Details" tab in "Product Details" pane
+	+ "Product Version" entry box
+* Click away to a different side menu entry, e.g. "Resources" -> "Files and Folders"
+* You should be prompted whether to generate a new product key, click "Generate New"
+* Click "Build" button
+* New EXE should be generated in `Qortal-SetupFiles\` folder with correct version number
+

WindowsInstaller/dictionary.ail

@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DICTIONARY type="multilanguage">
+  <!-- Control table -->
+  <ENTRY id="Control.Text.CustomizeDataPathDlg#Description">
+    <STRING lang="en" value="Do you want to store the blockchain, and other data, in a specific folder?"/>
+	<STRING lang="ru" value="Вы можете выбрать место хранения блокчейна и других данных."/>
+    <STRING lang="zh" value="你想把区块链数据存放在一个特定的文件夹吗？"/>
+    <STRING lang="zh_TW" value="你想把区块链数据存放在一个特定的文件夹吗？"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.CustomizeDataPathDlg#Text">
+    <STRING lang="en" value="Select one of the options below, then click &quot;Next&quot;."/>
+	<STRING lang="ru" value="Выберите один из вариантов ниже, затем нажмите Далее"/>
+    <STRING lang="zh" value="请选择，然后“下一步”"/>
+    <STRING lang="zh_TW" value="请选择，然后“下一步”"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.CustomizeDataPathDlg#Title">
+    <STRING lang="en" value="Choose Custom Data Storage Folder?"/>
+	<STRING lang="ru" value="Выберите место хранения данных."/>
+    <STRING lang="zh" value="选择数据保存的文件夹?"/>
+    <STRING lang="zh_TW" value="选择数据保存的文件夹?"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.CustomizeDbDlg#Description">
+    <STRING lang="en" value="Do you want to store the blockchain, and other data, in a specific folder?"/>
+	<STRING lang="ru" value="Вы можете выбрать место хранения блокчейна и других данных."/>
+    <STRING lang="zh" value="Do you want to store the blockchain, and other data, in a specific folder?"/>
+    <STRING lang="zh_TW" value="Do you want to store the blockchain, and other data, in a specific folder?"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.CustomizeDbDlg#Title">
+    <STRING lang="en" value="Choose Custom Data Storage Folder?"/>
+	<STRING lang="ru" value="Выберите место хранения данных."/>
+    <STRING lang="zh" value="Choose Custom Data Storage Folder?"/>
+    <STRING lang="zh_TW" value="Choose Custom Data Storage Folder?"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.DataFolderDlg#Description">
+    <STRING lang="en" value="This is the folder where the blockchain, and other data, will be stored."/>
+	<STRING lang="ru" value="Это папка, в которой будет храниться блокчейн и другие данные."/>
+    <STRING lang="zh" value="这里是区块链及其它数据存放的文件夹"/>
+    <STRING lang="zh_TW" value="这里是区块链及其它数据存放的文件夹"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.DataFolderDlg#Text">
+    <STRING lang="en" value="To store data in this folder, click &quot;[Text_Next]&quot;. To store data in a different folder, enter it below or click &quot;Browse&quot;."/>
+	<STRING lang="ru" value="Чтобы сохранить данные в этой папке, нажмите &quot;[Text_Next]&quot;. Чтобы сохранить данные в другой папке, введите ее ниже или нажмите &quot;Обзор&quot;."/>
+    <STRING lang="zh" value="如果存放在这个文件夹，点 “下一步”。如果存放在其它位置，请选择“浏览”。"/>
+    <STRING lang="zh_TW" value="如果存放在这个文件夹，点 “下一步”。如果存放在其它位置，请选择“浏览”。"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.DataFolderDlg#Title">
+    <STRING lang="en" value="Select Data Storage Folder"/>
+	<STRING lang="ru" value="Выберите папку для хранения данных"/>
+    <STRING lang="zh" value="请选择文件存储地方"/>
+    <STRING lang="zh_TW" value="请选择文件存储地方"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.DbFolderDlg#Description">
+    <STRING lang="en" value="This is the folder where the blockchain, and other data, will be stored."/>
+	<STRING lang="ru" value="Это папка, в которой будет храниться блокчейн и другие данные."/>
+    <STRING lang="zh" value="This is the folder where the blockchain, and other data, will be stored."/>
+    <STRING lang="zh_TW" value="This is the folder where the blockchain, and other data, will be stored."/>
+  </ENTRY>
+  <ENTRY id="Control.Text.DbFolderDlg#Title">
+    <STRING lang="en" value="Select Data Storage Folder"/>
+	<STRING lang="ru" value="Выберите папку для хранения данных"/>
+    <STRING lang="zh" value="请选择文件存储地方"/>
+    <STRING lang="zh_TW" value="请选择文件存储地方"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.NTPDialog#Description">
+    <STRING lang="en" value="Reconfigure Windows for more accurate time?"/>
+	<STRING lang="ru" value="Настроить синхронизацию времени системы Windows?"/>
+    <STRING lang="zh" value="重新配置Windows以获得更准确的时间？"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.NTPDialog#Text_1">
+    <STRING lang="en" value="An accurate Windows clock is required to connect to the [ProductName] network and make transactions."/>
+	<STRING lang="ru" value="Для подключения к сети Qortal и совершения транзакций требуется точная настройка времени Windows"/>
+    <STRING lang="zh" value="需要准确的Windows时钟才能连接到[ProductName]网络并进行交易。"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.NTPDialog#Text_2">
+    <STRING lang="en" value="Select one of the options below, then click &quot;Next&quot;."/>
+	<STRING lang="ru" value="Выберите один из вариантов ниже, затем нажмите"/>
+    <STRING lang="zh" value="请选择，然后“下一步”"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.NTPDialog#Text_3">
+    <STRING lang="en" value="Your computer&apos;s clock needs to be accurate to within 0.5 seconds."/>
+	<STRING lang="ru" value="Точность времени вашего компьютера должна составлять 0.5 секунд."/>
+    <STRING lang="zh" value="您的计算机时钟需要准确到0.5秒内。"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.NTPDialog#Title">
+    <STRING lang="en" value="Windows clock accuracy"/>
+	<STRING lang="ru" value="Настройка времени системы Windows"/>
+    <STRING lang="zh" value="Windows 时钟精度"/>
+  </ENTRY>
+  <ENTRY id="Control.Text.VerifyRemoveDlg#RemoveBlockchainCheckbox">
+    <STRING lang="en" value="Remove downloaded blockchain and other data"/>
+	<STRING lang="ru" value="Удалить загруженный блокчейн и другие данные"/>
+    <STRING lang="zh" value="删除您下载的区块链"/>
+  </ENTRY>
+  <!-- RadioButton table -->
+  <ENTRY id="RadioButton.Text.CUSTOM_DB_BOOL#choose">
+    <STRING lang="en" value="Choose custom data storage folder..."/>
+	<STRING lang="ru" value="Выбрать папку для хранения данных..."/>
+    <STRING lang="zh" value="选择特定的文件夹存储"/>
+    <STRING lang="zh_TW" value="选择特定的文件夹存储"/>
+  </ENTRY>
+  <ENTRY id="RadioButton.Text.CUSTOM_DB_BOOL#default">
+    <STRING lang="en" value="Use default location "/>
+	<STRING lang="ru" value="Использовать папку по умолчанию"/>
+    <STRING lang="zh" value="使用默认存储地点"/>
+    <STRING lang="zh_TW" value="使用默认存储地点"/>
+  </ENTRY>
+  <ENTRY id="RadioButton.Text.RECONFIG_NTP#1">
+    <STRING lang="en" value="Yes, configure Windows to use internet time servers (Recommended)"/>
+	<STRING lang="ru" value="Да, настроить синхронизацию времени Windows (Рекомендуется)"/>
+    <STRING lang="zh" value="是，将Windows配置为使用多个Internet时间服务器 (推荐的)"/>
+  </ENTRY>
+  <ENTRY id="RadioButton.Text.RECONFIG_NTP#2">
+    <STRING lang="en" value="No, I will manage clock accuracy myself"/>
+	<STRING lang="ru" value="Нет, я сам буду управлять настройками часов"/>
+    <STRING lang="zh" value="不，我会自己管理时钟精度。"/>
+  </ENTRY>
+</DICTIONARY>

lib/org/ciyam/AT/1.3.7/AT-1.3.7.pom

@@ -3,7 +3,7 @@
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.ciyam</groupId>
-  <artifactId>at</artifactId>
-  <version>1.0</version>
+  <artifactId>AT</artifactId>
+  <version>1.3.7</version>
   <description>POM was created from install:install-file</description>
 </project>

lib/org/ciyam/AT/1.3.8/AT-1.3.8.pom

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.ciyam</groupId>
+  <artifactId>AT</artifactId>
+  <version>1.3.8</version>
+  <description>POM was created from install:install-file</description>
+</project>

lib/org/ciyam/AT/maven-metadata-local.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<metadata>
+  <groupId>org.ciyam</groupId>
+  <artifactId>AT</artifactId>
+  <versioning>
+    <release>1.3.8</release>
+    <versions>
+      <version>1.3.4</version>
+      <version>1.3.5</version>
+      <version>1.3.6</version>
+      <version>1.3.7</version>
+      <version>1.3.8</version>
+    </versions>
+    <lastUpdated>20200925114415</lastUpdated>
+  </versioning>
+</metadata>

lib/org/ciyam/at/maven-metadata-local.xml

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<metadata>
-  <groupId>org.ciyam</groupId>
-  <artifactId>at</artifactId>
-  <versioning>
-    <release>1.0</release>
-    <versions>
-      <version>1.0</version>
-    </versions>
-    <lastUpdated>20181105100741</lastUpdated>
-  </versioning>
-</metadata>

lib/org/hsqldb/hsqldb/2.5.0-fixed/hsqldb-2.5.0-fixed.pom

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.hsqldb</groupId>
+  <artifactId>hsqldb</artifactId>
+  <version>2.5.0-fixed</version>
+  <description>POM was created from install:install-file</description>
+</project>

lib/org/hsqldb/hsqldb/maven-metadata-local.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<metadata>
+  <groupId>org.hsqldb</groupId>
+  <artifactId>hsqldb</artifactId>
+  <versioning>
+    <release>2.5.0-fixed</release>
+    <versions>
+      <version>2.5.0-fixed</version>
+    </versions>
+    <lastUpdated>20200318133132</lastUpdated>
+  </versioning>
+</metadata>

log4j2.properties

@@ -1,11 +1,15 @@
 rootLogger.level = info
-# On Windows, uncomment this:
-# property.dirname = ${sys:user.home}\\AppData\\Roaming\\qortal\\
+# On Windows, uncomment next line to set dirname:
+# property.dirname = ${sys:user.home}\\AppData\\Local\\qortal\\
 property.filename = ${sys:log4j2.filenameTemplate:-log.txt}
 
 rootLogger.appenderRef.console.ref = stdout
 rootLogger.appenderRef.rolling.ref = FILE
 
+# Suppress extraneous bitcoinj library output
+logger.bitcoinj.name = org.bitcoinj
+logger.bitcoinj.level = error
+
 # Override HSQLDB logging level to "warn" as too much is logged at "info"
 logger.hsqldb.name = hsqldb.db
 logger.hsqldb.level = warn

pom.xml

@@ -3,20 +3,22 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.qortal</groupId>
 	<artifactId>qortal</artifactId>
-	<version>1.0</version>
+	<version>1.6.0</version>
 	<packaging>jar</packaging>
 	<properties>
-		<bitcoin.version>0.15.4</bitcoin.version>
+		<skipTests>true</skipTests>
+		<altcoinj.version>bf9fb80</altcoinj.version>
+		<bitcoinj.version>0.15.10</bitcoinj.version>
 		<bouncycastle.version>1.64</bouncycastle.version>
 		<build.timestamp>${maven.build.timestamp}</build.timestamp>
+		<ciyam-at.version>1.3.8</ciyam-at.version>
 		<commons-net.version>3.6</commons-net.version>
 		<commons-text.version>1.8</commons-text.version>
 		<dagger.version>1.2.2</dagger.version>
 		<guava.version>28.1-jre</guava.version>
-		<hsqldb.version>2.5.0</hsqldb.version>
-		<hsqldb-sqltool.version>2.5.0</hsqldb-sqltool.version>
+		<hsqldb.version>2.5.1</hsqldb.version>
 		<jersey.version>2.29.1</jersey.version>
-		<jetty.version>9.4.22.v20191022</jetty.version>
+		<jetty.version>9.4.29.v20200521</jetty.version>
 		<log4j.version>2.12.1</log4j.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<slf4j.version>1.7.12</slf4j.version>
@@ -198,6 +200,10 @@
 							<pattern>org.qortal.api.model**</pattern>
 							<template>${project.build.sourceDirectory}/org/qortal/data/package-info.java</template>
 						</package>
+						<package>
+							<pattern>org.qortal.api.model.**</pattern>
+							<template>${project.build.sourceDirectory}/org/qortal/data/package-info.java</template>
+						</package>
 					</packages>
 					<outputDirectory>${project.build.directory}/generated-sources/package-info</outputDirectory>
 				</configuration>
@@ -257,6 +263,8 @@
 							<!-- Don't include original swagger-UI as we're including our own 
 								modified version -->
 							<exclude>org.webjars:swagger-ui</exclude>
+							<!-- Don't include JUnit as it's for testing only! -->
+							<exclude>junit:junit</exclude>
 						</excludes>
 					</artifactSet>
 					<filters>
@@ -310,6 +318,14 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.22.2</version>
+				<configuration>
+					<skipTests>${skipTests}</skipTests>
+				</configuration>
+			</plugin>
 		</plugins>
 		<pluginManagement>
 			<plugins>
@@ -372,6 +388,11 @@
 			<name>project</name>
 			<url>file:${project.basedir}/lib</url>
 		</repository>
+		<!-- jitpack for build-on-demand of altcoinj -->
+		<repository>
+			<id>jitpack.io</id>
+			<url>https://jitpack.io</url>
+		</repository>
 	</repositories>
 	<dependencies>
 		<!-- https://mvnrepository.com/artifact/org.codehaus.mojo/build-helper-maven-plugin -->
@@ -379,12 +400,14 @@
 			<groupId>org.codehaus.mojo</groupId>
 			<artifactId>build-helper-maven-plugin</artifactId>
 			<version>3.0.0</version>
+			<scope>provided</scope><!-- needed for build, not for runtime -->
 		</dependency>
 		<!-- https://mvnrepository.com/artifact/com.github.bohnman/package-info-maven-plugin -->
 		<dependency>
 			<groupId>com.github.bohnman</groupId>
 			<artifactId>package-info-maven-plugin</artifactId>
 			<version>${package-info-maven-plugin.version}</version>
+			<scope>provided</scope><!-- needed for build, not for runtime -->
 		</dependency>
 		<!-- HSQLDB for repository -->
 		<dependency>
@@ -392,23 +415,23 @@
 			<artifactId>hsqldb</artifactId>
 			<version>${hsqldb.version}</version>
 		</dependency>
-		<dependency>
-			<groupId>org.hsqldb</groupId>
-			<artifactId>sqltool</artifactId>
-			<version>${hsqldb-sqltool.version}</version>
-			<scope>test</scope>
-		</dependency>
 		<!-- CIYAM AT (automated transactions) -->
 		<dependency>
 			<groupId>org.ciyam</groupId>
-			<artifactId>at</artifactId>
-			<version>1.0</version>
+			<artifactId>AT</artifactId>
+			<version>${ciyam-at.version}</version>
 		</dependency>
 		<!-- Bitcoin support -->
 		<dependency>
 			<groupId>org.bitcoinj</groupId>
 			<artifactId>bitcoinj-core</artifactId>
-			<version>${bitcoin.version}</version>
+			<version>${bitcoinj.version}</version>
+		</dependency>
+		<!-- For Litecoin, etc. support, requires bitcoinj -->
+		<dependency>
+			<groupId>com.github.jjos2372</groupId>
+			<artifactId>altcoinj</artifactId>
+			<version>${altcoinj.version}</version>
 		</dependency>
 		<!-- Utilities -->
 		<dependency>
@@ -416,6 +439,11 @@
 			<artifactId>json-simple</artifactId>
 			<version>1.1.1</version>
 		</dependency>
+		<dependency>
+			<groupId>org.json</groupId>
+			<artifactId>json</artifactId>
+			<version>20210307</version>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-text</artifactId>
@@ -446,6 +474,10 @@
 					<groupId>org.asynchttpclient</groupId>
 					<artifactId>async-http-client</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>io.druid</groupId>
+					<artifactId>java-util</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<!-- For NTP -->
@@ -499,6 +531,12 @@
 			<artifactId>mail</artifactId>
 			<version>1.5.0-b01</version>
 		</dependency>
+		<!-- Unicode homoglyph utilities -->
+		<dependency>
+			<groupId>net.codebox</groupId>
+			<artifactId>homoglyph</artifactId>
+			<version>1.2.0</version>
+		</dependency>
 		<!-- Jetty -->
 		<dependency>
 			<groupId>org.eclipse.jetty</groupId>
@@ -527,6 +565,12 @@
 			<artifactId>jetty-client</artifactId>
 			<version>${jetty.version}</version>
 		</dependency>
+		<!-- Websocket support -->
+		<dependency>
+			<groupId>org.eclipse.jetty.websocket</groupId>
+			<artifactId>javax-websocket-server-impl</artifactId>
+			<version>${jetty.version}</version>
+		</dependency>
 		<!-- Jersey -->
 		<dependency>
 			<groupId>org.glassfish.jersey.core</groupId>

run.sh

@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# There's no need to run as root, so don't allow it, for security reasons
-if [ "$USER" = "root" ]; then
-	echo "Please su to non-root user before running"
-	exit
-fi
-
-# No qortal.jar but we have a Maven built one?
-# Be helpful and copy across to correct location
-if [ ! -e qortal.jar -a -f target/qortal*.jar ]; then
-	echo "Copying Maven-built Qortal JAR to correct pathname"
-	cp target/qortal*.jar qortal.jar
-fi
-
-# Limits Java JVM stack size and maximum heap usage.
-# Comment out for bigger systems, e.g. non-routers
-# or when API documentation is enabled
-# JVM_MEMORY_ARGS="-Xss256k -Xmx128m"
-
-# Although java.net.preferIPv4Stack is supposed to be false
-# by default in Java 11, on some platforms (e.g. FreeBSD 12),
-# it is overriden to be true by default. Hence we explicitly
-# set it to true to obtain desired behaviour.
-nohup nice -n 20 java \
-	-Djava.net.preferIPv4Stack=false \
-	-XX:NativeMemoryTracking=summary \
-	${JVM_MEMORY_ARGS} \
-	-jar qortal.jar \
-	1>run.log 2>&1 &
-
-# Save backgrounded process's PID
-echo $! > run.pid
-echo qortal running as pid $!

run.sh

@@ -0,0 +1 @@
+start.sh

src/main/java/org/hsqldb/jdbc/HSQLDBPool.java

@@ -21,18 +21,28 @@ public class HSQLDBPool extends JDBCPool {
 	public Connection tryConnection() throws SQLException {
 		for (int i = 0; i < states.length(); i++) {
 			if (states.compareAndSet(i, RefState.available, RefState.allocated)) {
-				return connections[i].getConnection();
+				JDBCPooledConnection pooledConnection = connections[i];
+
+				if (pooledConnection == null)
+					// Probably shutdown situation
+					return null;
+
+				return pooledConnection.getConnection();
 			}
 
 			if (states.compareAndSet(i, RefState.empty, RefState.allocated)) {
 				try {
-					JDBCPooledConnection connection = (JDBCPooledConnection) source.getPooledConnection();
+					JDBCPooledConnection pooledConnection = (JDBCPooledConnection) source.getPooledConnection();
 
-					connection.addConnectionEventListener(this);
-					connection.addStatementEventListener(this);
-					connections[i] = connection;
+					if (pooledConnection == null)
+						// Probably shutdown situation
+						return null;
 
-					return connections[i].getConnection();
+					pooledConnection.addConnectionEventListener(this);
+					pooledConnection.addStatementEventListener(this);
+					connections[i] = pooledConnection;
+
+					return pooledConnection.getConnection();
 				} catch (SQLException e) {
 					states.set(i, RefState.empty);
 				}

src/main/java/org/qortal/ApplyUpdate.java

@@ -35,9 +35,11 @@ public class ApplyUpdate {
 	private static final String JAR_FILENAME = AutoUpdate.JAR_FILENAME;
 	private static final String NEW_JAR_FILENAME = AutoUpdate.NEW_JAR_FILENAME;
 	private static final String WINDOWS_EXE_LAUNCHER = "qortal.exe";
+	private static final String JAVA_TOOL_OPTIONS_NAME = "JAVA_TOOL_OPTIONS";
+	private static final String JAVA_TOOL_OPTIONS_VALUE = "-XX:MaxRAMFraction=4";
 
-	private static final long CHECK_INTERVAL = 5 * 1000L; // ms
-	private static final int MAX_ATTEMPTS = 5;
+	private static final long CHECK_INTERVAL = 10 * 1000L; // ms
+	private static final int MAX_ATTEMPTS = 12;
 
 	public static void main(String[] args) {
 		Security.insertProviderAt(new BouncyCastleProvider(), 0);
@@ -65,17 +67,19 @@ public class ApplyUpdate {
 	}
 
 	private static boolean shutdownNode() {
-		String BASE_URI = "http://localhost:" + Settings.getInstance().getApiPort() + "/";
-		LOGGER.info(String.format("Shutting down node using API via %s", BASE_URI));
+		String baseUri = "http://localhost:" + Settings.getInstance().getApiPort() + "/";
+		LOGGER.info(() -> String.format("Shutting down node using API via %s", baseUri));
 
 		int attempt;
 		for (attempt = 0; attempt < MAX_ATTEMPTS; ++attempt) {
-			LOGGER.info(String.format("Attempt #%d out of %d to shutdown node", attempt + 1, MAX_ATTEMPTS));
-			String response = ApiRequest.perform(BASE_URI + "admin/stop", null);
+			final int attemptForLogging = attempt;
+			LOGGER.info(() -> String.format("Attempt #%d out of %d to shutdown node", attemptForLogging + 1, MAX_ATTEMPTS));
+			String response = ApiRequest.perform(baseUri + "admin/stop", null);
 			if (response == null)
-				break;
+				// No response - consider node shut down
+				return true;
 
-			LOGGER.info(String.format("Response from API: %s", response));
+			LOGGER.info(() -> String.format("Response from API: %s", response));
 
 			try {
 				Thread.sleep(CHECK_INTERVAL);
@@ -99,19 +103,20 @@ public class ApplyUpdate {
 		Path newJar = Paths.get(NEW_JAR_FILENAME);
 
 		if (!Files.exists(newJar)) {
-			LOGGER.warn(String.format("Replacement JAR '%s' not found?", newJar));
+			LOGGER.warn(() -> String.format("Replacement JAR '%s' not found?", newJar));
 			return;
 		}
 
 		int attempt;
 		for (attempt = 0; attempt < MAX_ATTEMPTS; ++attempt) {
-			LOGGER.info(String.format("Attempt #%d out of %d to replace JAR", attempt + 1, MAX_ATTEMPTS));
+			final int attemptForLogging = attempt;
+			LOGGER.info(() -> String.format("Attempt #%d out of %d to replace JAR", attemptForLogging + 1, MAX_ATTEMPTS));
 
 			try {
 				Files.copy(newJar, realJar, StandardCopyOption.REPLACE_EXISTING);
 				break;
 			} catch (IOException e) {
-				LOGGER.info(String.format("Unable to replace JAR: %s", e.getMessage()));
+				LOGGER.info(() -> String.format("Unable to replace JAR: %s", e.getMessage()));
 
 				// Try again
 			}
@@ -119,6 +124,7 @@ public class ApplyUpdate {
 			try {
 				Thread.sleep(CHECK_INTERVAL);
 			} catch (InterruptedException e) {
+				LOGGER.warn("Ignoring interrupt...");
 				// Doggedly retry
 			}
 		}
@@ -129,13 +135,13 @@ public class ApplyUpdate {
 
 	private static void restartNode(String[] args) {
 		String javaHome = System.getProperty("java.home");
-		LOGGER.info(String.format("Java home: %s", javaHome));
+		LOGGER.info(() -> String.format("Java home: %s", javaHome));
 
 		Path javaBinary = Paths.get(javaHome, "bin", "java");
-		LOGGER.info(String.format("Java binary: %s", javaBinary));
+		LOGGER.info(() -> String.format("Java binary: %s", javaBinary));
 
 		Path exeLauncher = Paths.get(WINDOWS_EXE_LAUNCHER);
-		LOGGER.info(String.format("Windows EXE launcher: %s", exeLauncher));
+		LOGGER.info(() -> String.format("Windows EXE launcher: %s", exeLauncher));
 
 		List<String> javaCmd;
 		if (Files.exists(exeLauncher)) {
@@ -156,9 +162,16 @@ public class ApplyUpdate {
 		}
 
 		try {
-			LOGGER.info(String.format("Restarting node with: %s", String.join(" ", javaCmd)));
+			LOGGER.info(() -> String.format("Restarting node with: %s", String.join(" ", javaCmd)));
 
-			new ProcessBuilder(javaCmd).start();
+			ProcessBuilder processBuilder = new ProcessBuilder(javaCmd);
+
+			if (Files.exists(exeLauncher)) {
+				LOGGER.info(() -> String.format("Setting env %s to %s", JAVA_TOOL_OPTIONS_NAME, JAVA_TOOL_OPTIONS_VALUE));
+				processBuilder.environment().put(JAVA_TOOL_OPTIONS_NAME, JAVA_TOOL_OPTIONS_VALUE);
+			}
+
+			processBuilder.start();
 		} catch (IOException e) {
 			LOGGER.error(String.format("Failed to restart node (BAD): %s", e.getMessage()));
 		}

src/main/java/org/qortal/RepositoryMaintenance.java

@@ -0,0 +1,75 @@
+package org.qortal;
+
+import java.security.Security;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
+import org.qortal.controller.Controller;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryFactory;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.repository.hsqldb.HSQLDBRepositoryFactory;
+import org.qortal.settings.Settings;
+
+public class RepositoryMaintenance {
+
+	static {
+		// This must go before any calls to LogManager/Logger
+		System.setProperty("java.util.logging.manager", "org.apache.logging.log4j.jul.LogManager");
+	}
+
+	private static final Logger LOGGER = LogManager.getLogger(RepositoryMaintenance.class);
+
+	public static void main(String[] args) {
+		LOGGER.info("Repository maintenance starting up...");
+
+		Security.insertProviderAt(new BouncyCastleProvider(), 0);
+		Security.insertProviderAt(new BouncyCastleJsseProvider(), 1);
+
+		// Load/check settings, which potentially sets up blockchain config, etc.
+		try {
+			if (args.length > 0)
+				Settings.fileInstance(args[0]);
+			else
+				Settings.getInstance();
+		} catch (Throwable t) {
+			LOGGER.error("Settings file error: " + t.getMessage());
+			System.exit(2);
+		}
+
+		LOGGER.info("Opening repository");
+		try {
+			RepositoryFactory repositoryFactory = new HSQLDBRepositoryFactory(Controller.getRepositoryUrl());
+			RepositoryManager.setRepositoryFactory(repositoryFactory);
+		} catch (DataException e) {
+			// If exception has no cause then repository is in use by some other process.
+			if (e.getCause() == null) {
+				LOGGER.info("Repository in use by another process?");
+			} else {
+				LOGGER.error("Unable to start repository", e);
+			}
+
+			System.exit(1);
+		}
+
+		LOGGER.info("Starting repository periodic maintenance. This can take a while...");
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			repository.performPeriodicMaintenance();
+
+			LOGGER.info("Repository periodic maintenance completed");
+		} catch (DataException e) {
+			LOGGER.error("Repository periodic maintenance failed", e);
+		}
+
+		try {
+			LOGGER.info("Shutting down repository");
+			RepositoryManager.closeRepositoryFactory();
+		} catch (DataException e) {
+			LOGGER.error("Error occurred while shutting down repository", e);
+		}
+	}
+
+}

src/main/java/org/qortal/account/Account.java

@@ -1,7 +1,9 @@
 package org.qortal.account;
 
-import java.math.BigDecimal;
-import java.util.List;
+import static org.qortal.utils.Amounts.prettyAmount;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -9,12 +11,11 @@ import org.qortal.block.BlockChain;
 import org.qortal.data.account.AccountBalanceData;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.account.RewardShareData;
-import org.qortal.data.transaction.TransactionData;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
-import org.qortal.transaction.Transaction;
 import org.qortal.utils.Base58;
 
+@XmlAccessorType(XmlAccessType.NONE) // Stops JAX-RS errors when unmarshalling blockchain config
 public class Account {
 
 	private static final Logger LOGGER = LogManager.getLogger(Account.class);
@@ -51,39 +52,52 @@ public class Account {
 		return new AccountData(this.address);
 	}
 
+	public void ensureAccount() throws DataException {
+		this.repository.getAccountRepository().ensureAccount(this.buildAccountData());
+	}
+
 	// Balance manipulations - assetId is 0 for QORT
 
-	public BigDecimal getBalance(long assetId, int height) throws DataException {
-		AccountBalanceData accountBalanceData = this.repository.getAccountRepository().getBalance(this.address, assetId, height);
-		if (accountBalanceData == null)
-			return BigDecimal.ZERO.setScale(8);
-
-		return accountBalanceData.getBalance();
-	}
-
-	public BigDecimal getConfirmedBalance(long assetId) throws DataException {
+	public long getConfirmedBalance(long assetId) throws DataException {
 		AccountBalanceData accountBalanceData = this.repository.getAccountRepository().getBalance(this.address, assetId);
 		if (accountBalanceData == null)
-			return BigDecimal.ZERO.setScale(8);
+			return 0;
 
 		return accountBalanceData.getBalance();
 	}
 
-	public void setConfirmedBalance(long assetId, BigDecimal balance) throws DataException {
+	public void setConfirmedBalance(long assetId, long balance) throws DataException {
 		// Safety feature!
-		if (balance.compareTo(BigDecimal.ZERO) < 0) {
-			String message = String.format("Refusing to set negative balance %s [assetId %d] for %s", balance.toPlainString(), assetId, this.address);
+		if (balance < 0) {
+			String message = String.format("Refusing to set negative balance %s [assetId %d] for %s", prettyAmount(balance), assetId, this.address);
 			LOGGER.error(message);
 			throw new DataException(message);
 		}
 
+		// Delete account balance record instead of setting balance to zero
+		if (balance == 0) {
+			this.repository.getAccountRepository().delete(this.address, assetId);
+			return;
+		}
+
 		// Can't have a balance without an account - make sure it exists!
-		this.repository.getAccountRepository().ensureAccount(this.buildAccountData());
+		this.ensureAccount();
 
 		AccountBalanceData accountBalanceData = new AccountBalanceData(this.address, assetId, balance);
 		this.repository.getAccountRepository().save(accountBalanceData);
 
-		LOGGER.trace(() -> String.format("%s balance now %s [assetId %s]", this.address, balance.toPlainString(), assetId));
+		LOGGER.trace(() -> String.format("%s balance now %s [assetId %s]", this.address, prettyAmount(balance), assetId));
+	}
+
+	// Convenience method
+	public void modifyAssetBalance(long assetId, long deltaBalance) throws DataException {
+		this.repository.getAccountRepository().modifyAssetBalance(this.getAddress(), assetId, deltaBalance);
+
+		LOGGER.trace(() -> String.format("%s balance %s by %s [assetId %s]",
+				this.address,
+				(deltaBalance >= 0 ? "increased" : "decreased"),
+				prettyAmount(Math.abs(deltaBalance)),
+				assetId));
 	}
 
 	public void deleteBalance(long assetId) throws DataException {
@@ -99,38 +113,11 @@ public class Account {
 	 * @throws DataException
 	 */
 	public byte[] getLastReference() throws DataException {
-		byte[] reference = this.repository.getAccountRepository().getLastReference(this.address);
+		byte[] reference = AccountRefCache.getLastReference(this.repository, this.address);
 		LOGGER.trace(() -> String.format("Last reference for %s is %s", this.address, reference == null ? "null" : Base58.encode(reference)));
 		return reference;
 	}
 
-	/**
-	 * Fetch last reference for account, considering unconfirmed transactions only, or return null.
-	 * <p>
-	 * NOTE: calls Transaction.getUnconfirmedTransactions which discards uncommitted
-	 * repository changes.
-	 * 
-	 * @return byte[] reference, or null if no unconfirmed transactions for this account.
-	 * @throws DataException
-	 */
-	public byte[] getUnconfirmedLastReference() throws DataException {
-		// Newest unconfirmed transaction takes priority
-		List<TransactionData> unconfirmedTransactions = Transaction.getUnconfirmedTransactions(repository);
-
-		byte[] reference = null;
-
-		for (TransactionData transactionData : unconfirmedTransactions) {
-			String unconfirmedTransactionAddress = PublicKeyAccount.getAddress(transactionData.getCreatorPublicKey());
-
-			if (unconfirmedTransactionAddress.equals(this.address))
-				reference = transactionData.getSignature();
-		}
-
-		final byte[] loggingReference = reference;
-		LOGGER.trace(() -> String.format("Last unconfirmed reference for %s is %s", this.address, loggingReference == null ? "null" : Base58.encode(loggingReference)));
-		return reference;
-	}
-
 	/**
 	 * Set last reference for account.
 	 * 
@@ -143,7 +130,7 @@ public class Account {
 
 		AccountData accountData = this.buildAccountData();
 		accountData.setReference(reference);
-		this.repository.getAccountRepository().setLastReference(accountData);
+		AccountRefCache.setLastReference(this.repository, accountData);
 	}
 
 	// Default groupID manipulations
@@ -204,11 +191,15 @@ public class Account {
 	 * @throws DataException
 	 */
 	public boolean canMint() throws DataException {
-		Integer level = this.getLevel();
+		AccountData accountData = this.repository.getAccountRepository().getAccount(this.address);
+		if (accountData == null)
+			return false;
+
+		Integer level = accountData.getLevel();
 		if (level != null && level >= BlockChain.getInstance().getMinAccountLevelToMint())
 			return true;
 
-		if (this.isFounder())
+		if (Account.isFounder(accountData.getFlags()))
 			return true;
 
 		return false;
@@ -226,11 +217,15 @@ public class Account {
 	 * @throws DataException
 	 */
 	public boolean canRewardShare() throws DataException {
-		Integer level = this.getLevel();
+		AccountData accountData = this.repository.getAccountRepository().getAccount(this.address);
+		if (accountData == null)
+			return false;
+
+		Integer level = accountData.getLevel();
 		if (level != null && level >= BlockChain.getInstance().getMinAccountLevelToRewardShare())
 			return true;
 
-		if (this.isFounder())
+		if (Account.isFounder(accountData.getFlags()))
 			return true;
 
 		return false;
@@ -264,14 +259,14 @@ public class Account {
 	 * @throws DataException
 	 */
 	public int getEffectiveMintingLevel() throws DataException {
-		if (this.isFounder())
-			return BlockChain.getInstance().getFounderEffectiveMintingLevel();
-
-		Integer level = this.getLevel();
-		if (level == null)
+		AccountData accountData = this.repository.getAccountRepository().getAccount(this.address);
+		if (accountData == null)
 			return 0;
 
-		return level;
+		if (Account.isFounder(accountData.getFlags()))
+			return BlockChain.getInstance().getFounderEffectiveMintingLevel();
+
+		return accountData.getLevel();
 	}
 
 	/**
@@ -290,7 +285,7 @@ public class Account {
 		if (rewardShareData == null)
 			return 0;
 
-		PublicKeyAccount rewardShareMinter = new PublicKeyAccount(repository, rewardShareData.getMinterPublicKey());
+		Account rewardShareMinter = new Account(repository, rewardShareData.getMinter());
 		return rewardShareMinter.getEffectiveMintingLevel();
 	}
 

src/main/java/org/qortal/account/AccountRefCache.java

@@ -0,0 +1,217 @@
+package org.qortal.account;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.function.BinaryOperator;
+
+import org.qortal.data.account.AccountData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.utils.Pair;
+
+/**
+ * Account lastReference caching
+ * <p>
+ * When checking an account's lastReference, the value returned should be the
+ * most recent value set after processing the most recent block.
+ * <p>
+ * However, when processing a batch of transactions, e.g. during block processing or validation,
+ * each transaction needs to check, and maybe update, multiple accounts' lastReference values.
+ * <p>
+ * Because the intermediate updates would affect future checks, we set up a cache of that
+ * maintains a consistent value for fetching lastReference, but also tracks the latest new
+ * value, without the overhead of repository calls.
+ * <p>
+ * Thus, when batch transaction processing is finished, only the latest new lastReference values
+ * can be committed to the repository, via {@link AccountRefCache#commit()}.
+ * <p>
+ * Getting and setting lastReferences values are done the usual way via
+ * {@link Account#getLastReference()} and {@link Account#setLastReference(byte[])} which call
+ * package-visibility methods in <tt>AccountRefCache</tt>.
+ * <p>
+ * If {@link Account#getLastReference()} or {@link Account#setLastReference(byte[])} are called
+ * outside of caching then lastReference values are fetched/set directly from/to the repository.
+ * <p>
+ * <tt>AccountRefCache</tt> implements <tt>AutoCloseable</tt> for (typical) use in a try-with-resources block.
+ *
+ * @see Account#getLastReference()
+ * @see Account#setLastReference(byte[])
+ * @see org.qortal.block.Block#process()
+ */
+public class AccountRefCache implements AutoCloseable {
+
+	private static final Map<Repository, RefCache> CACHE = new HashMap<>();
+
+	private static class RefCache {
+		private final Map<String, byte[]> getLastReferenceValues = new HashMap<>();
+		private final Map<String, Pair<byte[], byte[]>> setLastReferenceValues = new HashMap<>();
+
+		/**
+		 * Function for merging publicKey from new data with old publicKey from map.
+		 * <p>
+		 * Last reference is <tt>A</tt> element in pair.<br>
+		 * Public key is <tt>B</tt> element in pair.
+		 */
+		private static final BinaryOperator<Pair<byte[], byte[]>> mergePublicKey = (oldPair,  newPair) -> {
+			// If passed new pair contains non-null publicKey, then we use that one in preference.
+			if (newPair.getB() == null)
+				// Otherwise, inherit publicKey from old map value.
+				newPair.setB(oldPair.getB());
+
+			// We always use new lastReference from new pair.
+			return newPair;
+		};
+
+
+		public byte[] getLastReference(Repository repository, String address) throws DataException {
+			synchronized (this.getLastReferenceValues) {
+				byte[] lastReference = getLastReferenceValues.get(address);
+				if (lastReference != null)
+					// address is present in map, lastReference not null
+					return lastReference;
+
+				// address is present in map, just lastReference is null
+				if (getLastReferenceValues.containsKey(address))
+					return null;
+
+				lastReference = repository.getAccountRepository().getLastReference(address);
+				this.getLastReferenceValues.put(address, lastReference);
+				return lastReference;
+			}
+		}
+
+		public void setLastReference(AccountData accountData) {
+			// We're only interested in lastReference and publicKey
+			Pair<byte[], byte[]> newPair = new Pair<>(accountData.getReference(), accountData.getPublicKey());
+
+			synchronized (this.setLastReferenceValues) {
+				setLastReferenceValues.merge(accountData.getAddress(), newPair, mergePublicKey);
+			}
+		}
+
+		Map<String, Pair<byte[], byte[]>> getNewLastReferences() {
+			return setLastReferenceValues;
+		}
+	}
+
+	private Repository repository;
+
+	/**
+	 * Constructs a new account reference cache, unique to passed <tt>repository</tt> handle.
+	 * 
+	 * @param repository
+	 * @throws IllegalStateException if a cache already exists for <tt>repository</tt>
+	 */
+	public AccountRefCache(Repository repository) {
+		RefCache refCache = new RefCache();
+
+		synchronized (CACHE) {
+			if (CACHE.putIfAbsent(repository, refCache) != null)
+				throw new IllegalStateException("Account reference cache entry already exists");
+		}
+
+		this.repository = repository;
+	}
+
+	/**
+	 * Save all cached setLastReference account-reference values into repository.
+	 * <p>
+	 * Closes cache to prevent any future setLastReference() attempts post-commit.
+	 * 
+	 * @throws DataException
+	 */
+	public void commit() throws DataException {
+		RefCache refCache;
+
+		// Also duplicated in close(), this prevents future setLastReference() attempts post-commit.
+		synchronized (CACHE) {
+			refCache = CACHE.remove(this.repository);
+		}
+
+		if (refCache == null)
+			throw new IllegalStateException("Tried to commit non-existent account reference cache");
+
+		Map<String, Pair<byte[], byte[]>> newLastReferenceValues = refCache.getNewLastReferences();
+
+		for (Entry<String, Pair<byte[], byte[]>> entry : newLastReferenceValues.entrySet()) {
+			AccountData accountData = new AccountData(entry.getKey());
+
+			accountData.setReference(entry.getValue().getA());
+
+			if (entry.getValue().getB() != null)
+				accountData.setPublicKey(entry.getValue().getB());
+
+			this.repository.getAccountRepository().setLastReference(accountData);
+		}
+	}
+
+	@Override
+	public void close() {
+		synchronized (CACHE) {
+			CACHE.remove(this.repository);
+		}
+	}
+
+	/**
+	 * Returns lastReference value for account.
+	 * <p>
+	 * If cache is not in effect for passed <tt>repository</tt> handle,
+	 * then this method fetches lastReference directly from repository.
+	 * <p>
+	 * If cache <i>is</i> in effect, then this method returns cached
+	 * lastReference, which is <b>not</b> affected by calls to
+	 * <tt>setLastReference</tt>.
+	 * <p>
+	 * Typically called by corresponding method in Account class.
+	 * 
+	 * @param repository
+	 * @param address account's address
+	 * @return account's lastReference, or null if account unknown, or lastReference not set
+	 * @throws DataException
+	 */
+	/*package*/ static byte[] getLastReference(Repository repository, String address) throws DataException {
+		RefCache refCache;
+
+		synchronized (CACHE) {
+			refCache = CACHE.get(repository);
+		}
+
+		if (refCache == null)
+			return repository.getAccountRepository().getLastReference(address);
+
+		return refCache.getLastReference(repository, address);
+	}
+
+	/**
+	 * Sets lastReference value for account.
+	 * <p>
+	 * If cache is not in effect for passed <tt>repository</tt> handle,
+	 * then this method sets lastReference directly in repository.
+	 * <p>
+	 * If cache <i>is</i> in effect, then this method caches the new
+	 * lastReference, which is <b>not</b> returned by calls to
+	 * <tt>getLastReference</tt>.
+	 * <p>
+	 * Typically called by corresponding method in Account class.
+	 * 
+	 * @param repository
+	 * @param accountData
+	 * @throws DataException
+	 */
+	/*package*/ static void setLastReference(Repository repository, AccountData accountData) throws DataException {
+		RefCache refCache;
+
+		synchronized (CACHE) {
+			refCache = CACHE.get(repository);
+		}
+
+		if (refCache == null) {
+			repository.getAccountRepository().setLastReference(accountData);
+			return;
+		}
+
+		refCache.setLastReference(accountData);
+	}
+
+}

src/main/java/org/qortal/account/GenesisAccount.java

@@ -1,13 +0,0 @@
-package org.qortal.account;
-
-import org.qortal.repository.Repository;
-
-public final class GenesisAccount extends PublicKeyAccount {
-
-	public static final byte[] PUBLIC_KEY = new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-
-	public GenesisAccount(Repository repository) {
-		super(repository, PUBLIC_KEY);
-	}
-
-}

src/main/java/org/qortal/account/NullAccount.java

@@ -0,0 +1,24 @@
+package org.qortal.account;
+
+import org.qortal.crypto.Crypto;
+import org.qortal.repository.Repository;
+
+public final class NullAccount extends PublicKeyAccount {
+
+	public static final byte[] PUBLIC_KEY = new byte[32];
+	public static final String ADDRESS = Crypto.toAddress(PUBLIC_KEY);
+
+	public NullAccount(Repository repository) {
+		super(repository, PUBLIC_KEY, ADDRESS);
+	}
+
+	protected NullAccount() {
+	}
+
+	@Override
+	public boolean verify(byte[] signature, byte[] message) {
+		// Can't sign, hence can't verify.
+		return false;
+	}
+
+}

src/main/java/org/qortal/account/PrivateKeyAccount.java

@@ -2,18 +2,11 @@ package org.qortal.account;
 
 import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
 import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
-import org.bouncycastle.crypto.params.X25519PrivateKeyParameters;
-import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
-import org.bouncycastle.math.ec.rfc8032.Ed25519;
-import org.qortal.crypto.BouncyCastle25519;
 import org.qortal.crypto.Crypto;
 import org.qortal.repository.Repository;
 
 public class PrivateKeyAccount extends PublicKeyAccount {
 
-	private static final int SIGNATURE_LENGTH = 64;
-	private static final int SHARED_SECRET_LENGTH = 32;
-
 	private final byte[] privateKey;
 	private final Ed25519PrivateKeyParameters edPrivateKeyParams;
 
@@ -49,24 +42,11 @@ public class PrivateKeyAccount extends PublicKeyAccount {
 	}
 
 	public byte[] sign(byte[] message) {
-		byte[] signature = new byte[SIGNATURE_LENGTH];
-
-		this.edPrivateKeyParams.sign(Ed25519.Algorithm.Ed25519, edPublicKeyParams, null, message, 0, message.length, signature, 0);
-
-		return signature;
+		return Crypto.sign(this.edPrivateKeyParams, message);
 	}
 
 	public byte[] getSharedSecret(byte[] publicKey) {
-		byte[] x25519PrivateKey = BouncyCastle25519.toX25519PrivateKey(this.privateKey);
-		X25519PrivateKeyParameters xPrivateKeyParams = new X25519PrivateKeyParameters(x25519PrivateKey, 0);
-
-		byte[] x25519PublicKey = BouncyCastle25519.toX25519PublicKey(publicKey);
-		X25519PublicKeyParameters xPublicKeyParams = new X25519PublicKeyParameters(x25519PublicKey, 0);
-
-		byte[] sharedSecret = new byte[SHARED_SECRET_LENGTH];
-		xPrivateKeyParams.generateSecret(xPublicKeyParams, sharedSecret, 0);
-
-		return sharedSecret;
+		return Crypto.getSharedSecret(this.privateKey, publicKey);
 	}
 
 	public byte[] getRewardSharePrivateKey(byte[] publicKey) {

src/main/java/org/qortal/account/PublicKeyAccount.java

@@ -1,7 +1,6 @@
 package org.qortal.account;
 
 import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
-import org.bouncycastle.math.ec.rfc8032.Ed25519;
 import org.qortal.crypto.Crypto;
 import org.qortal.data.account.AccountData;
 import org.qortal.repository.Repository;
@@ -22,6 +21,18 @@ public class PublicKeyAccount extends Account {
 		this.publicKey = edPublicKeyParams.getEncoded();
 	}
 
+	protected PublicKeyAccount(Repository repository, byte[] publicKey, String address) {
+		super(repository, address);
+
+		this.publicKey = publicKey;
+		this.edPublicKeyParams = null;
+	}
+
+	protected PublicKeyAccount() {
+		this.publicKey = null;
+		this.edPublicKeyParams = null;
+	}
+
 	public byte[] getPublicKey() {
 		return this.publicKey;
 	}
@@ -34,15 +45,7 @@ public class PublicKeyAccount extends Account {
 	}
 
 	public boolean verify(byte[] signature, byte[] message) {
-		return PublicKeyAccount.verify(this.publicKey, signature, message);
-	}
-
-	public static boolean verify(byte[] publicKey, byte[] signature, byte[] message) {
-		try {
-			return Ed25519.verify(signature, 0, publicKey, 0, message, 0, message.length);
-		} catch (Exception e) {
-			return false;
-		}
+		return Crypto.verify(this.publicKey, signature, message);
 	}
 
 	public static String getAddress(byte[] publicKey) {

src/main/java/org/qortal/api/AmountTypeAdapter.java

@@ -0,0 +1,27 @@
+package org.qortal.api;
+
+import java.math.BigDecimal;
+
+import javax.xml.bind.annotation.adapters.XmlAdapter;
+
+import org.qortal.utils.Amounts;
+
+public class AmountTypeAdapter extends XmlAdapter<String, Long> {
+
+	@Override
+	public Long unmarshal(String input) throws Exception {
+		if (input == null)
+			return null;
+
+		return new BigDecimal(input).setScale(8).unscaledValue().longValue();
+	}
+
+	@Override
+	public String marshal(Long output) throws Exception {
+		if (output == null)
+			return null;
+
+		return Amounts.prettyAmount(output);
+	}
+
+}

src/main/java/org/qortal/api/ApiError.java

@@ -5,16 +5,23 @@ import static java.util.stream.Collectors.toMap;
 
 import java.util.Map;
 
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlAccessorType(XmlAccessType.NONE)
+@XmlRootElement
 public enum ApiError {
 	// COMMON
 	// UNKNOWN(0, 500),
 	JSON(1, 400),
-	// NO_BALANCE(2, 422),
+	INSUFFICIENT_BALANCE(2, 402),
 	// NOT_YET_RELEASED(3, 422),
 	UNAUTHORIZED(4, 403),
 	REPOSITORY_ISSUE(5, 500),
 	NON_PRODUCTION(6, 403),
 	BLOCKCHAIN_NEEDS_SYNC(7, 503),
+	NO_TIME_SYNC(8, 503),
 
 	// VALIDATION
 	INVALID_SIGNATURE(101, 400),
@@ -117,7 +124,15 @@ public enum ApiError {
 	// MESSAGESIZE_EXCEEDED(1004, 400),
 
 	// Groups
-	GROUP_UNKNOWN(1101, 404);
+	GROUP_UNKNOWN(1101, 404),
+
+	// Foreign blockchain
+	FOREIGN_BLOCKCHAIN_NETWORK_ISSUE(1201, 500),
+	FOREIGN_BLOCKCHAIN_BALANCE_ISSUE(1202, 402),
+	FOREIGN_BLOCKCHAIN_TOO_SOON(1203, 408),
+
+	// Trade portal
+	ORDER_SIZE_TOO_SMALL(1300, 402);
 
 	private static final Map<Integer, ApiError> map = stream(ApiError.values()).collect(toMap(apiError -> apiError.code, apiError -> apiError));
 
@@ -145,4 +160,4 @@ public enum ApiError {
 		return this.status;
 	}
 
-}
+}

src/main/java/org/qortal/api/ApiErrorHandler.java

@@ -3,6 +3,7 @@ package org.qortal.api;
 import java.io.IOException;
 
 import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -17,7 +18,7 @@ public class ApiErrorHandler extends ErrorHandler {
 	private static final Logger LOGGER = LogManager.getLogger(ApiErrorHandler.class);
 
 	@Override
-	public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException {
+	public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
 		if (Settings.getInstance().isApiLoggingEnabled()) {
 			String requestURI = request.getRequestURI();
 

src/main/java/org/qortal/api/ApiErrorRoot.java

@@ -0,0 +1,20 @@
+package org.qortal.api;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+public class ApiErrorRoot {
+
+	private ApiError apiError;
+
+	@XmlJavaTypeAdapter(ApiErrorTypeAdapter.class)
+	@XmlElement(name = "error")
+	public ApiError getApiError() {
+		return this.apiError;
+	}
+
+	public void setApiError(ApiError apiError) {
+		this.apiError = apiError;
+	}
+
+}

src/main/java/org/qortal/api/ApiErrorTypeAdapter.java

@@ -0,0 +1,32 @@
+package org.qortal.api;
+
+import javax.xml.bind.annotation.adapters.XmlAdapter;
+
+public class ApiErrorTypeAdapter extends XmlAdapter<ApiErrorTypeAdapter.AdaptedApiError, ApiError> {
+
+	public static class AdaptedApiError {
+		public int code;
+		public String description;
+	}
+
+	@Override
+	public ApiError unmarshal(AdaptedApiError adaptedInput) throws Exception {
+		if (adaptedInput == null)
+			return null;
+
+		return ApiError.fromCode(adaptedInput.code);
+	}
+
+	@Override
+	public AdaptedApiError marshal(ApiError output) throws Exception {
+		if (output == null)
+			return null;
+
+		AdaptedApiError adaptedOutput = new AdaptedApiError();
+		adaptedOutput.code = output.getCode();
+		adaptedOutput.description = output.name();
+
+		return adaptedOutput;
+	}
+
+}

src/main/java/org/qortal/api/ApiRequest.java

@@ -149,8 +149,8 @@ public class ApiRequest {
 		HttpURLConnection con = (HttpURLConnection) url.openConnection();
 
 		con.setRequestMethod("GET");
-		con.setConnectTimeout(5000);
-		con.setReadTimeout(3000);
+		con.setConnectTimeout(30000);
+		con.setReadTimeout(10000);
 		ApiRequest.setConnectionSSL(con, ipAddress);
 
 		int status = con.getResponseCode();

src/main/java/org/qortal/api/ApiService.java

@@ -2,15 +2,31 @@ package org.qortal.api;
 
 import io.swagger.v3.jaxrs2.integration.resources.OpenApiResource;
 
+import java.io.InputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.SecureRandom;
 
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+
+import org.eclipse.jetty.http.HttpVersion;
 import org.eclipse.jetty.rewrite.handler.RedirectPatternRule;
 import org.eclipse.jetty.rewrite.handler.RewriteHandler;
 import org.eclipse.jetty.server.CustomRequestLog;
+import org.eclipse.jetty.server.DetectorConnectionFactory;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.RequestLog;
 import org.eclipse.jetty.server.RequestLogWriter;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.server.handler.ErrorHandler;
 import org.eclipse.jetty.server.handler.InetAccessHandler;
 import org.eclipse.jetty.servlet.DefaultServlet;
@@ -18,10 +34,18 @@ import org.eclipse.jetty.servlet.FilterHolder;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.servlets.CrossOriginFilter;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.glassfish.jersey.server.ResourceConfig;
 import org.glassfish.jersey.servlet.ServletContainer;
 import org.qortal.api.resource.AnnotationPostProcessor;
 import org.qortal.api.resource.ApiDefinition;
+import org.qortal.api.websocket.ActiveChatsWebSocket;
+import org.qortal.api.websocket.AdminStatusWebSocket;
+import org.qortal.api.websocket.BlocksWebSocket;
+import org.qortal.api.websocket.ChatMessagesWebSocket;
+import org.qortal.api.websocket.PresenceWebSocket;
+import org.qortal.api.websocket.TradeBotWebSocket;
+import org.qortal.api.websocket.TradeOffersWebSocket;
 import org.qortal.settings.Settings;
 
 public class ApiService {
@@ -53,9 +77,57 @@ public class ApiService {
 	public void start() {
 		try {
 			// Create API server
-			InetAddress bindAddr = InetAddress.getByName(Settings.getInstance().getBindAddress());
-			InetSocketAddress endpoint = new InetSocketAddress(bindAddr, Settings.getInstance().getApiPort());
-			this.server = new Server(endpoint);
+
+			// SSL support if requested
+			String keystorePathname = Settings.getInstance().getSslKeystorePathname();
+			String keystorePassword = Settings.getInstance().getSslKeystorePassword();
+
+			if (keystorePathname != null && keystorePassword != null) {
+				// SSL version
+				if (!Files.isReadable(Path.of(keystorePathname)))
+					throw new RuntimeException("Failed to start SSL API due to broken keystore");
+
+				// BouncyCastle-specific SSLContext build
+				SSLContext sslContext = SSLContext.getInstance("TLS", "BCJSSE");
+				KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "BCJSSE");
+
+				KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType(), "BC");
+
+				try (InputStream keystoreStream = Files.newInputStream(Paths.get(keystorePathname))) {
+					keyStore.load(keystoreStream, keystorePassword.toCharArray());
+				}
+
+				keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
+				sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
+
+				SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+				sslContextFactory.setSslContext(sslContext);
+
+				this.server = new Server();
+
+				HttpConfiguration httpConfig = new HttpConfiguration();
+				httpConfig.setSecureScheme("https");
+				httpConfig.setSecurePort(Settings.getInstance().getApiPort());
+
+				SecureRequestCustomizer src = new SecureRequestCustomizer();
+				httpConfig.addCustomizer(src);
+
+				HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfig);
+				SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
+
+				ServerConnector portUnifiedConnector = new ServerConnector(this.server,
+						new DetectorConnectionFactory(sslConnectionFactory),
+						httpConnectionFactory);
+				portUnifiedConnector.setHost(Settings.getInstance().getBindAddress());
+				portUnifiedConnector.setPort(Settings.getInstance().getApiPort());
+
+				this.server.addConnector(portUnifiedConnector);
+			} else {
+				// Non-SSL
+				InetAddress bindAddr = InetAddress.getByName(Settings.getInstance().getBindAddress());
+				InetSocketAddress endpoint = new InetSocketAddress(bindAddr, Settings.getInstance().getApiPort());
+				this.server = new Server(endpoint);
+			}
 
 			// Error handler
 			ErrorHandler errorHandler = new ApiErrorHandler();
@@ -108,10 +180,29 @@ public class ApiService {
 				swaggerUIServlet.setInitParameter("pathInfoOnly", "true");
 				context.addServlet(swaggerUIServlet, "/api-documentation/*");
 
-				rewriteHandler.addRule(new RedirectPatternRule("", "/api-documentation/")); // redirect to Swagger UI start page
-				rewriteHandler.addRule(new RedirectPatternRule("/api-documentation", "/api-documentation/")); // redirect to Swagger UI start page
+				rewriteHandler.addRule(new RedirectPatternRule("", "/api-documentation/")); // redirect empty path to API docs
+				rewriteHandler.addRule(new RedirectPatternRule("/api-documentation", "/api-documentation/")); // redirect to add trailing slash if missing
+			} else {
+				// Simple pages that explains that API documentation is disabled
+				ClassLoader loader = this.getClass().getClassLoader();
+				ServletHolder swaggerUIServlet = new ServletHolder("api-docs-disabled", DefaultServlet.class);
+				swaggerUIServlet.setInitParameter("resourceBase", loader.getResource("api-docs-disabled/").toString());
+				swaggerUIServlet.setInitParameter("dirAllowed", "true");
+				swaggerUIServlet.setInitParameter("pathInfoOnly", "true");
+				context.addServlet(swaggerUIServlet, "/api-documentation/*");
+
+				rewriteHandler.addRule(new RedirectPatternRule("", "/api-documentation/")); // redirect empty path to API docs
+				rewriteHandler.addRule(new RedirectPatternRule("/api-documentation", "/api-documentation/")); // redirect to add trailing slash if missing
 			}
 
+			context.addServlet(AdminStatusWebSocket.class, "/websockets/admin/status");
+			context.addServlet(BlocksWebSocket.class, "/websockets/blocks");
+			context.addServlet(ActiveChatsWebSocket.class, "/websockets/chat/active/*");
+			context.addServlet(ChatMessagesWebSocket.class, "/websockets/chat/messages");
+			context.addServlet(TradeOffersWebSocket.class, "/websockets/crosschain/tradeoffers");
+			context.addServlet(TradeBotWebSocket.class, "/websockets/crosschain/tradebot");
+			context.addServlet(PresenceWebSocket.class, "/websockets/presence");
+
 			// Start server
 			this.server.start();
 		} catch (Exception e) {

src/main/java/org/qortal/api/Base58TypeAdapter.java

@@ -2,7 +2,7 @@ package org.qortal.api;
 
 import javax.xml.bind.annotation.adapters.XmlAdapter;
 
-import org.bitcoinj.core.Base58;
+import org.qortal.utils.Base58;
 
 public class Base58TypeAdapter extends XmlAdapter<String, byte[]> {
 

src/main/java/org/qortal/api/RewardSharePercentTypeAdapter.java

@@ -0,0 +1,25 @@
+package org.qortal.api;
+
+import java.math.BigDecimal;
+
+import javax.xml.bind.annotation.adapters.XmlAdapter;
+
+public class RewardSharePercentTypeAdapter extends XmlAdapter<String, Integer> {
+
+	@Override
+	public Integer unmarshal(String input) throws Exception {
+		if (input == null)
+			return null;
+
+		return new BigDecimal(input).setScale(2).unscaledValue().intValue();
+	}
+
+	@Override
+	public String marshal(Integer output) throws Exception {
+		if (output == null)
+			return null;
+
+		return String.format("%d.%02d", output / 100, Math.abs(output % 100));
+	}
+
+}

src/main/java/org/qortal/api/Security.java

@@ -5,10 +5,20 @@ import java.net.UnknownHostException;
 
 import javax.servlet.http.HttpServletRequest;
 
-public class Security {
+import org.qortal.settings.Settings;
+
+public abstract class Security {
+
+	public static final String API_KEY_HEADER = "X-API-KEY";
 
-	// TODO: replace with proper authentication
 	public static void checkApiCallAllowed(HttpServletRequest request) {
+		String expectedApiKey = Settings.getInstance().getApiKey();
+		String passedApiKey = request.getHeader(API_KEY_HEADER);
+
+		if ((expectedApiKey != null && !expectedApiKey.equals(passedApiKey)) ||
+				(passedApiKey != null && !passedApiKey.equals(expectedApiKey)))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.UNAUTHORIZED);
+
 		InetAddress remoteAddr;
 		try {
 			remoteAddr = InetAddress.getByName(request.getRemoteAddr());
@@ -19,4 +29,5 @@ public class Security {
 		if (!remoteAddr.isLoopbackAddress())
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.UNAUTHORIZED);
 	}
+
 }

src/main/java/org/qortal/api/model/ActivitySummary.java

@@ -1,5 +1,6 @@
 package org.qortal.api.model;
 
+import java.util.Collections;
 import java.util.EnumMap;
 import java.util.Map;
 
@@ -13,17 +14,61 @@ import org.qortal.transaction.Transaction.TransactionType;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class ActivitySummary {
 
-	public int blockCount;
-	public int transactionCount;
-	public int assetsIssued;
-	public int namesRegistered;
+	private int blockCount;
+	private int assetsIssued;
+	private int namesRegistered;
 
 	// Assuming TransactionType values are contiguous so 'length' equals count
 	@XmlJavaTypeAdapter(TransactionCountMapXmlAdapter.class)
-	public Map<TransactionType, Integer> transactionCountByType = new EnumMap<>(TransactionType.class);
+	private Map<TransactionType, Integer> transactionCountByType = new EnumMap<>(TransactionType.class);
+	private int totalTransactionCount = 0;
 
 	public ActivitySummary() {
 		// Needed for JAXB
 	}
 
+	public int getBlockCount() {
+		return this.blockCount;
+	}
+
+	public void setBlockCount(int blockCount) {
+		this.blockCount = blockCount;
+	}
+
+	public int getTotalTransactionCount() {
+		return this.totalTransactionCount;
+	}
+
+	public int getAssetsIssued() {
+		return this.assetsIssued;
+	}
+
+	public void setAssetsIssued(int assetsIssued) {
+		this.assetsIssued = assetsIssued;
+	}
+
+	public int getNamesRegistered() {
+		return this.namesRegistered;
+	}
+
+	public void setNamesRegistered(int namesRegistered) {
+		this.namesRegistered = namesRegistered;
+	}
+
+	public Map<TransactionType, Integer> getTransactionCountByType() {
+		return Collections.unmodifiableMap(this.transactionCountByType);
+	}
+
+	public void setTransactionCountByType(TransactionType transactionType, int transactionCount) {
+		this.transactionCountByType.put(transactionType, transactionCount);
+
+		this.totalTransactionCount = this.transactionCountByType.values().stream().mapToInt(Integer::intValue).sum();
+	}
+
+	public void setTransactionCountByType(Map<TransactionType, Integer> transactionCountByType) {
+		this.transactionCountByType = new EnumMap<>(transactionCountByType);
+
+		this.totalTransactionCount = this.transactionCountByType.values().stream().mapToInt(Integer::intValue).sum();
+	}
+
 }

src/main/java/org/qortal/api/model/AddressListRequest.java

@@ -0,0 +1,18 @@
+package org.qortal.api.model;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import java.util.List;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class AddressListRequest {
+
+	@Schema(description = "A list of addresses")
+	public List<String> addresses;
+
+	public AddressListRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/AggregatedOrder.java

@@ -1,11 +1,10 @@
 package org.qortal.api.model;
 
-import java.math.BigDecimal;
-
 import javax.xml.bind.Marshaller;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
 import org.qortal.data.asset.OrderData;
 
@@ -29,12 +28,14 @@ public class AggregatedOrder {
 	}
 
 	@XmlElement(name = "price")
-	public BigDecimal getPrice() {
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long getPrice() {
 		return this.orderData.getPrice();
 	}
 
 	@XmlElement(name = "unfulfilled")
-	public BigDecimal getUnfulfilled() {
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long getUnfulfilled() {
 		return this.orderData.getAmount();
 	}
 

src/main/java/org/qortal/api/model/BlockMintingInfo.java

@@ -0,0 +1,23 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class BlockMintingInfo {
+
+	public byte[] minterPublicKey;
+	public int minterLevel;
+	public int onlineAccountsCount;
+	public BigDecimal maxDistance;
+	public BigInteger keyDistance;
+	public double keyDistanceRatio;
+	public long timestamp;
+	public long timeDelta;
+
+	public BlockMintingInfo() {
+	}
+
+}

src/main/java/org/qortal/api/model/BlockSignerSummary.java

@@ -6,7 +6,7 @@ import javax.xml.bind.annotation.XmlAccessorType;
 import org.qortal.crypto.Crypto;
 
 @XmlAccessorType(XmlAccessType.FIELD)
-public class BlockMinterSummary {
+public class BlockSignerSummary {
 
 	// Properties
 
@@ -20,22 +20,25 @@ public class BlockMinterSummary {
 
 	// Constructors
 
-	protected BlockMinterSummary() {
+	protected BlockSignerSummary() {
 	}
 
-	/** Constructs BlockMinterSummary in non-reward-share context. */
-	public BlockMinterSummary(byte[] blockMinterPublicKey, int blockCount) {
+	/** Constructs BlockSignerSummary in non-reward-share context. */
+	public BlockSignerSummary(byte[] blockMinterPublicKey, int blockCount) {
 		this.blockCount = blockCount;
 
 		this.mintingAccountPublicKey = blockMinterPublicKey;
 		this.mintingAccount = Crypto.toAddress(this.mintingAccountPublicKey);
 	}
 
-	/** Constructs BlockMinterSummary in reward-share context. */
-	public BlockMinterSummary(byte[] rewardSharePublicKey, int blockCount, byte[] mintingAccountPublicKey, String recipientAccount) {
-		this(mintingAccountPublicKey, blockCount);
-
+	/** Constructs BlockSignerSummary in reward-share context. */
+	public BlockSignerSummary(byte[] rewardSharePublicKey, int blockCount, byte[] mintingAccountPublicKey, String minterAccount, String recipientAccount) {
 		this.rewardSharePublicKey = rewardSharePublicKey;
+		this.blockCount = blockCount;
+
+		this.mintingAccountPublicKey = mintingAccountPublicKey;
+		this.mintingAccount = minterAccount;
+
 		this.recipientAccount = recipientAccount;
 	}
 

src/main/java/org/qortal/api/model/ConnectedPeer.java

@@ -1,61 +1,74 @@
 package org.qortal.api.model;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-
+import io.swagger.v3.oas.annotations.media.Schema;
 import org.qortal.data.network.PeerChainTipData;
 import org.qortal.data.network.PeerData;
 import org.qortal.network.Handshake;
 import org.qortal.network.Peer;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
 @XmlAccessorType(XmlAccessType.FIELD)
 public class ConnectedPeer {
 
-	public enum Direction {
-		INBOUND,
-		OUTBOUND;
-	}
-	public Direction direction;
-	public Handshake handshakeStatus;
-	public Long lastPing;
-	public Long connectedWhen;
-	public Long peersConnectedWhen;
+    public enum Direction {
+        INBOUND,
+        OUTBOUND;
+    }
 
-	public String address;
-	public String version;
-	public Long buildTimestamp;
+    public Direction direction;
+    public Handshake handshakeStatus;
+    public Long lastPing;
+    public Long connectedWhen;
+    public Long peersConnectedWhen;
 
-	public Integer lastHeight;
-	@Schema(example = "base58")
-	public byte[] lastBlockSignature;
-	public Long lastBlockTimestamp;
+    public String address;
+    public String version;
 
-	protected ConnectedPeer() {
-	}
+    public String nodeId;
 
-	public ConnectedPeer(Peer peer) {
-		this.direction = peer.isOutbound() ? Direction.OUTBOUND : Direction.INBOUND;
-		this.handshakeStatus = peer.getHandshakeStatus();
-		this.lastPing = peer.getLastPing();
+    public Integer lastHeight;
+    @Schema(example = "base58")
+    public byte[] lastBlockSignature;
+    public Long lastBlockTimestamp;
+    public UUID connectionId;
+    public String age;
 
-		PeerData peerData = peer.getPeerData();
-		this.connectedWhen = peer.getConnectionTimestamp();
-		this.peersConnectedWhen = peer.getPeersConnectionTimestamp();
+    protected ConnectedPeer() {
+    }
 
-		this.address = peerData.getAddress().toString();
-		if (peer.getVersionMessage() != null) {
-			this.version = peer.getVersionMessage().getVersionString();
-			this.buildTimestamp = peer.getVersionMessage().getBuildTimestamp();
-		}
+    public ConnectedPeer(Peer peer) {
+        this.direction = peer.isOutbound() ? Direction.OUTBOUND : Direction.INBOUND;
+        this.handshakeStatus = peer.getHandshakeStatus();
+        this.lastPing = peer.getLastPing();
 
-		PeerChainTipData peerChainTipData = peer.getChainTipData();
-		if (peerChainTipData != null) {
-			this.lastHeight = peerChainTipData.getLastHeight();
-			this.lastBlockSignature = peerChainTipData.getLastBlockSignature();
-			this.lastBlockTimestamp = peerChainTipData.getLastBlockTimestamp();
-		}
-	}
+        PeerData peerData = peer.getPeerData();
+        this.connectedWhen = peer.getConnectionTimestamp();
+        this.peersConnectedWhen = peer.getPeersConnectionTimestamp();
+
+        this.address = peerData.getAddress().toString();
+
+        this.version = peer.getPeersVersionString();
+        this.nodeId = peer.getPeersNodeId();
+        this.connectionId = peer.getPeerConnectionId();
+        if (peer.getConnectionEstablishedTime() > 0) {
+            long age = (System.currentTimeMillis() - peer.getConnectionEstablishedTime());
+            long minutes = TimeUnit.MILLISECONDS.toMinutes(age);
+            long seconds = TimeUnit.MILLISECONDS.toSeconds(age) - TimeUnit.MINUTES.toSeconds(minutes);
+            this.age = String.format("%dm %ds", minutes, seconds);
+        } else {
+            this.age = "connecting...";
+        }
+
+        PeerChainTipData peerChainTipData = peer.getChainTipData();
+        if (peerChainTipData != null) {
+            this.lastHeight = peerChainTipData.getLastHeight();
+            this.lastBlockSignature = peerChainTipData.getLastBlockSignature();
+            this.lastBlockTimestamp = peerChainTipData.getLastBlockTimestamp();
+        }
+    }
 
 }

src/main/java/org/qortal/api/model/CrossChainBitcoinRedeemRequest.java

@@ -0,0 +1,34 @@
+package org.qortal.api.model;
+
+import java.math.BigDecimal;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainBitcoinRedeemRequest {
+
+	@Schema(description = "Bitcoin HASH160(public key) for refund", example = "2nGDBPPPFS1c9w1h33YwFk4KUJU2")
+	public byte[] refundPublicKeyHash;
+
+	@Schema(description = "Bitcoin PRIVATE KEY for redeem", example = "cUvGNSnu14q6Hr1X7TESjYVTqBpFjj8GGLGjGdpJwD9NhSQKeYUk")
+	public byte[] redeemPrivateKey;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	@Schema(description = "Bitcoin miner fee", example = "0.00001000")
+	public BigDecimal bitcoinMinerFee;
+
+	@Schema(description = "32-byte secret", example = "6gVbAXCVzJXAWwtAVGAfgAkkXpeXvPUwSciPmCfSfXJG")
+	public byte[] secret;
+
+	@Schema(description = "Bitcoin HASH160(public key) for receiving funds, or omit to derive from private key", example = "u17kBVKkKSp12oUzaxFwNnq1JZf")
+	public byte[] receivingAccountInfo;
+
+	public CrossChainBitcoinRedeemRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainBitcoinRefundRequest.java

@@ -0,0 +1,31 @@
+package org.qortal.api.model;
+
+import java.math.BigDecimal;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainBitcoinRefundRequest {
+
+	@Schema(description = "Bitcoin PRIVATE KEY for refund", example = "cSP3zTb6bfm8GATtAcEJ8LqYtNQmzZ9jE2wQUVnZGiBzojDdrwKV")
+	public byte[] refundPrivateKey;
+
+	@Schema(description = "Bitcoin HASH160(public key) for redeem", example = "2daMveGc5pdjRyFacbxBzMksCbyC")
+	public byte[] redeemPublicKeyHash;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	@Schema(description = "Bitcoin miner fee", example = "0.00001000")
+	public BigDecimal bitcoinMinerFee;
+
+	@Schema(description = "Bitcoin HASH160(public key) for receiving funds, or omit to derive from private key", example = "u17kBVKkKSp12oUzaxFwNnq1JZf")
+	public byte[] receivingAccountInfo;
+
+	public CrossChainBitcoinRefundRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainBitcoinTemplateRequest.java

@@ -0,0 +1,23 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainBitcoinTemplateRequest {
+
+	@Schema(description = "Bitcoin HASH160(public key) for refund", example = "2nGDBPPPFS1c9w1h33YwFk4KUJU2")
+	public byte[] refundPublicKeyHash;
+
+	@Schema(description = "Bitcoin HASH160(public key) for redeem", example = "2daMveGc5pdjRyFacbxBzMksCbyC")
+	public byte[] redeemPublicKeyHash;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	public CrossChainBitcoinTemplateRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainBitcoinyHTLCStatus.java

@@ -0,0 +1,31 @@
+package org.qortal.api.model;
+
+import java.math.BigDecimal;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainBitcoinyHTLCStatus {
+
+	@Schema(description = "P2SH address", example = "3CdH27kTpV8dcFHVRYjQ8EEV5FJg9X8pSJ (mainnet), 2fMiRRXVsxhZeyfum9ifybZvaMHbQTmwdZw (testnet)")
+	public String bitcoinP2shAddress;
+
+	@Schema(description = "P2SH balance")
+	public BigDecimal bitcoinP2shBalance;
+
+	@Schema(description = "Can HTLC redeem yet?")
+	public boolean canRedeem;
+
+	@Schema(description = "Can HTLC refund yet?")
+	public boolean canRefund;
+
+	@Schema(description = "Secret used by HTLC redeemer")
+	public byte[] secret;
+
+	public CrossChainBitcoinyHTLCStatus() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainBuildRequest.java

@@ -0,0 +1,39 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainBuildRequest {
+
+	@Schema(description = "AT creator's public key", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] creatorPublicKey;
+
+	@Schema(description = "Final QORT amount paid out on successful trade", example = "80.40200000")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long qortAmount;
+
+	@Schema(description = "QORT amount funding AT, including covering AT execution fees", example = "123.45670000")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long fundingQortAmount;
+
+	@Schema(description = "HASH160 of creator's Bitcoin public key", example = "2daMveGc5pdjRyFacbxBzMksCbyC")
+	public byte[] bitcoinPublicKeyHash;
+
+	@Schema(description = "HASH160 of secret", example = "43vnftqkjxrhb5kJdkU1ZFQLEnWV")
+	public byte[] hashOfSecretB;
+
+	@Schema(description = "Bitcoin P2SH BTC balance for release of secret", example = "0.00864200")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long bitcoinAmount;
+
+	@Schema(description = "Trade time window (minutes) from trade agreement to automatic refund", example = "10080")
+	public Integer tradeTimeout;
+
+	public CrossChainBuildRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainCancelRequest.java

@@ -0,0 +1,20 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainCancelRequest {
+
+	@Schema(description = "AT creator's public key", example = "K6wuddsBV3HzRrXFFezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] creatorPublicKey;
+
+	@Schema(description = "Qortal trade AT address")
+	public String atAddress;
+
+	public CrossChainCancelRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainDualSecretRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainDualSecretRequest {
+
+	@Schema(description = "Public key to match AT's trade 'partner'", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] partnerPublicKey;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	@Schema(description = "secret-A (32 bytes)", example = "FHMzten4he9jZ4HGb4297Utj6F5g2w7serjq2EnAg2s1")
+	public byte[] secretA;
+
+	@Schema(description = "secret-B (32 bytes)", example = "EN2Bgx3BcEMtxFCewmCVSMkfZjVKYhx3KEXC5A21KBGx")
+	public byte[] secretB;
+
+	@Schema(description = "Qortal address for receiving QORT from AT")
+	public String receivingAddress;
+
+	public CrossChainDualSecretRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainOfferSummary.java

@@ -0,0 +1,127 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import org.qortal.crosschain.AcctMode;
+import org.qortal.data.crosschain.CrossChainTradeData;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+// All properties to be converted to JSON via JAXB
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainOfferSummary {
+
+	// Properties
+
+	@Schema(description = "AT's Qortal address")
+	private String qortalAtAddress;
+
+	@Schema(description = "AT creator's Qortal address")
+	private String qortalCreator;
+
+	@Schema(description = "AT creator's ephemeral trading key-pair represented as Qortal address")
+	private String qortalCreatorTradeAddress;
+
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long qortAmount;
+
+	@Schema(description = "Bitcoin amount - DEPRECATED: use foreignAmount")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	@Deprecated
+	private long btcAmount;
+
+	@Schema(description = "Foreign blockchain amount")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long foreignAmount;
+
+	@Schema(description = "Suggested trade timeout (minutes)", example = "10080")
+	private int tradeTimeout;
+
+	@Schema(description = "Current AT execution mode")
+	private AcctMode mode;
+
+	private long timestamp;
+
+	@Schema(description = "Trade partner's Qortal receiving address")
+	private String partnerQortalReceivingAddress;
+
+	private String foreignBlockchain;
+
+	private String acctName;
+
+	protected CrossChainOfferSummary() {
+		/* For JAXB */
+	}
+
+	public CrossChainOfferSummary(CrossChainTradeData crossChainTradeData, long timestamp) {
+		this.qortalAtAddress = crossChainTradeData.qortalAtAddress;
+		this.qortalCreator = crossChainTradeData.qortalCreator;
+		this.qortalCreatorTradeAddress = crossChainTradeData.qortalCreatorTradeAddress;
+		this.qortAmount = crossChainTradeData.qortAmount;
+		this.foreignAmount = crossChainTradeData.expectedForeignAmount;
+		this.btcAmount = this.foreignAmount; // Duplicate for deprecated field
+		this.tradeTimeout = crossChainTradeData.tradeTimeout;
+		this.mode = crossChainTradeData.mode;
+		this.timestamp = timestamp;
+		this.partnerQortalReceivingAddress = crossChainTradeData.qortalPartnerReceivingAddress;
+		this.foreignBlockchain = crossChainTradeData.foreignBlockchain;
+		this.acctName = crossChainTradeData.acctName;
+	}
+
+	public String getQortalAtAddress() {
+		return this.qortalAtAddress;
+	}
+
+	public String getQortalCreator() {
+		return this.qortalCreator;
+	}
+
+	public String getQortalCreatorTradeAddress() {
+		return this.qortalCreatorTradeAddress;
+	}
+
+	public long getQortAmount() {
+		return this.qortAmount;
+	}
+
+	public long getBtcAmount() {
+		return this.btcAmount;
+	}
+
+	public long getForeignAmount() {
+		return this.foreignAmount;
+	}
+
+	public int getTradeTimeout() {
+		return this.tradeTimeout;
+	}
+
+	public AcctMode getMode() {
+		return this.mode;
+	}
+
+	public long getTimestamp() {
+		return this.timestamp;
+	}
+
+	public String getPartnerQortalReceivingAddress() {
+		return this.partnerQortalReceivingAddress;
+	}
+
+	public String getForeignBlockchain() {
+		return this.foreignBlockchain;
+	}
+
+	public String getAcctName() {
+		return this.acctName;
+	}
+
+	// For debugging mostly
+
+	public String toString() {
+		return String.format("%s: %s", this.qortalAtAddress, this.mode);
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainSecretRequest.java

@@ -0,0 +1,26 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainSecretRequest {
+
+	@Schema(description = "Private key to match AT's trade 'partner'", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] partnerPrivateKey;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	@Schema(description = "Secret (32 bytes)", example = "FHMzten4he9jZ4HGb4297Utj6F5g2w7serjq2EnAg2s1")
+	public byte[] secret;
+
+	@Schema(description = "Qortal address for receiving QORT from AT")
+	public String receivingAddress;
+
+	public CrossChainSecretRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainTradeRequest.java

@@ -0,0 +1,23 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainTradeRequest {
+
+	@Schema(description = "AT creator's 'trade' public key", example = "C6wuddsBV3HzRrXUtezE7P5MoRXp5m3mEDokRDGZB6ry")
+	public byte[] tradePublicKey;
+
+	@Schema(description = "Qortal AT address")
+	public String atAddress;
+
+	@Schema(description = "Signature of trading partner's 'offer' MESSAGE transaction")
+	public byte[] messageTransactionSignature;
+
+	public CrossChainTradeRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/CrossChainTradeSummary.java

@@ -0,0 +1,67 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import org.qortal.data.crosschain.CrossChainTradeData;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+// All properties to be converted to JSON via JAXB
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CrossChainTradeSummary {
+
+	private long tradeTimestamp;
+
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long qortAmount;
+
+	@Deprecated
+	@Schema(description = "DEPRECATED: use foreignAmount instead")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long btcAmount;
+
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	private long foreignAmount;
+
+	private String atAddress;
+
+	private String sellerAddress;
+
+	private String buyerReceivingAddress;
+
+	protected CrossChainTradeSummary() {
+		/* For JAXB */
+	}
+
+	public CrossChainTradeSummary(CrossChainTradeData crossChainTradeData, long timestamp) {
+		this.tradeTimestamp = timestamp;
+		this.qortAmount = crossChainTradeData.qortAmount;
+		this.foreignAmount = crossChainTradeData.expectedForeignAmount;
+		this.btcAmount = this.foreignAmount;
+		this.sellerAddress = crossChainTradeData.qortalCreator;
+		this.buyerReceivingAddress = crossChainTradeData.qortalPartnerReceivingAddress;
+		this.atAddress = crossChainTradeData.qortalAtAddress;
+	}
+
+	public long getTradeTimestamp() {
+		return this.tradeTimestamp;
+	}
+
+	public long getQortAmount() {
+		return this.qortAmount;
+	}
+
+	public long getBtcAmount() {
+		return this.btcAmount;
+	}
+
+	public long getForeignAmount() { return this.foreignAmount; }
+
+	public String getAtAddress() { return this.atAddress; }
+
+	public String getSellerAddress() { return this.sellerAddress; }
+
+	public String getBuyerReceivingAddressAddress() { return this.buyerReceivingAddress; }
+}

src/main/java/org/qortal/api/model/NodeInfo.java

@@ -10,6 +10,8 @@ public class NodeInfo {
 	public long uptime;
 	public String buildVersion;
 	public long buildTimestamp;
+	public String nodeId;
+	public boolean isTestNet;
 
 	public NodeInfo() {
 	}

src/main/java/org/qortal/api/model/NodeStatus.java

@@ -0,0 +1,33 @@
+package org.qortal.api.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import org.qortal.controller.Controller;
+import org.qortal.network.Network;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class NodeStatus {
+
+	public final boolean isMintingPossible;
+	public final boolean isSynchronizing;
+
+	// Not always present
+	public final Integer syncPercent;
+
+	public final int numberOfConnections;
+
+	public final int height;
+
+	public NodeStatus() {
+		this.isMintingPossible = Controller.getInstance().isMintingPossible();
+
+		this.syncPercent = Controller.getInstance().getSyncPercent();
+		this.isSynchronizing = this.syncPercent != null;
+
+		this.numberOfConnections = Network.getInstance().getHandshakedPeers().size();
+
+		this.height = Controller.getInstance().getChainHeight();
+	}
+
+}

src/main/java/org/qortal/api/model/SimpleForeignTransaction.java

@@ -0,0 +1,157 @@
+package org.qortal.api.model;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class SimpleForeignTransaction {
+
+	public static class AddressAmount {
+		public final String address;
+		public final long amount;
+
+		protected AddressAmount() {
+			/* For JAXB */
+			this.address = null;
+			this.amount = 0;
+		}
+
+		public AddressAmount(String address, long amount) {
+			this.address = address;
+			this.amount = amount;
+		}
+	}
+
+	private String txHash;
+	private long timestamp;
+
+	private List<AddressAmount> inputs;
+
+	public static class Output {
+		public final List<String> addresses;
+		public final long amount;
+
+		protected Output() {
+			/* For JAXB */
+			this.addresses = null;
+			this.amount = 0;
+		}
+
+		public Output(List<String> addresses, long amount) {
+			this.addresses = addresses;
+			this.amount = amount;
+		}
+	}
+	private List<Output> outputs;
+
+	private long totalAmount;
+	private long fees;
+
+	private Boolean isSentNotReceived;
+
+	protected SimpleForeignTransaction() {
+		/* For JAXB */
+	}
+
+	private SimpleForeignTransaction(Builder builder) {
+		this.txHash = builder.txHash;
+		this.timestamp = builder.timestamp;
+		this.inputs = Collections.unmodifiableList(builder.inputs);
+		this.outputs = Collections.unmodifiableList(builder.outputs);
+
+		Objects.requireNonNull(this.txHash);
+		if (timestamp <= 0)
+			throw new IllegalArgumentException("timestamp must be positive");
+
+		long totalGrossAmount = this.inputs.stream().map(addressAmount -> addressAmount.amount).reduce(0L, Long::sum);
+		this.totalAmount = this.outputs.stream().map(addressAmount -> addressAmount.amount).reduce(0L, Long::sum);
+
+		this.fees = totalGrossAmount - this.totalAmount;
+
+		this.isSentNotReceived = builder.isSentNotReceived;
+	}
+
+	public String getTxHash() {
+		return this.txHash;
+	}
+
+	public long getTimestamp() {
+		return this.timestamp;
+	}
+
+	public List<AddressAmount> getInputs() {
+		return this.inputs;
+	}
+
+	public List<Output> getOutputs() {
+		return this.outputs;
+	}
+
+	public long getTotalAmount() {
+		return this.totalAmount;
+	}
+
+	public long getFees() {
+		return this.fees;
+	}
+
+	public Boolean isSentNotReceived() {
+		return this.isSentNotReceived;
+	}
+
+	public static class Builder {
+		private String txHash;
+		private long timestamp;
+		private List<AddressAmount> inputs = new ArrayList<>();
+		private List<Output> outputs = new ArrayList<>();
+		private Boolean isSentNotReceived;
+
+		public Builder txHash(String txHash) {
+			this.txHash = Objects.requireNonNull(txHash);
+			return this;
+		}
+
+		public Builder timestamp(long timestamp) {
+			if (timestamp <= 0)
+				throw new IllegalArgumentException("timestamp must be positive");
+
+			this.timestamp = timestamp;
+			return this;
+		}
+
+		public Builder input(String address, long amount) {
+			Objects.requireNonNull(address);
+			if (amount < 0)
+				throw new IllegalArgumentException("amount must be zero or positive");
+
+			AddressAmount input = new AddressAmount(address, amount);
+			inputs.add(input);
+			return this;
+		}
+
+		public Builder output(List<String> addresses, long amount) {
+			Objects.requireNonNull(addresses);
+			if (amount < 0)
+				throw new IllegalArgumentException("amount must be zero or positive");
+
+			Output output = new Output(addresses, amount);
+			outputs.add(output);
+			return this;
+		}
+
+		public Builder isSentNotReceived(Boolean isSentNotReceived) {
+			this.isSentNotReceived = isSentNotReceived;
+			return this;
+		}
+
+		public SimpleForeignTransaction build() {
+			return new SimpleForeignTransaction(this);
+		}
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/BitcoinSendRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class BitcoinSendRequest {
+
+	@Schema(description = "Bitcoin BIP32 extended private key", example = "tprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Recipient's Bitcoin address ('legacy' P2PKH only)", example = "1BitcoinEaterAddressDontSendf59kuE")
+	public String receivingAddress;
+
+	@Schema(description = "Amount of BTC to send", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long bitcoinAmount;
+
+	@Schema(description = "Transaction fee per byte (optional). Default is 0.00000100 BTC (100 sats) per byte", example = "0.00000100", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long feePerByte;
+
+	public BitcoinSendRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/DogecoinSendRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class DogecoinSendRequest {
+
+	@Schema(description = "Dogecoin BIP32 extended private key", example = "tprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Recipient's Dogecoin address ('legacy' P2PKH only)", example = "DoGecoinEaterAddressDontSendhLfzKD")
+	public String receivingAddress;
+
+	@Schema(description = "Amount of DOGE to send", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long dogecoinAmount;
+
+	@Schema(description = "Transaction fee per byte (optional). Default is 0.00000100 DOGE (100 sats) per byte", example = "0.00000100", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long feePerByte;
+
+	public DogecoinSendRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/LitecoinSendRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class LitecoinSendRequest {
+
+	@Schema(description = "Litecoin BIP32 extended private key", example = "tprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Recipient's Litecoin address ('legacy' P2PKH only)", example = "LiTecoinEaterAddressDontSendhLfzKD")
+	public String receivingAddress;
+
+	@Schema(description = "Amount of LTC to send", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long litecoinAmount;
+
+	@Schema(description = "Transaction fee per byte (optional). Default is 0.00000100 LTC (100 sats) per byte", example = "0.00000100", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long feePerByte;
+
+	public LitecoinSendRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/TradeBotCreateRequest.java

@@ -0,0 +1,46 @@
+package org.qortal.api.model.crosschain;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import org.qortal.crosschain.SupportedBlockchain;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class TradeBotCreateRequest {
+
+	@Schema(description = "Trade creator's public key", example = "2zR1WFsbM7akHghqSCYKBPk6LDP8aKiQSRS1FrwoLvoB")
+	public byte[] creatorPublicKey;
+
+	@Schema(description = "QORT amount paid out on successful trade", example = "80.40000000", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long qortAmount;
+
+	@Schema(description = "QORT amount funding AT, including covering AT execution fees", example = "80.50000000", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public long fundingQortAmount;
+
+	@Deprecated
+	@Schema(description = "Bitcoin amount wanted in return. DEPRECATED: use foreignAmount instead", example = "0.00864200", type = "number", hidden = true)
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long bitcoinAmount;
+
+	@Schema(description = "Foreign blockchain. Note: default (BITCOIN) to be removed in the future", example = "BITCOIN", implementation = SupportedBlockchain.class)
+	public SupportedBlockchain foreignBlockchain;
+
+	@Schema(description = "Foreign blockchain amount wanted in return", example = "0.00864200", type = "number")
+	@XmlJavaTypeAdapter(value = org.qortal.api.AmountTypeAdapter.class)
+	public Long foreignAmount;
+
+	@Schema(description = "Suggested trade timeout (minutes)", example = "10080")
+	public int tradeTimeout;
+
+	@Schema(description = "Foreign blockchain address for receiving", example = "1BitcoinEaterAddressDontSendf59kuE")
+	public String receivingAddress;
+
+	public TradeBotCreateRequest() {
+	}
+
+}

src/main/java/org/qortal/api/model/crosschain/TradeBotRespondRequest.java

@@ -0,0 +1,29 @@
+package org.qortal.api.model.crosschain;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@XmlAccessorType(XmlAccessType.FIELD)
+public class TradeBotRespondRequest {
+
+	@Schema(description = "Qortal AT address", example = "Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+	public String atAddress;
+
+	@Deprecated
+	@Schema(description = "Bitcoin BIP32 extended private key. DEPRECATED: use foreignKey instead", hidden = true,
+			example = "xprv___________________________________________________________________________________________________________")
+	public String xprv58;
+
+	@Schema(description = "Foreign blockchain private key, e.g. BIP32 'm' key for Bitcoin/Litecoin starting with 'xprv'",
+			example = "xprv___________________________________________________________________________________________________________")
+	public String foreignKey;
+
+	@Schema(description = "Qortal address for receiving QORT from AT", example = "Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq")
+	public String receivingAddress;
+
+	public TradeBotRespondRequest() {
+	}
+
+}

src/main/java/org/qortal/api/resource/AddressesResource.java

@@ -7,6 +7,7 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import java.math.BigDecimal;
@@ -28,6 +29,7 @@ import org.qortal.api.ApiError;
 import org.qortal.api.ApiErrors;
 import org.qortal.api.ApiException;
 import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
 import org.qortal.api.model.ApiOnlineAccount;
 import org.qortal.api.model.RewardShareKeyRequest;
 import org.qortal.asset.Asset;
@@ -36,18 +38,27 @@ import org.qortal.crypto.Crypto;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.account.RewardShareData;
 import org.qortal.data.network.OnlineAccountData;
+import org.qortal.data.transaction.PublicizeTransactionData;
 import org.qortal.data.transaction.RewardShareTransactionData;
+import org.qortal.data.transaction.TransactionData;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryManager;
 import org.qortal.settings.Settings;
+import org.qortal.transaction.PublicizeTransaction;
 import org.qortal.transaction.Transaction;
+import org.qortal.transaction.Transaction.TransactionType;
 import org.qortal.transaction.Transaction.ValidationResult;
 import org.qortal.transform.TransformationException;
 import org.qortal.transform.Transformer;
+import org.qortal.transform.transaction.PublicizeTransactionTransformer;
 import org.qortal.transform.transaction.RewardShareTransactionTransformer;
+import org.qortal.transform.transaction.TransactionTransformer;
+import org.qortal.utils.Amounts;
 import org.qortal.utils.Base58;
 
+import com.google.common.primitives.Bytes;
+
 @Path("/addresses")
 @Tag(name = "Addresses")
 public class AddressesResource {
@@ -66,32 +77,18 @@ public class AddressesResource {
 			)
 		}
 	)
-	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE})
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
 	public AccountData getAccountInfo(@PathParam("address") String address) {
 		if (!Crypto.isValidAddress(address))
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			AccountData accountData = repository.getAccountRepository().getAccount(address);
-
 			// Not found?
 			if (accountData == null)
-				accountData = new AccountData(address);
-			else {
-				// Unconfirmed transactions could update lastReference
-				Account account = new Account(repository, address);
-
-				// Use last reference based on unconfirmed transactions if possible
-				byte[] unconfirmedLastReference = account.getUnconfirmedLastReference();
-
-				if (unconfirmedLastReference != null)
-					// There are unconfirmed transactions so modify returned data
-					accountData.setReference(unconfirmedLastReference);
-			}
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
 
 			return accountData;
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -100,42 +97,37 @@ public class AddressesResource {
 	@GET
 	@Path("/lastreference/{address}")
 	@Operation(
-		summary = "Fetch reference for next transaction to be created by address, considering unconfirmed transactions",
-		description = "Returns the base58-encoded signature of the last confirmed/unconfirmed transaction created by address, failing that: the first incoming transaction. Returns \"false\" if there is no transactions.",
+		summary = "Fetch reference for next transaction to be created by address",
+		description = "Returns the base58-encoded signature of the last confirmed transaction created by address, failing that: the first incoming transaction. Returns \"false\" if there is no last-reference.",
 		responses = {
 			@ApiResponse(
-				description = "the base58-encoded transaction signature",
+				description = "the base58-encoded last-reference",
 				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
 			)
 		}
 	)
-	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE})
-	public String getLastReferenceUnconfirmed(@PathParam("address") String address) {
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
+	public String getLastReference(@PathParam("address") String address) {
 		if (!Crypto.isValidAddress(address))
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
 
 		byte[] lastReference = null;
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			Account account = new Account(repository, address);
+			AccountData accountData = repository.getAccountRepository().getAccount(address);
+			// Not found?
+			if (accountData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
 
-			// Use last reference based on unconfirmed transactions if possible
-			lastReference = account.getUnconfirmedLastReference();
-
-			if (lastReference == null)
-				// No unconfirmed transactions so fallback to using one save in account data
-				lastReference = account.getLastReference();
-		} catch (ApiException e) {
-			throw e;
+			lastReference = accountData.getReference();
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
 
-		if(lastReference == null || lastReference.length == 0) {
+		if (lastReference == null || lastReference.length == 0)
 			return "false";
-		} else {
-			return Base58.encode(lastReference);
-		}
+
+		return Base58.encode(lastReference);
 	}
 
 	@GET
@@ -192,7 +184,7 @@ public class AddressesResource {
 	@Path("/balance/{address}")
 	@Operation(
 		summary = "Returns account balance",
-		description = "Returns account's balance, optionally of given asset and at given height",
+		description = "Returns account's QORT balance, or of other specified asset",
 		responses = {
 			@ApiResponse(
 				description = "the balance",
@@ -202,8 +194,7 @@ public class AddressesResource {
 	)
 	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.INVALID_ASSET_ID, ApiError.INVALID_HEIGHT,  ApiError.REPOSITORY_ISSUE})
 	public BigDecimal getBalance(@PathParam("address") String address,
-			@QueryParam("assetId") Long assetId,
-			@QueryParam("height") Integer height) {
+			@QueryParam("assetId") Long assetId) {
 		if (!Crypto.isValidAddress(address))
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
 
@@ -215,12 +206,7 @@ public class AddressesResource {
 			else if (!repository.getAssetRepository().assetExists(assetId))
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ASSET_ID);
 
-			if (height == null)
-				height = repository.getBlockRepository().getBlockchainHeight();
-			else if (height <= 0)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_HEIGHT);
-
-			return account.getBalance(assetId, height);
+			return Amounts.toBigDecimal(account.getConfirmedBalance(assetId));
 		} catch (ApiException e) {
 			throw e;
 		} catch (DataException e) {
@@ -414,4 +400,120 @@ public class AddressesResource {
 		}
 	}
 
+	@POST
+	@Path("/publicize")
+	@Operation(
+		summary = "Build raw, unsigned, PUBLICIZE transaction",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = PublicizeTransactionData.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "raw, unsigned, PUBLICIZE transaction encoded in Base58",
+				content = @Content(
+					mediaType = MediaType.TEXT_PLAIN,
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.NON_PRODUCTION, ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	public String publicize(PublicizeTransactionData transactionData) {
+		if (Settings.getInstance().isApiRestricted())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			Transaction transaction = Transaction.fromData(repository, transactionData);
+
+			ValidationResult result = transaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK && result != ValidationResult.INCORRECT_NONCE)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			byte[] bytes = PublicizeTransactionTransformer.toBytes(transactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/publicize/compute")
+	@Operation(
+		summary = "Compute nonce for raw, unsigned PUBLICIZE transaction",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "raw, unsigned PUBLICIZE transaction in base58 encoding",
+					example = "raw transaction base58"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "raw, unsigned, PUBLICIZE transaction encoded in Base58",
+				content = @Content(
+					mediaType = MediaType.TEXT_PLAIN,
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String computePublicize(String rawBytes58) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			byte[] rawBytes = Base58.decode(rawBytes58);
+			// We're expecting unsigned transaction, so append empty signature prior to decoding
+			rawBytes = Bytes.concat(rawBytes, new byte[TransactionTransformer.SIGNATURE_LENGTH]);
+
+			TransactionData transactionData = TransactionTransformer.fromBytes(rawBytes);
+			if (transactionData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			if (transactionData.getType() != TransactionType.PUBLICIZE)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			PublicizeTransaction publicizeTransaction = (PublicizeTransaction) Transaction.fromData(repository, transactionData);
+
+			// Quicker validity check first before we compute nonce
+			ValidationResult result = publicizeTransaction.isValid();
+			if (result != ValidationResult.OK && result != ValidationResult.INCORRECT_NONCE)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			publicizeTransaction.computeNonce();
+
+			// Re-check, but ignores signature
+			result = publicizeTransaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			// Strip zeroed signature
+			transactionData.setSignature(null);
+
+			byte[] bytes = PublicizeTransactionTransformer.toBytes(transactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
 }

src/main/java/org/qortal/api/resource/AdminResource.java

@@ -8,6 +8,7 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import java.io.IOException;
@@ -36,15 +37,15 @@ import javax.ws.rs.core.MediaType;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.core.LoggerContext;
 import org.apache.logging.log4j.core.appender.RollingFileAppender;
+import org.qortal.account.Account;
 import org.qortal.account.PrivateKeyAccount;
-import org.qortal.account.PublicKeyAccount;
 import org.qortal.api.ApiError;
 import org.qortal.api.ApiErrors;
-import org.qortal.api.ApiException;
 import org.qortal.api.ApiExceptionFactory;
 import org.qortal.api.Security;
 import org.qortal.api.model.ActivitySummary;
 import org.qortal.api.model.NodeInfo;
+import org.qortal.api.model.NodeStatus;
 import org.qortal.block.BlockChain;
 import org.qortal.controller.Controller;
 import org.qortal.controller.Synchronizer.SynchronizationResult;
@@ -56,6 +57,7 @@ import org.qortal.network.PeerAddress;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryManager;
+import org.qortal.settings.Settings;
 import org.qortal.utils.Base58;
 import org.qortal.utils.NTP;
 
@@ -116,10 +118,31 @@ public class AdminResource {
 		nodeInfo.uptime = System.currentTimeMillis() - Controller.startTime;
 		nodeInfo.buildVersion = Controller.getInstance().getVersionString();
 		nodeInfo.buildTimestamp = Controller.getInstance().getBuildTimestamp();
+		nodeInfo.nodeId = Network.getInstance().getOurNodeId();
+		nodeInfo.isTestNet = Settings.getInstance().isTestNet();
 
 		return nodeInfo;
 	}
 
+	@GET
+	@Path("/status")
+	@Operation(
+		summary = "Fetch node status",
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = NodeStatus.class))
+			)
+		}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public NodeStatus status() {
+		Security.checkApiCallAllowed(request);
+
+		NodeStatus nodeStatus = new NodeStatus();
+
+		return nodeStatus;
+	}
+
 	@GET
 	@Path("/stop")
 	@Operation(
@@ -132,6 +155,7 @@ public class AdminResource {
 			)
 		}
 	)
+	@SecurityRequirement(name = "apiKey")
 	public String shutdown() {
 		Security.checkApiCallAllowed(request);
 
@@ -160,7 +184,10 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
 	public ActivitySummary summary() {
+		Security.checkApiCallAllowed(request);
+
 		ActivitySummary summary = new ActivitySummary();
 
 		LocalDate date = LocalDate.now();
@@ -172,16 +199,13 @@ public class AdminResource {
 			int startHeight = repository.getBlockRepository().getHeightFromTimestamp(start);
 			int endHeight = repository.getBlockRepository().getBlockchainHeight();
 
-			summary.blockCount = endHeight - startHeight;
+			summary.setBlockCount(endHeight - startHeight);
 
-			summary.transactionCountByType = repository.getTransactionRepository().getTransactionSummary(startHeight + 1, endHeight);
+			summary.setTransactionCountByType(repository.getTransactionRepository().getTransactionSummary(startHeight + 1, endHeight));
 
-			for (Integer count : summary.transactionCountByType.values())
-				summary.transactionCount += count;
+			summary.setAssetsIssued(repository.getAssetRepository().getRecentAssetIds(start).size());
 
-			summary.assetsIssued = repository.getAssetRepository().getRecentAssetIds(start).size();
-
-			summary.namesRegistered = repository.getNameRepository().getRecentNames(start).size();
+			summary.setNamesRegistered (repository.getNameRepository().getRecentNames(start).size());
 
 			return summary;
 		} catch (DataException e) {
@@ -189,6 +213,30 @@ public class AdminResource {
 		}
 	}
 
+	@GET
+	@Path("/enginestats")
+	@Operation(
+		summary = "Fetch statistics snapshot for core engine",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					mediaType = MediaType.APPLICATION_JSON,
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = Controller.StatsSnapshot.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public Controller.StatsSnapshot getEngineStats() {
+		Security.checkApiCallAllowed(request);
+
+		return Controller.getInstance().getStatsSnapshot();
+	}
+
 	@GET
 	@Path("/mintingaccounts")
 	@Operation(
@@ -201,6 +249,7 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
 	public List<MintingAccountData> getMintingAccounts() {
 		Security.checkApiCallAllowed(request);
 
@@ -218,7 +267,7 @@ public class AdminResource {
 					// ignore
 				}
 
-				return new MintingAccountData(mintingAccountData.getPrivateKey(), rewardShareData);
+				return new MintingAccountData(mintingAccountData, rewardShareData);
 			}).collect(Collectors.toList());
 
 			return mintingAccounts;
@@ -247,6 +296,7 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE, ApiError.CANNOT_MINT})
+	@SecurityRequirement(name = "apiKey")
 	public String addMintingAccount(String seed58) {
 		Security.checkApiCallAllowed(request);
 
@@ -262,11 +312,11 @@ public class AdminResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
 
 			// Qortal: check reward-share's minting account is still allowed to mint
-			PublicKeyAccount rewardShareMintingAccount = new PublicKeyAccount(repository, rewardShareData.getMinterPublicKey());
+			Account rewardShareMintingAccount = new Account(repository, rewardShareData.getMinter());
 			if (!rewardShareMintingAccount.canMint())
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.CANNOT_MINT);
 
-			MintingAccountData mintingAccountData = new MintingAccountData(seed);
+			MintingAccountData mintingAccountData = new MintingAccountData(mintingAccount.getPrivateKey(), mintingAccount.getPublicKey());
 
 			repository.getAccountRepository().save(mintingAccountData);
 			repository.saveChanges();
@@ -282,13 +332,13 @@ public class AdminResource {
 	@DELETE
 	@Path("/mintingaccounts")
 	@Operation(
-		summary = "Remove account/reward-share from use by BlockMinter, using private key",
+		summary = "Remove account/reward-share from use by BlockMinter, using public or private key",
 		requestBody = @RequestBody(
 			required = true,
 			content = @Content(
 				mediaType = MediaType.TEXT_PLAIN,
 				schema = @Schema(
-					type = "string", example = "private key"
+					type = "string", example = "public or private key"
 				)
 			)
 		),
@@ -299,13 +349,14 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE})
-	public String deleteMintingAccount(String seed58) {
+	@SecurityRequirement(name = "apiKey")
+	public String deleteMintingAccount(String key58) {
 		Security.checkApiCallAllowed(request);
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			byte[] seed = Base58.decode(seed58.trim());
+			byte[] key = Base58.decode(key58.trim());
 
-			if (repository.getAccountRepository().delete(seed) == 0)
+			if (repository.getAccountRepository().delete(key) == 0)
 				return "false";
 
 			repository.saveChanges();
@@ -398,6 +449,7 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_HEIGHT, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
 	public String orphan(String targetHeightString) {
 		Security.checkApiCallAllowed(request);
 
@@ -415,8 +467,6 @@ public class AdminResource {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		} catch (NumberFormatException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_HEIGHT);
-		} catch (ApiException e) {
-			throw e;
 		}
 	}
 
@@ -441,6 +491,7 @@ public class AdminResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
 	public String forceSync(String targetPeerAddress) {
 		Security.checkApiCallAllowed(request);
 
@@ -472,8 +523,6 @@ public class AdminResource {
 			return syncResult.name();
 		} catch (IllegalArgumentException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-		} catch (ApiException e) {
-			throw e;
 		} catch (UnknownHostException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
 		} catch (InterruptedException e) {
@@ -481,4 +530,161 @@ public class AdminResource {
 		}
 	}
 
+	@GET
+	@Path("/repository/data")
+	@Operation(
+		summary = "Export sensitive/node-local data from repository.",
+		description = "Exports data to .script files on local machine"
+	)
+	@ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String exportRepository() {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			repository.exportNodeLocalData();
+			return "true";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/repository/data")
+	@Operation(
+		summary = "Import data into repository.",
+		description = "Imports data from file on local machine. Filename is forced to 'qortal-backup/TradeBotStates.json' if apiKey is not set.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string", example = "qortal-backup/TradeBotStates.json"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "\"true\"",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String importRepository(String filename) {
+		Security.checkApiCallAllowed(request);
+
+		// Hard-coded because it's too dangerous to allow user-supplied filenames in weaker security contexts
+		if (Settings.getInstance().getApiKey() == null)
+			filename = "qortal-backup/TradeBotStates.json";
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ReentrantLock blockchainLock = Controller.getInstance().getBlockchainLock();
+
+			blockchainLock.lockInterruptibly();
+
+			try {
+				repository.importDataFromFile(filename);
+				repository.saveChanges();
+
+				return "true";
+			} finally {
+				blockchainLock.unlock();
+			}
+		} catch (InterruptedException e) {
+			// We couldn't lock blockchain to perform import
+			return "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/repository/checkpoint")
+	@Operation(
+		summary = "Checkpoint data in repository.",
+		description = "Forces repository to checkpoint uncommitted writes.",
+		responses = {
+			@ApiResponse(
+				description = "\"true\"",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String checkpointRepository() {
+		Security.checkApiCallAllowed(request);
+
+		RepositoryManager.setRequestedCheckpoint(Boolean.TRUE);
+
+		return "true";
+	}
+
+	@POST
+	@Path("/repository/backup")
+	@Operation(
+		summary = "Perform online backup of repository.",
+		responses = {
+			@ApiResponse(
+				description = "\"true\"",
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String backupRepository() {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ReentrantLock blockchainLock = Controller.getInstance().getBlockchainLock();
+
+			blockchainLock.lockInterruptibly();
+
+			try {
+				repository.backup(true);
+				repository.saveChanges();
+
+				return "true";
+			} finally {
+				blockchainLock.unlock();
+			}
+		} catch (InterruptedException e) {
+			// We couldn't lock blockchain to perform backup
+			return "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@DELETE
+	@Path("/repository")
+	@Operation(
+		summary = "Perform maintenance on repository.",
+		description = "Requires enough free space to rebuild repository. This will pause your node for a while."
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public void performRepositoryMaintenance() {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ReentrantLock blockchainLock = Controller.getInstance().getBlockchainLock();
+
+			blockchainLock.lockInterruptibly();
+
+			try {
+				repository.performPeriodicMaintenance();
+			} finally {
+				blockchainLock.unlock();
+			}
+		} catch (InterruptedException e) {
+			// No big deal
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
 }

src/main/java/org/qortal/api/resource/ApiDefinition.java

@@ -1,11 +1,17 @@
 package org.qortal.api.resource;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.extensions.Extension;
 import io.swagger.v3.oas.annotations.extensions.ExtensionProperty;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import io.swagger.v3.oas.annotations.security.SecuritySchemes;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import org.qortal.api.Security;
+
 @OpenAPIDefinition(
 		info = @Info( title = "Qortal API", description = "NOTE: byte-arrays are encoded in Base58" ),
 		tags = {
@@ -13,7 +19,10 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 			@Tag(name = "Admin"),
 			@Tag(name = "Arbitrary"),
 			@Tag(name = "Assets"),
+			@Tag(name = "Automated Transactions"),
 			@Tag(name = "Blocks"),
+			@Tag(name = "Chat"),
+			@Tag(name = "Cross-Chain"),
 			@Tag(name = "Groups"),
 			@Tag(name = "Names"),
 			@Tag(name = "Payments"),
@@ -27,5 +36,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 			})
 		}
 )
+@SecuritySchemes({
+	@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic"),
+	@SecurityScheme(name = "apiKey", type = SecuritySchemeType.APIKEY, in = SecuritySchemeIn.HEADER, paramName = Security.API_KEY_HEADER)
+})
 public class ApiDefinition {
 }

src/main/java/org/qortal/api/resource/AtResource.java

@@ -0,0 +1,204 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.ciyam.at.MachineState;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiException;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.data.at.ATData;
+import org.qortal.data.at.ATStateData;
+import org.qortal.data.transaction.DeployAtTransactionData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.settings.Settings;
+import org.qortal.transaction.Transaction;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.transaction.DeployAtTransactionTransformer;
+import org.qortal.utils.Base58;
+
+@Path("/at")
+@Tag(name = "Automated Transactions")
+public class AtResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Path("/byfunction/{codehash}")
+	@Operation(
+		summary = "Find automated transactions with matching functionality (code hash)",
+		responses = {
+			@ApiResponse(
+				description = "automated transactions",
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = ATData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({
+		ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE
+	})
+	public List<ATData> getByFunctionality(
+			@PathParam("codehash")
+			String codeHash58,
+			@Parameter(description = "whether to include ATs that can run, or not, or both (if omitted)")
+			@QueryParam("isExecutable")
+			Boolean isExecutable,
+			@Parameter( ref = "limit") @QueryParam("limit") Integer limit,
+			@Parameter( ref = "offset" ) @QueryParam("offset") Integer offset,
+			@Parameter( ref = "reverse" ) @QueryParam("reverse") Boolean reverse) {
+		// Decode codeHash
+		byte[] codeHash;
+		try {
+			codeHash = Base58.decode(codeHash58);
+		} catch (NumberFormatException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA, e);
+		}
+
+		// codeHash must be present and have correct length
+		if (codeHash == null || codeHash.length != 32)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// Impose a limit on 'limit'
+		if (limit != null && limit > 100)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			return repository.getATRepository().getATsByFunctionality(codeHash, isExecutable, limit, offset, reverse);
+		} catch (ApiException e) {
+			throw e;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/{ataddress}")
+	@Operation(
+		summary = "Fetch info associated with AT address",
+		responses = {
+			@ApiResponse(
+				description = "automated transaction",
+				content = @Content(
+					schema = @Schema(implementation = ATData.class)
+				)
+			)
+		}
+	)
+	@ApiErrors({
+		ApiError.REPOSITORY_ISSUE
+	})
+	public ATData getByAddress(@PathParam("ataddress") String atAddress) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			return repository.getATRepository().fromATAddress(atAddress);
+		} catch (ApiException e) {
+			throw e;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/{ataddress}/data")
+	@Operation(
+		summary = "Fetch data segment associated with AT address",
+		responses = {
+			@ApiResponse(
+				description = "automated transaction",
+				content = @Content(
+					schema = @Schema(implementation = byte[].class)
+				)
+			)
+		}
+	)
+	@ApiErrors({
+		ApiError.REPOSITORY_ISSUE
+	})
+	public byte[] getDataByAddress(@PathParam("ataddress") String atAddress) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATStateData atStateData = repository.getATRepository().getLatestATState(atAddress);
+			byte[] stateData = atStateData.getStateData();
+
+			byte[] dataBytes = MachineState.extractDataBytes(stateData);
+
+			return dataBytes;
+		} catch (ApiException e) {
+			throw e;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Operation(
+		summary = "Build raw, unsigned, DEPLOY_AT transaction",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = DeployAtTransactionData.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "raw, unsigned, DEPLOY_AT transaction encoded in Base58",
+				content = @Content(
+					mediaType = MediaType.TEXT_PLAIN,
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.NON_PRODUCTION, ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	public String createDeployAt(DeployAtTransactionData transactionData) {
+		if (Settings.getInstance().isApiRestricted())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			Transaction transaction = Transaction.fromData(repository, transactionData);
+
+			ValidationResult result = transaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			byte[] bytes = DeployAtTransactionTransformer.toBytes(transactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+}

src/main/java/org/qortal/api/resource/BlocksResource.java

@@ -1,5 +1,6 @@
 package org.qortal.api.resource;
 
+import com.google.common.primitives.Ints;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.ArraySchema;
@@ -8,6 +9,11 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.math.RoundingMode;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -20,11 +26,13 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
+import org.qortal.account.Account;
 import org.qortal.api.ApiError;
 import org.qortal.api.ApiErrors;
-import org.qortal.api.ApiException;
 import org.qortal.api.ApiExceptionFactory;
-import org.qortal.api.model.BlockMinterSummary;
+import org.qortal.api.model.BlockMintingInfo;
+import org.qortal.api.model.BlockSignerSummary;
+import org.qortal.block.Block;
 import org.qortal.crypto.Crypto;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.block.BlockData;
@@ -33,6 +41,8 @@ import org.qortal.data.transaction.TransactionData;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryManager;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.block.BlockTransformer;
 import org.qortal.utils.Base58;
 
 @Path("/blocks")
@@ -71,14 +81,58 @@ public class BlocksResource {
 		}
 
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			return repository.getBlockRepository().fromSignature(signature);
-		} catch (ApiException e) {
-			throw e;
+			BlockData blockData = repository.getBlockRepository().fromSignature(signature);
+			if (blockData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+
+			return blockData;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
 	}
 
+	@GET
+	@Path("/signature/{signature}/data")
+	@Operation(
+			summary = "Fetch serialized, base58 encoded block data using base58 signature",
+			description = "Returns serialized data for the block that matches the given signature",
+			responses = {
+					@ApiResponse(
+							description = "the block data",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+					)
+			}
+	)
+	@ApiErrors({
+			ApiError.INVALID_SIGNATURE, ApiError.BLOCK_UNKNOWN, ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE
+	})
+	public String getSerializedBlockData(@PathParam("signature") String signature58) {
+		// Decode signature
+		byte[] signature;
+		try {
+			signature = Base58.decode(signature58);
+		} catch (NumberFormatException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_SIGNATURE, e);
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			BlockData blockData = repository.getBlockRepository().fromSignature(signature);
+			if (blockData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+
+			Block block = new Block(repository, blockData);
+			ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+			bytes.write(Ints.toByteArray(block.getBlockData().getHeight()));
+			bytes.write(BlockTransformer.toBytes(block));
+			return Base58.encode(bytes.toByteArray());
+
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA, e);
+		} catch (DataException | IOException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
 	@GET
 	@Path("/signature/{signature}/transactions")
 	@Operation(
@@ -120,8 +174,6 @@ public class BlocksResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 
 			return repository.getBlockRepository().getTransactionsFromSignature(signature, limit, offset, reverse);
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -223,8 +275,6 @@ public class BlocksResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 
 			return childBlockData;
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -253,8 +303,6 @@ public class BlocksResource {
 	public int getHeight() {
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			return repository.getBlockRepository().getBlockchainHeight();
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -297,8 +345,6 @@ public class BlocksResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 
 			return blockData.getHeight();
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -330,8 +376,59 @@ public class BlocksResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 
 			return blockData;
-		} catch (ApiException e) {
-			throw e;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/byheight/{height}/mintinginfo")
+	@Operation(
+			summary = "Fetch block minter info using block height",
+			description = "Returns the minter info for the block with given height",
+			responses = {
+					@ApiResponse(
+							description = "the block",
+							content = @Content(
+									schema = @Schema(
+											implementation = BlockData.class
+									)
+							)
+					)
+			}
+	)
+	@ApiErrors({
+			ApiError.BLOCK_UNKNOWN, ApiError.REPOSITORY_ISSUE
+	})
+	public BlockMintingInfo getBlockMintingInfoByHeight(@PathParam("height") int height) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			BlockData blockData = repository.getBlockRepository().fromHeight(height);
+			if (blockData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
+
+			Block block = new Block(repository, blockData);
+			BlockData parentBlockData = repository.getBlockRepository().fromSignature(blockData.getReference());
+			int minterLevel = Account.getRewardShareEffectiveMintingLevel(repository, blockData.getMinterPublicKey());
+			if (minterLevel == 0)
+				// This may be unavailable when requesting a trimmed block
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			BigInteger distance = block.calcKeyDistance(parentBlockData.getHeight(), parentBlockData.getSignature(), blockData.getMinterPublicKey(), minterLevel);
+			double ratio = new BigDecimal(distance).divide(new BigDecimal(block.MAX_DISTANCE), 40, RoundingMode.DOWN).doubleValue();
+			long timestamp = block.calcTimestamp(parentBlockData, blockData.getMinterPublicKey(), minterLevel);
+			long timeDelta = timestamp - parentBlockData.getTimestamp();
+
+			BlockMintingInfo blockMintingInfo = new BlockMintingInfo();
+			blockMintingInfo.minterPublicKey = blockData.getMinterPublicKey();
+			blockMintingInfo.minterLevel = minterLevel;
+			blockMintingInfo.onlineAccountsCount = blockData.getOnlineAccountsCount();
+			blockMintingInfo.maxDistance = new BigDecimal(block.MAX_DISTANCE);
+			blockMintingInfo.keyDistance = distance;
+			blockMintingInfo.keyDistanceRatio = ratio;
+			blockMintingInfo.timestamp = timestamp;
+			blockMintingInfo.timeDelta = timeDelta;
+
+			return blockMintingInfo;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -366,8 +463,6 @@ public class BlocksResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCK_UNKNOWN);
 
 			return blockData;
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -416,9 +511,9 @@ public class BlocksResource {
 	}
 
 	@GET
-	@Path("/minter/{address}")
+	@Path("/signer/{address}")
 	@Operation(
-		summary = "Fetch block summaries for blocks minted by address",
+		summary = "Fetch block summaries for blocks signed by address",
 		responses = {
 			@ApiResponse(
 				description = "block summaries",
@@ -433,7 +528,7 @@ public class BlocksResource {
 		}
 	)
 	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.PUBLIC_KEY_NOT_FOUND, ApiError.REPOSITORY_ISSUE})
-	public List<BlockSummaryData> getBlockSummariesByMinter(@PathParam("address") String address, @Parameter(
+	public List<BlockSummaryData> getBlockSummariesBySigner(@PathParam("address") String address, @Parameter(
 			ref = "limit"
 			) @QueryParam("limit") Integer limit, @Parameter(
 				ref = "offset"
@@ -449,32 +544,30 @@ public class BlocksResource {
 			if (accountData == null || accountData.getPublicKey() == null)
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.PUBLIC_KEY_NOT_FOUND);
 
-			return repository.getBlockRepository().getBlockSummariesByMinter(accountData.getPublicKey(), limit, offset, reverse);
-		} catch (ApiException e) {
-			throw e;
+			return repository.getBlockRepository().getBlockSummariesBySigner(accountData.getPublicKey(), limit, offset, reverse);
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
 	}
 
 	@GET
-	@Path("/minters")
+	@Path("/signers")
 	@Operation(
-		summary = "Show summary of block minters",
-		description = "Returns count of blocks minted, optionally limited to minters/recipients in passed address(es).",
+		summary = "Show summary of block signers",
+		description = "Returns count of blocks signed, optionally limited to minters/recipients in passed address(es).",
 		responses = {
 			@ApiResponse(
 				content = @Content(
 					array = @ArraySchema(
 						schema = @Schema(
-							implementation = BlockMinterSummary.class
+							implementation = BlockSignerSummary.class
 						)
 					)
 				)
 			)
 		}
 	)
-	public List<BlockMinterSummary> getBlockMinters(@QueryParam("address") List<String> addresses,
+	public List<BlockSignerSummary> getBlockSigners(@QueryParam("address") List<String> addresses,
 			@Parameter(
 				ref = "limit"
 			) @QueryParam("limit") Integer limit, @Parameter(
@@ -487,7 +580,47 @@ public class BlocksResource {
 				if (!Crypto.isValidAddress(address))
 					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
 
-			return repository.getBlockRepository().getBlockMinters(addresses, limit, offset, reverse);
+			return repository.getBlockRepository().getBlockSigners(addresses, limit, offset, reverse);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/summaries")
+	@Operation(
+		summary = "Fetch only summary info about a range of blocks",
+		description = "Specify up to 2 out 3 of: start, end and count. If neither start nor end are specified, then end is assumed to be latest block. Where necessary, count is assumed to be 50.",
+		responses = {
+			@ApiResponse(
+				description = "blocks",
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = BlockSummaryData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({
+		ApiError.REPOSITORY_ISSUE
+	})
+	public List<BlockSummaryData> getBlockSummaries(
+			@QueryParam("start") Integer startHeight,
+			@QueryParam("end") Integer endHeight,
+			@Parameter(ref = "count") @QueryParam("count") Integer count) {
+		// Check up to 2 out of 3 params
+		if (startHeight != null && endHeight != null && count != null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// Check values
+		if ((startHeight != null && startHeight < 1) || (endHeight != null && endHeight < 1) || (count != null && count < 1))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			return repository.getBlockRepository().getBlockSummaries(startHeight, endHeight, count);
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}

src/main/java/org/qortal/api/resource/ChatResource.java

@@ -0,0 +1,250 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.chat.ActiveChats;
+import org.qortal.data.chat.ChatMessage;
+import org.qortal.data.transaction.ChatTransactionData;
+import org.qortal.data.transaction.TransactionData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.ChatTransaction;
+import org.qortal.transaction.Transaction;
+import org.qortal.transaction.Transaction.TransactionType;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.transaction.ChatTransactionTransformer;
+import org.qortal.transform.transaction.TransactionTransformer;
+import org.qortal.utils.Base58;
+
+import com.google.common.primitives.Bytes;
+
+@Path("/chat")
+@Tag(name = "Chat")
+public class ChatResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Path("/messages")
+	@Operation(
+		summary = "Find chat messages",
+		description = "Returns CHAT messages that match criteria. Must provide EITHER 'txGroupId' OR two 'involving' addresses.",
+		responses = {
+			@ApiResponse(
+				description = "CHAT messages",
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = ChatMessage.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE})
+	public List<ChatMessage> searchChat(@QueryParam("before") Long before, @QueryParam("after") Long after,
+			@QueryParam("txGroupId") Integer txGroupId,
+			@QueryParam("involving") List<String> involvingAddresses,
+			@Parameter(ref = "limit") @QueryParam("limit") Integer limit,
+			@Parameter(ref = "offset") @QueryParam("offset") Integer offset,
+			@Parameter(ref = "reverse") @QueryParam("reverse") Boolean reverse) {
+		// Check args meet expectations
+		if ((txGroupId == null && involvingAddresses.size() != 2)
+				|| (txGroupId != null && !involvingAddresses.isEmpty()))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// Check any provided addresses are valid
+		if (involvingAddresses.stream().anyMatch(address -> !Crypto.isValidAddress(address)))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (before != null && before < 1500000000000L)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (after != null && after < 1500000000000L)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			return repository.getChatRepository().getMessagesMatchingCriteria(
+					before,
+					after,
+					txGroupId,
+					involvingAddresses,
+					limit, offset, reverse);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/active/{address}")
+	@Operation(
+		summary = "Find active chats (group/direct) involving address",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = ActiveChats.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE})
+	public ActiveChats getActiveChats(@PathParam("address") String address) {
+		if (address == null || !Crypto.isValidAddress(address))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			return repository.getChatRepository().getActiveChats(address);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Operation(
+		summary = "Build raw, unsigned, CHAT transaction",
+		description = "Builds a raw, unsigned CHAT transaction but does NOT compute proof-of-work nonce. See POST /chat/compute.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = ChatTransactionData.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "raw, unsigned, CHAT transaction encoded in Base58",
+				content = @Content(
+					mediaType = MediaType.TEXT_PLAIN,
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String buildChat(ChatTransactionData transactionData) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ChatTransaction chatTransaction = (ChatTransaction) Transaction.fromData(repository, transactionData);
+
+			ValidationResult result = chatTransaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			byte[] bytes = ChatTransactionTransformer.toBytes(transactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/compute")
+	@Operation(
+		summary = "Compute nonce for raw, unsigned CHAT transaction",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "raw, unsigned CHAT transaction in base58 encoding",
+					example = "raw transaction base58"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "raw, unsigned, CHAT transaction encoded in Base58",
+				content = @Content(
+					mediaType = MediaType.TEXT_PLAIN,
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String buildChat(String rawBytes58) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			byte[] rawBytes = Base58.decode(rawBytes58);
+			// We're expecting unsigned transaction, so append empty signature prior to decoding
+			rawBytes = Bytes.concat(rawBytes, new byte[TransactionTransformer.SIGNATURE_LENGTH]);
+
+			TransactionData transactionData = TransactionTransformer.fromBytes(rawBytes);
+			if (transactionData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			if (transactionData.getType() != TransactionType.CHAT)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			ChatTransaction chatTransaction = (ChatTransaction) Transaction.fromData(repository, transactionData);
+
+			// Quicker validity check first before we compute nonce
+			ValidationResult result = chatTransaction.isValid();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			chatTransaction.computeNonce();
+
+			// Re-check, but ignores signature
+			result = chatTransaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			// Strip zeroed signature
+			transactionData.setSignature(null);
+
+			byte[] bytes = ChatTransactionTransformer.toBytes(transactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainBitcoinACCTv1Resource.java

@@ -0,0 +1,363 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.Arrays;
+import java.util.Random;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.qortal.account.PublicKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainBuildRequest;
+import org.qortal.api.model.CrossChainDualSecretRequest;
+import org.qortal.api.model.CrossChainTradeRequest;
+import org.qortal.asset.Asset;
+import org.qortal.crosschain.BitcoinACCTv1;
+import org.qortal.crosschain.Bitcoiny;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.transaction.BaseTransactionData;
+import org.qortal.data.transaction.DeployAtTransactionData;
+import org.qortal.data.transaction.MessageTransactionData;
+import org.qortal.data.transaction.TransactionData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.DeployAtTransaction;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction;
+import org.qortal.transaction.Transaction.TransactionType;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.Transformer;
+import org.qortal.transform.transaction.DeployAtTransactionTransformer;
+import org.qortal.transform.transaction.MessageTransactionTransformer;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+@Path("/crosschain/BitcoinACCTv1")
+@Tag(name = "Cross-Chain (BitcoinACCTv1)")
+public class CrossChainBitcoinACCTv1Resource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/build")
+	@Operation(
+		summary = "Build Bitcoin cross-chain trading AT",
+		description = "Returns raw, unsigned DEPLOY_AT transaction",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainBuildRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_DATA, ApiError.INVALID_REFERENCE, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
+	public String buildTrade(CrossChainBuildRequest tradeRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] creatorPublicKey = tradeRequest.creatorPublicKey;
+
+		if (creatorPublicKey == null || creatorPublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (tradeRequest.hashOfSecretB == null || tradeRequest.hashOfSecretB.length != Bitcoiny.HASH160_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.tradeTimeout == null)
+			tradeRequest.tradeTimeout = 7 * 24 * 60; // 7 days
+		else
+			if (tradeRequest.tradeTimeout < 10 || tradeRequest.tradeTimeout > 50000)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.qortAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.fundingQortAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		// funding amount must exceed initial + final
+		if (tradeRequest.fundingQortAmount <= tradeRequest.qortAmount)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (tradeRequest.bitcoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			PublicKeyAccount creatorAccount = new PublicKeyAccount(repository, creatorPublicKey);
+
+			byte[] creationBytes = BitcoinACCTv1.buildQortalAT(creatorAccount.getAddress(), tradeRequest.bitcoinPublicKeyHash, tradeRequest.hashOfSecretB,
+					tradeRequest.qortAmount, tradeRequest.bitcoinAmount, tradeRequest.tradeTimeout);
+
+			long txTimestamp = NTP.getTime();
+			byte[] lastReference = creatorAccount.getLastReference();
+			if (lastReference == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_REFERENCE);
+
+			long fee = 0;
+			String name = "QORT-BTC cross-chain trade";
+			String description = "Qortal-Bitcoin cross-chain trade";
+			String atType = "ACCT";
+			String tags = "QORT-BTC ACCT";
+
+			BaseTransactionData baseTransactionData = new BaseTransactionData(txTimestamp, Group.NO_GROUP, lastReference, creatorAccount.getPublicKey(), fee, null);
+			TransactionData deployAtTransactionData = new DeployAtTransactionData(baseTransactionData, name, description, atType, tags, creationBytes, tradeRequest.fundingQortAmount, Asset.QORT);
+
+			Transaction deployAtTransaction = new DeployAtTransaction(repository, deployAtTransactionData);
+
+			fee = deployAtTransaction.calcRecommendedFee();
+			deployAtTransactionData.setFee(fee);
+
+			ValidationResult result = deployAtTransaction.isValidUnconfirmed();
+			if (result != ValidationResult.OK)
+				throw TransactionsResource.createTransactionInvalidException(request, result);
+
+			byte[] bytes = DeployAtTransactionTransformer.toBytes(deployAtTransactionData);
+			return Base58.encode(bytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/trademessage")
+	@Operation(
+		summary = "Builds raw, unsigned 'trade' MESSAGE transaction that sends cross-chain trade recipient address, triggering 'trade' mode",
+		description = "Specify address of cross-chain AT that needs to be messaged, and signature of 'offer' MESSAGE from trade partner.<br>"
+			+ "AT needs to be in 'offer' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to sign output with trade private key otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainTradeRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public String buildTradeMessage(CrossChainTradeRequest tradeRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] tradePublicKey = tradeRequest.tradePublicKey;
+
+		if (tradePublicKey == null || tradePublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (tradeRequest.atAddress == null || !Crypto.isValidAtAddress(tradeRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (tradeRequest.messageTransactionSignature == null || !Crypto.isValidAddress(tradeRequest.messageTransactionSignature))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, tradeRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = BitcoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.OFFERING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Does supplied public key match trade public key?
+			if (!Crypto.toAddress(tradePublicKey).equals(crossChainTradeData.qortalCreatorTradeAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+			TransactionData transactionData = repository.getTransactionRepository().fromSignature(tradeRequest.messageTransactionSignature);
+			if (transactionData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_UNKNOWN);
+
+			if (transactionData.getType() != TransactionType.MESSAGE)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			MessageTransactionData messageTransactionData = (MessageTransactionData) transactionData;
+			byte[] messageData = messageTransactionData.getData();
+			BitcoinACCTv1.OfferMessageData offerMessageData = BitcoinACCTv1.extractOfferMessageData(messageData);
+			if (offerMessageData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			// Good to make MESSAGE
+
+			byte[] aliceForeignPublicKeyHash = offerMessageData.partnerBitcoinPKH;
+			byte[] hashOfSecretA = offerMessageData.hashOfSecretA;
+			int lockTimeA = (int) offerMessageData.lockTimeA;
+
+			String aliceNativeAddress = Crypto.toAddress(messageTransactionData.getCreatorPublicKey());
+			int lockTimeB = BitcoinACCTv1.calcLockTimeB(messageTransactionData.getTimestamp(), lockTimeA);
+
+			byte[] outgoingMessageData = BitcoinACCTv1.buildTradeMessage(aliceNativeAddress, aliceForeignPublicKeyHash, hashOfSecretA, lockTimeA, lockTimeB);
+			byte[] messageTransactionBytes = buildAtMessage(repository, tradePublicKey, tradeRequest.atAddress, outgoingMessageData);
+
+			return Base58.encode(messageTransactionBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/redeemmessage")
+	@Operation(
+		summary = "Builds raw, unsigned 'redeem' MESSAGE transaction that sends secrets to AT, releasing funds to partner",
+		description = "Specify address of cross-chain AT that needs to be messaged, both 32-byte secrets and an address for receiving QORT from AT.<br>"
+			+ "AT needs to be in 'trade' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to sign output with account the AT considers the trade 'partner' otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainDualSecretRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public String buildRedeemMessage(CrossChainDualSecretRequest secretRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] partnerPublicKey = secretRequest.partnerPublicKey;
+
+		if (partnerPublicKey == null || partnerPublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (secretRequest.atAddress == null || !Crypto.isValidAtAddress(secretRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (secretRequest.secretA == null || secretRequest.secretA.length != BitcoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.secretB == null || secretRequest.secretB.length != BitcoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.receivingAddress == null || !Crypto.isValidAddress(secretRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, secretRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = BitcoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.TRADING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			String partnerAddress = Crypto.toAddress(partnerPublicKey);
+
+			// MESSAGE must come from address that AT considers trade partner
+			if (!crossChainTradeData.qortalPartnerAddress.equals(partnerAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			// Good to make MESSAGE
+
+			byte[] messageData = BitcoinACCTv1.buildRedeemMessage(secretRequest.secretA, secretRequest.secretB, secretRequest.receivingAddress);
+			byte[] messageTransactionBytes = buildAtMessage(repository, partnerPublicKey, secretRequest.atAddress, messageData);
+
+			return Base58.encode(messageTransactionBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// Must be correct AT - check functionality using code hash
+		if (!Arrays.equals(atData.getCodeHash(), BitcoinACCTv1.CODE_BYTES_HASH))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+	private byte[] buildAtMessage(Repository repository, byte[] senderPublicKey, String atAddress, byte[] messageData) throws DataException {
+		long txTimestamp = NTP.getTime();
+
+		// senderPublicKey could be ephemeral trade public key where there is no corresponding account and hence no reference
+		String senderAddress = Crypto.toAddress(senderPublicKey);
+		byte[] lastReference = repository.getAccountRepository().getLastReference(senderAddress);
+		final boolean requiresPoW = lastReference == null;
+
+		if (requiresPoW) {
+			Random random = new Random();
+			lastReference = new byte[Transformer.SIGNATURE_LENGTH];
+			random.nextBytes(lastReference);
+		}
+
+		int version = 4;
+		int nonce = 0;
+		long amount = 0L;
+		Long assetId = null; // no assetId as amount is zero
+		Long fee = 0L;
+
+		BaseTransactionData baseTransactionData = new BaseTransactionData(txTimestamp, Group.NO_GROUP, lastReference, senderPublicKey, fee, null);
+		TransactionData messageTransactionData = new MessageTransactionData(baseTransactionData, version, nonce, atAddress, amount, assetId, messageData, false, false);
+
+		MessageTransaction messageTransaction = new MessageTransaction(repository, messageTransactionData);
+
+		if (requiresPoW) {
+			messageTransaction.computeNonce();
+		} else {
+			fee = messageTransaction.calcRecommendedFee();
+			messageTransactionData.setFee(fee);
+		}
+
+		ValidationResult result = messageTransaction.isValidUnconfirmed();
+		if (result != ValidationResult.OK)
+			throw TransactionsResource.createTransactionInvalidException(request, result);
+
+		try {
+			return MessageTransactionTransformer.toBytes(messageTransactionData);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainBitcoinResource.java

@@ -0,0 +1,167 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.bitcoinj.core.Transaction;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.BitcoinSendRequest;
+import org.qortal.crosschain.Bitcoin;
+import org.qortal.crosschain.ForeignBlockchainException;
+import org.qortal.crosschain.SimpleTransaction;
+
+@Path("/crosschain/btc")
+@Tag(name = "Cross-Chain (Bitcoin)")
+public class CrossChainBitcoinResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/walletbalance")
+	@Operation(
+		summary = "Returns BTC balance for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "balance (satoshis)"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public String getBitcoinWalletBalance(String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Bitcoin bitcoin = Bitcoin.getInstance();
+
+		if (!bitcoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Long balance = bitcoin.getWalletBalance(key58);
+		if (balance == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+		return balance.toString();
+	}
+
+	@POST
+	@Path("/wallettransactions")
+	@Operation(
+		summary = "Returns transactions for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(array = @ArraySchema( schema = @Schema( implementation = SimpleTransaction.class ) ) )
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public List<SimpleTransaction> getBitcoinWalletTransactions(String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Bitcoin bitcoin = Bitcoin.getInstance();
+
+		if (!bitcoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			return bitcoin.getWalletTransactions(key58);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/send")
+	@Operation(
+		summary = "Sends BTC from hierarchical, deterministic BIP32 wallet to specific address",
+		description = "Currently only supports 'legacy' P2PKH Bitcoin addresses. Supply BIP32 'm' private key in base58, starting with 'xprv' for mainnet, 'tprv' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = BitcoinSendRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "transaction hash"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public String sendBitcoin(BitcoinSendRequest bitcoinSendRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (bitcoinSendRequest.bitcoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (bitcoinSendRequest.feePerByte != null && bitcoinSendRequest.feePerByte <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		Bitcoin bitcoin = Bitcoin.getInstance();
+
+		if (!bitcoin.isValidAddress(bitcoinSendRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!bitcoin.isValidDeterministicKey(bitcoinSendRequest.xprv58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Transaction spendTransaction = bitcoin.buildSpend(bitcoinSendRequest.xprv58,
+				bitcoinSendRequest.receivingAddress,
+				bitcoinSendRequest.bitcoinAmount,
+				bitcoinSendRequest.feePerByte);
+
+		if (spendTransaction == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+		try {
+			bitcoin.broadcastTransaction(spendTransaction);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+
+		return spendTransaction.getTxId().toString();
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainDogecoinACCTv1Resource.java

@@ -0,0 +1,140 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.qortal.account.PrivateKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainSecretRequest;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crosschain.DogecoinACCTv1;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.Transformer;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.util.Arrays;
+
+@Path("/crosschain/DogecoinACCTv1")
+@Tag(name = "Cross-Chain (DogecoinACCTv1)")
+public class CrossChainDogecoinACCTv1Resource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/redeemmessage")
+	@Operation(
+		summary = "Signs and broadcasts a 'redeem' MESSAGE transaction that sends secrets to AT, releasing funds to partner",
+		description = "Specify address of cross-chain AT that needs to be messaged, Alice's trade private key, the 32-byte secret,<br>"
+			+ "and an address for receiving QORT from AT. All of these can be found in Alice's trade bot data.<br>"
+			+ "AT needs to be in 'trade' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to use the private key that the AT considers the trade 'partner' otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainSecretRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public boolean buildRedeemMessage(CrossChainSecretRequest secretRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] partnerPrivateKey = secretRequest.partnerPrivateKey;
+
+		if (partnerPrivateKey == null || partnerPrivateKey.length != Transformer.PRIVATE_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		if (secretRequest.atAddress == null || !Crypto.isValidAtAddress(secretRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (secretRequest.secret == null || secretRequest.secret.length != DogecoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.receivingAddress == null || !Crypto.isValidAddress(secretRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, secretRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = DogecoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.TRADING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			byte[] partnerPublicKey = new PrivateKeyAccount(null, partnerPrivateKey).getPublicKey();
+			String partnerAddress = Crypto.toAddress(partnerPublicKey);
+
+			// MESSAGE must come from address that AT considers trade partner
+			if (!crossChainTradeData.qortalPartnerAddress.equals(partnerAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			// Good to make MESSAGE
+
+			byte[] messageData = DogecoinACCTv1.buildRedeemMessage(secretRequest.secret, secretRequest.receivingAddress);
+
+			PrivateKeyAccount sender = new PrivateKeyAccount(repository, partnerPrivateKey);
+			MessageTransaction messageTransaction = MessageTransaction.build(repository, sender, Group.NO_GROUP, secretRequest.atAddress, messageData, false, false);
+
+			messageTransaction.computeNonce();
+			messageTransaction.sign(sender);
+
+			// reset repository state to prevent deadlock
+			repository.discardChanges();
+			ValidationResult result = messageTransaction.importAsUnconfirmed();
+
+			if (result != ValidationResult.OK)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			return true;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// Must be correct AT - check functionality using code hash
+		if (!Arrays.equals(atData.getCodeHash(), DogecoinACCTv1.CODE_BYTES_HASH))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainDogecoinResource.java

@@ -0,0 +1,165 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.bitcoinj.core.Transaction;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.DogecoinSendRequest;
+import org.qortal.crosschain.ForeignBlockchainException;
+import org.qortal.crosschain.Dogecoin;
+import org.qortal.crosschain.SimpleTransaction;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.util.List;
+
+@Path("/crosschain/doge")
+@Tag(name = "Cross-Chain (Dogecoin)")
+public class CrossChainDogecoinResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/walletbalance")
+	@Operation(
+		summary = "Returns DOGE balance for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "balance (satoshis)"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public String getDogecoinWalletBalance(String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Dogecoin dogecoin = Dogecoin.getInstance();
+
+		if (!dogecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Long balance = dogecoin.getWalletBalance(key58);
+		if (balance == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+		return balance.toString();
+	}
+
+	@POST
+	@Path("/wallettransactions")
+	@Operation(
+		summary = "Returns transactions for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(array = @ArraySchema( schema = @Schema( implementation = SimpleTransaction.class ) ) )
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public List<SimpleTransaction> getDogecoinWalletTransactions(String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Dogecoin dogecoin = Dogecoin.getInstance();
+
+		if (!dogecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			return dogecoin.getWalletTransactions(key58);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/send")
+	@Operation(
+		summary = "Sends DOGE from hierarchical, deterministic BIP32 wallet to specific address",
+		description = "Currently only supports 'legacy' P2PKH Dogecoin addresses. Supply BIP32 'm' private key in base58, starting with 'xprv' for mainnet, 'tprv' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = DogecoinSendRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "transaction hash"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public String sendBitcoin(DogecoinSendRequest dogecoinSendRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (dogecoinSendRequest.dogecoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (dogecoinSendRequest.feePerByte != null && dogecoinSendRequest.feePerByte <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		Dogecoin dogecoin = Dogecoin.getInstance();
+
+		if (!dogecoin.isValidAddress(dogecoinSendRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!dogecoin.isValidDeterministicKey(dogecoinSendRequest.xprv58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Transaction spendTransaction = dogecoin.buildSpend(dogecoinSendRequest.xprv58,
+				dogecoinSendRequest.receivingAddress,
+				dogecoinSendRequest.dogecoinAmount,
+				dogecoinSendRequest.feePerByte);
+
+		if (spendTransaction == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+		try {
+			dogecoin.broadcastTransaction(spendTransaction);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+
+		return spendTransaction.getTxId().toString();
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainHtlcResource.java

@@ -0,0 +1,653 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.math.BigDecimal;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bitcoinj.core.*;
+import org.bitcoinj.script.Script;
+import org.qortal.api.*;
+import org.qortal.api.model.CrossChainBitcoinyHTLCStatus;
+import org.qortal.crosschain.*;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.crosschain.TradeBotData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+@Path("/crosschain/htlc")
+@Tag(name = "Cross-Chain (Hash time-locked contracts)")
+public class CrossChainHtlcResource {
+
+	private static final Logger LOGGER = LogManager.getLogger(CrossChainHtlcResource.class);
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Path("/address/{blockchain}/{refundPKH}/{locktime}/{redeemPKH}/{hashOfSecret}")
+	@Operation(
+		summary = "Returns HTLC address based on trade info",
+		description = "Public key hashes (PKH) and hash of secret should be 20 bytes (base58 encoded). Locktime is seconds since epoch.",
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_CRITERIA})
+	public String deriveHtlcAddress(@PathParam("blockchain") String blockchainName,
+			@PathParam("refundPKH") String refundPKH,
+			@PathParam("locktime") int lockTime,
+			@PathParam("redeemPKH") String redeemPKH,
+			@PathParam("hashOfSecret") String hashOfSecret) {
+		SupportedBlockchain blockchain = SupportedBlockchain.valueOf(blockchainName);
+		if (blockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		byte[] refunderPubKeyHash;
+		byte[] redeemerPubKeyHash;
+		byte[] decodedHashOfSecret;
+
+		try {
+			refunderPubKeyHash = Base58.decode(refundPKH);
+			redeemerPubKeyHash = Base58.decode(redeemPKH);
+
+			if (refunderPubKeyHash.length != 20 || redeemerPubKeyHash.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		}
+
+		try {
+			decodedHashOfSecret = Base58.decode(hashOfSecret);
+			if (decodedHashOfSecret.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		byte[] redeemScript = BitcoinyHTLC.buildScript(refunderPubKeyHash, lockTime, redeemerPubKeyHash, decodedHashOfSecret);
+
+		Bitcoiny bitcoiny = (Bitcoiny) blockchain.getInstance();
+
+		return bitcoiny.deriveP2shAddress(redeemScript);
+	}
+
+	@GET
+	@Path("/status/{blockchain}/{refundPKH}/{locktime}/{redeemPKH}/{hashOfSecret}")
+	@Operation(
+		summary = "Checks HTLC status",
+		description = "Public key hashes (PKH) and hash of secret should be 20 bytes (base58 encoded). Locktime is seconds since epoch.",
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CrossChainBitcoinyHTLCStatus.class))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	public CrossChainBitcoinyHTLCStatus checkHtlcStatus(@PathParam("blockchain") String blockchainName,
+			@PathParam("refundPKH") String refundPKH,
+			@PathParam("locktime") int lockTime,
+			@PathParam("redeemPKH") String redeemPKH,
+			@PathParam("hashOfSecret") String hashOfSecret) {
+		Security.checkApiCallAllowed(request);
+
+		SupportedBlockchain blockchain = SupportedBlockchain.valueOf(blockchainName);
+		if (blockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		byte[] refunderPubKeyHash;
+		byte[] redeemerPubKeyHash;
+		byte[] decodedHashOfSecret;
+
+		try {
+			refunderPubKeyHash = Base58.decode(refundPKH);
+			redeemerPubKeyHash = Base58.decode(redeemPKH);
+
+			if (refunderPubKeyHash.length != 20 || redeemerPubKeyHash.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+		}
+
+		try {
+			decodedHashOfSecret = Base58.decode(hashOfSecret);
+			if (decodedHashOfSecret.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		byte[] redeemScript = BitcoinyHTLC.buildScript(refunderPubKeyHash, lockTime, redeemerPubKeyHash, decodedHashOfSecret);
+
+		Bitcoiny bitcoiny = (Bitcoiny) blockchain.getInstance();
+
+		String p2shAddress = bitcoiny.deriveP2shAddress(redeemScript);
+
+		long now = NTP.getTime();
+
+		try {
+			int medianBlockTime = bitcoiny.getMedianBlockTime();
+
+			// Check P2SH is funded
+			long p2shBalance = bitcoiny.getConfirmedBalance(p2shAddress.toString());
+
+			CrossChainBitcoinyHTLCStatus htlcStatus = new CrossChainBitcoinyHTLCStatus();
+			htlcStatus.bitcoinP2shAddress = p2shAddress;
+			htlcStatus.bitcoinP2shBalance = BigDecimal.valueOf(p2shBalance, 8);
+
+			List<TransactionOutput> fundingOutputs = bitcoiny.getUnspentOutputs(p2shAddress.toString());
+
+			if (p2shBalance > 0L && !fundingOutputs.isEmpty()) {
+				htlcStatus.canRedeem = now >= medianBlockTime * 1000L;
+				htlcStatus.canRefund = now >= lockTime * 1000L;
+			}
+
+			if (now >= medianBlockTime * 1000L) {
+				// See if we can extract secret
+				htlcStatus.secret = BitcoinyHTLC.findHtlcSecret(bitcoiny, htlcStatus.bitcoinP2shAddress);
+			}
+
+			return htlcStatus;
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/redeem/{ataddress}")
+	@Operation(
+			summary = "Redeems HTLC associated with supplied AT",
+			description = "To be used by a QORT seller (Bob) who needs to redeem LTC/DOGE/etc proceeds that are stuck in a P2SH.<br>" +
+					"This requires Bob's trade bot data to be present in the database for this AT.<br>" +
+					"It will fail if the buyer has yet to redeem the QORT held in the AT.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	public boolean redeemHtlc(@PathParam("ataddress") String atAddress) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Attempt to find secret from the buyer's message to AT
+			byte[] decodedSecret = acct.findSecretA(repository, crossChainTradeData);
+			if (decodedSecret == null) {
+				LOGGER.info(() -> String.format("Unable to find secret-A from redeem message to AT %s", atAddress));
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+			TradeBotData tradeBotData = allTradeBotData.stream().filter(tradeBotDataItem -> tradeBotDataItem.getAtAddress().equals(atAddress)).findFirst().orElse(null);
+
+			// Search for the tradePrivateKey in the tradebot data
+			byte[] decodedPrivateKey = null;
+			if (tradeBotData != null)
+				decodedPrivateKey = tradeBotData.getTradePrivateKey();
+
+			// Search for the foreign blockchain receiving address in the tradebot data
+			byte[] foreignBlockchainReceivingAccountInfo = null;
+			if (tradeBotData != null)
+				// Use receiving address PKH from tradebot data
+				foreignBlockchainReceivingAccountInfo = tradeBotData.getReceivingAccountInfo();
+
+			return this.doRedeemHtlc(atAddress, decodedPrivateKey, decodedSecret, foreignBlockchainReceivingAccountInfo);
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/redeemAll")
+	@Operation(
+			summary = "Redeems HTLC for all applicable ATs in tradebot data",
+			description = "To be used by a QORT seller (Bob) who needs to redeem LTC/DOGE/etc proceeds that are stuck in P2SH transactions.<br>" +
+					"This requires Bob's trade bot data to be present in the database for any ATs that need redeeming.<br>" +
+					"Returns true if at least one trade is redeemed. More detail is available in the log.txt.* file.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	public boolean redeemAllHtlc() {
+		Security.checkApiCallAllowed(request);
+		boolean success = false;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+
+			for (TradeBotData tradeBotData : allTradeBotData) {
+				String atAddress = tradeBotData.getAtAddress();
+				if (atAddress == null) {
+					LOGGER.info("Missing AT address in tradebot data", atAddress);
+					continue;
+				}
+
+				String tradeState = tradeBotData.getState();
+				if (tradeState == null) {
+					LOGGER.info("Missing trade state for AT {}", atAddress);
+					continue;
+				}
+
+				if (tradeState.startsWith("ALICE")) {
+					LOGGER.info("AT {} isn't redeemable because it is a buy order", atAddress);
+					continue;
+				}
+
+				ATData atData = repository.getATRepository().fromATAddress(atAddress);
+				if (atData == null) {
+					LOGGER.info("Couldn't find AT with address {}", atAddress);
+					continue;
+				}
+
+				ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+				if (acct == null) {
+					continue;
+				}
+
+				CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+				if (crossChainTradeData == null) {
+					LOGGER.info("Couldn't find crosschain trade data for AT {}", atAddress);
+					continue;
+				}
+
+				// Attempt to find secret from the buyer's message to AT
+				byte[] decodedSecret = acct.findSecretA(repository, crossChainTradeData);
+				if (decodedSecret == null) {
+					LOGGER.info("Unable to find secret-A from redeem message to AT {}", atAddress);
+					continue;
+				}
+
+				// Search for the tradePrivateKey in the tradebot data
+				byte[] decodedPrivateKey = tradeBotData.getTradePrivateKey();
+
+				// Search for the foreign blockchain receiving address PKH in the tradebot data
+				byte[] foreignBlockchainReceivingAccountInfo = tradeBotData.getReceivingAccountInfo();
+
+				try {
+					LOGGER.info("Attempting to redeem P2SH balance associated with AT {}...", atAddress);
+					boolean redeemed = this.doRedeemHtlc(atAddress, decodedPrivateKey, decodedSecret, foreignBlockchainReceivingAccountInfo);
+					if (redeemed) {
+						LOGGER.info("Redeemed P2SH balance associated with AT {}", atAddress);
+						success = true;
+					}
+					else {
+						LOGGER.info("Couldn't redeem P2SH balance associated with AT {}. Already redeemed?", atAddress);
+					}
+				} catch (ApiException e) {
+					LOGGER.info("Couldn't redeem P2SH balance associated with AT {}. Missing data?", atAddress);
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+
+		return success;
+	}
+
+	private boolean doRedeemHtlc(String atAddress, byte[] decodedTradePrivateKey, byte[] decodedSecret,
+								 byte[] foreignBlockchainReceivingAccountInfo) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Validate trade private key
+			if (decodedTradePrivateKey == null || decodedTradePrivateKey.length != 32)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Validate secret
+			if (decodedSecret == null || decodedSecret.length != 32)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Validate receiving address
+			if (foreignBlockchainReceivingAccountInfo == null || foreignBlockchainReceivingAccountInfo.length != 20)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Make sure the receiving address isn't a QORT address, given that we can share the same field for both QORT and foreign blockchains
+			if (Crypto.isValidAddress(foreignBlockchainReceivingAccountInfo))
+				if (Base58.encode(foreignBlockchainReceivingAccountInfo).startsWith("Q"))
+					// This is likely a QORT address, not a foreign blockchain
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+
+			// Use secret-A to redeem P2SH-A
+
+			Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+			if (bitcoiny.getClass() == Bitcoin.class) {
+				LOGGER.info("Redeeming a Bitcoin HTLC is not yet supported");
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			int lockTime = crossChainTradeData.lockTimeA;
+			byte[] redeemScriptA = BitcoinyHTLC.buildScript(crossChainTradeData.partnerForeignPKH, lockTime, crossChainTradeData.creatorForeignPKH, crossChainTradeData.hashOfSecretA);
+			String p2shAddressA = bitcoiny.deriveP2shAddress(redeemScriptA);
+			LOGGER.info(String.format("Redeeming P2SH address: %s", p2shAddressA));
+
+			// Fee for redeem/refund is subtracted from P2SH-A balance.
+			long feeTimestamp = calcFeeTimestamp(lockTime, crossChainTradeData.tradeTimeout);
+			long p2shFee = bitcoiny.getP2shFee(feeTimestamp);
+			long minimumAmountA = crossChainTradeData.expectedForeignAmount + p2shFee;
+			BitcoinyHTLC.Status htlcStatusA = BitcoinyHTLC.determineHtlcStatus(bitcoiny.getBlockchainProvider(), p2shAddressA, minimumAmountA);
+
+			switch (htlcStatusA) {
+				case UNFUNDED:
+				case FUNDING_IN_PROGRESS:
+					// P2SH-A suddenly not funded? Our best bet at this point is to hope for AT auto-refund
+					return false;
+
+				case REDEEM_IN_PROGRESS:
+				case REDEEMED:
+					// Double-check that we have redeemed P2SH-A...
+					return false;
+
+				case REFUND_IN_PROGRESS:
+				case REFUNDED:
+					// Wait for AT to auto-refund
+					return false;
+
+				case FUNDED: {
+					Coin redeemAmount = Coin.valueOf(crossChainTradeData.expectedForeignAmount);
+					ECKey redeemKey = ECKey.fromPrivate(decodedTradePrivateKey);
+					List<TransactionOutput> fundingOutputs = bitcoiny.getUnspentOutputs(p2shAddressA);
+
+					Transaction p2shRedeemTransaction = BitcoinyHTLC.buildRedeemTransaction(bitcoiny.getNetworkParameters(), redeemAmount, redeemKey,
+							fundingOutputs, redeemScriptA, decodedSecret, foreignBlockchainReceivingAccountInfo);
+
+					bitcoiny.broadcastTransaction(p2shRedeemTransaction);
+					LOGGER.info(String.format("P2SH address %s redeemed!", p2shAddressA));
+					return true;
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, e);
+		}
+
+		return false;
+	}
+
+	@POST
+	@Path("/refund/{ataddress}")
+	@Operation(
+			summary = "Refunds HTLC associated with supplied AT",
+			description = "To be used by a QORT buyer (Alice) who needs to refund their LTC/DOGE/etc that is stuck in a P2SH.<br>" +
+					"This requires Alice's trade bot data to be present in the database for this AT.<br>" +
+					"It will fail if it's already redeemed by the seller, or if the lockTime (60 minutes) hasn't passed yet.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	public boolean refundHtlc(@PathParam("ataddress") String atAddress) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+			TradeBotData tradeBotData = allTradeBotData.stream().filter(tradeBotDataItem -> tradeBotDataItem.getAtAddress().equals(atAddress)).findFirst().orElse(null);
+			if (tradeBotData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			if (tradeBotData.getForeignKey() == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Determine foreign blockchain receive address for refund
+			Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+			String receiveAddress = bitcoiny.getUnusedReceiveAddress(tradeBotData.getForeignKey());
+
+			return this.doRefundHtlc(atAddress, receiveAddress);
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, e);
+		}
+	}
+
+
+	@POST
+	@Path("/refundAll")
+	@Operation(
+			summary = "Refunds HTLC for all applicable ATs in tradebot data",
+			description = "To be used by a QORT buyer (Alice) who needs to refund their LTC/DOGE/etc proceeds that are stuck in P2SH transactions.<br>" +
+					"This requires Alice's trade bot data to be present in the database for this AT.<br>" +
+					"It will fail if it's already redeemed by the seller, or if the lockTime (60 minutes) hasn't passed yet.",
+			responses = {
+					@ApiResponse(
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN})
+	public boolean refundAllHtlc() {
+		Security.checkApiCallAllowed(request);
+		boolean success = false;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+
+			for (TradeBotData tradeBotData : allTradeBotData) {
+				String atAddress = tradeBotData.getAtAddress();
+				if (atAddress == null) {
+					LOGGER.info("Missing AT address in tradebot data", atAddress);
+					continue;
+				}
+
+				String tradeState = tradeBotData.getState();
+				if (tradeState == null) {
+					LOGGER.info("Missing trade state for AT {}", atAddress);
+					continue;
+				}
+
+				if (tradeState.startsWith("BOB")) {
+					LOGGER.info("AT {} isn't refundable because it is a sell order", atAddress);
+					continue;
+				}
+
+				ATData atData = repository.getATRepository().fromATAddress(atAddress);
+				if (atData == null) {
+					LOGGER.info("Couldn't find AT with address {}", atAddress);
+					continue;
+				}
+
+				ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+				if (acct == null) {
+					continue;
+				}
+
+				CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+				if (crossChainTradeData == null) {
+					LOGGER.info("Couldn't find crosschain trade data for AT {}", atAddress);
+					continue;
+				}
+
+				if (tradeBotData.getForeignKey() == null) {
+					LOGGER.info("Couldn't find foreign key for AT {}", atAddress);
+					continue;
+				}
+
+				try {
+					// Determine foreign blockchain receive address for refund
+					Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+					String receivingAddress = bitcoiny.getUnusedReceiveAddress(tradeBotData.getForeignKey());
+
+					LOGGER.info("Attempting to refund P2SH balance associated with AT {}...", atAddress);
+					boolean refunded = this.doRefundHtlc(atAddress, receivingAddress);
+					if (refunded) {
+						LOGGER.info("Refunded P2SH balance associated with AT {}", atAddress);
+						success = true;
+					}
+					else {
+						LOGGER.info("Couldn't refund P2SH balance associated with AT {}. Already redeemed?", atAddress);
+					}
+				} catch (ApiException | ForeignBlockchainException e) {
+					LOGGER.info("Couldn't refund P2SH balance associated with AT {}. Missing data?", atAddress);
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+
+		return success;
+	}
+
+
+	private boolean doRefundHtlc(String atAddress, String receiveAddress) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// If the AT is "finished" then it will have a zero balance
+			// In these cases we should avoid HTLC refunds if tbe QORT haven't been returned to the seller
+			if (atData.getIsFinished() && crossChainTradeData.mode != AcctMode.REFUNDED && crossChainTradeData.mode != AcctMode.CANCELLED) {
+				LOGGER.info(String.format("Skipping AT %s because the QORT has already been redemed", atAddress));
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+			TradeBotData tradeBotData = allTradeBotData.stream().filter(tradeBotDataItem -> tradeBotDataItem.getAtAddress().equals(atAddress)).findFirst().orElse(null);
+			if (tradeBotData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			Bitcoiny bitcoiny = (Bitcoiny) acct.getBlockchain();
+			if (bitcoiny.getClass() == Bitcoin.class) {
+				LOGGER.info("Refunding a Bitcoin HTLC is not yet supported");
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+			}
+
+			int lockTime = tradeBotData.getLockTimeA();
+
+			// We can't refund P2SH-A until lockTime-A has passed
+			if (NTP.getTime() <= lockTime * 1000L)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_TOO_SOON);
+
+			// We can't refund P2SH-A until median block time has passed lockTime-A (see BIP113)
+			int medianBlockTime = bitcoiny.getMedianBlockTime();
+			if (medianBlockTime <= lockTime)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_TOO_SOON);
+
+			byte[] redeemScriptA = BitcoinyHTLC.buildScript(tradeBotData.getTradeForeignPublicKeyHash(), lockTime, crossChainTradeData.creatorForeignPKH, tradeBotData.getHashOfSecret());
+			String p2shAddressA = bitcoiny.deriveP2shAddress(redeemScriptA);
+			LOGGER.info(String.format("Refunding P2SH address: %s", p2shAddressA));
+
+			// Fee for redeem/refund is subtracted from P2SH-A balance.
+			long feeTimestamp = calcFeeTimestamp(lockTime, crossChainTradeData.tradeTimeout);
+			long p2shFee = bitcoiny.getP2shFee(feeTimestamp);
+			long minimumAmountA = crossChainTradeData.expectedForeignAmount + p2shFee;
+			BitcoinyHTLC.Status htlcStatusA = BitcoinyHTLC.determineHtlcStatus(bitcoiny.getBlockchainProvider(), p2shAddressA, minimumAmountA);
+
+			switch (htlcStatusA) {
+				case UNFUNDED:
+				case FUNDING_IN_PROGRESS:
+					// Still waiting for P2SH-A to be funded...
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_TOO_SOON);
+
+				case REDEEM_IN_PROGRESS:
+				case REDEEMED:
+				case REFUND_IN_PROGRESS:
+				case REFUNDED:
+					// Too late!
+					return false;
+
+				case FUNDED:{
+					Coin refundAmount = Coin.valueOf(crossChainTradeData.expectedForeignAmount);
+					ECKey refundKey = ECKey.fromPrivate(tradeBotData.getTradePrivateKey());
+					List<TransactionOutput> fundingOutputs = bitcoiny.getUnspentOutputs(p2shAddressA);
+
+					// Validate the destination foreign blockchain address
+					Address receiving = Address.fromString(bitcoiny.getNetworkParameters(), receiveAddress);
+					if (receiving.getOutputScriptType() != Script.ScriptType.P2PKH)
+						throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+					Transaction p2shRefundTransaction = BitcoinyHTLC.buildRefundTransaction(bitcoiny.getNetworkParameters(), refundAmount, refundKey,
+							fundingOutputs, redeemScriptA, lockTime, receiving.getHash());
+
+					bitcoiny.broadcastTransaction(p2shRefundTransaction);
+					return true;
+				}
+			}
+
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, e);
+		}
+
+		return false;
+	}
+
+	private long calcFeeTimestamp(int lockTimeA, int tradeTimeout) {
+		return (lockTimeA - tradeTimeout * 60) * 1000L;
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainLitecoinACCTv1Resource.java

@@ -0,0 +1,145 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.qortal.account.PrivateKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainSecretRequest;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crosschain.LitecoinACCTv1;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.Transformer;
+import org.qortal.transform.transaction.MessageTransactionTransformer;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.util.Arrays;
+import java.util.Random;
+
+@Path("/crosschain/LitecoinACCTv1")
+@Tag(name = "Cross-Chain (LitecoinACCTv1)")
+public class CrossChainLitecoinACCTv1Resource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/redeemmessage")
+	@Operation(
+		summary = "Signs and broadcasts a 'redeem' MESSAGE transaction that sends secrets to AT, releasing funds to partner",
+		description = "Specify address of cross-chain AT that needs to be messaged, Alice's trade private key, the 32-byte secret,<br>"
+			+ "and an address for receiving QORT from AT. All of these can be found in Alice's trade bot data.<br>"
+			+ "AT needs to be in 'trade' mode. Messages sent to an AT in any other mode will be ignored, but still cost fees to send!<br>"
+			+ "You need to use the private key that the AT considers the trade 'partner' otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainSecretRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public boolean buildRedeemMessage(CrossChainSecretRequest secretRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] partnerPrivateKey = secretRequest.partnerPrivateKey;
+
+		if (partnerPrivateKey == null || partnerPrivateKey.length != Transformer.PRIVATE_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		if (secretRequest.atAddress == null || !Crypto.isValidAtAddress(secretRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (secretRequest.secret == null || secretRequest.secret.length != LitecoinACCTv1.SECRET_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+		if (secretRequest.receivingAddress == null || !Crypto.isValidAddress(secretRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, secretRequest.atAddress);
+			CrossChainTradeData crossChainTradeData = LitecoinACCTv1.getInstance().populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.TRADING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			byte[] partnerPublicKey = new PrivateKeyAccount(null, partnerPrivateKey).getPublicKey();
+			String partnerAddress = Crypto.toAddress(partnerPublicKey);
+
+			// MESSAGE must come from address that AT considers trade partner
+			if (!crossChainTradeData.qortalPartnerAddress.equals(partnerAddress))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			// Good to make MESSAGE
+
+			byte[] messageData = LitecoinACCTv1.buildRedeemMessage(secretRequest.secret, secretRequest.receivingAddress);
+
+			PrivateKeyAccount sender = new PrivateKeyAccount(repository, partnerPrivateKey);
+			MessageTransaction messageTransaction = MessageTransaction.build(repository, sender, Group.NO_GROUP, secretRequest.atAddress, messageData, false, false);
+
+			messageTransaction.computeNonce();
+			messageTransaction.sign(sender);
+
+			// reset repository state to prevent deadlock
+			repository.discardChanges();
+			ValidationResult result = messageTransaction.importAsUnconfirmed();
+
+			if (result != ValidationResult.OK)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID);
+
+			return true;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// Must be correct AT - check functionality using code hash
+		if (!Arrays.equals(atData.getCodeHash(), LitecoinACCTv1.CODE_BYTES_HASH))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainLitecoinResource.java

@@ -0,0 +1,167 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.bitcoinj.core.Transaction;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.LitecoinSendRequest;
+import org.qortal.crosschain.ForeignBlockchainException;
+import org.qortal.crosschain.Litecoin;
+import org.qortal.crosschain.SimpleTransaction;
+
+@Path("/crosschain/ltc")
+@Tag(name = "Cross-Chain (Litecoin)")
+public class CrossChainLitecoinResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@POST
+	@Path("/walletbalance")
+	@Operation(
+		summary = "Returns LTC balance for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "balance (satoshis)"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public String getLitecoinWalletBalance(String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Litecoin litecoin = Litecoin.getInstance();
+
+		if (!litecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Long balance = litecoin.getWalletBalance(key58);
+		if (balance == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+		return balance.toString();
+	}
+
+	@POST
+	@Path("/wallettransactions")
+	@Operation(
+		summary = "Returns transactions for hierarchical, deterministic BIP32 wallet",
+		description = "Supply BIP32 'm' private/public key in base58, starting with 'xprv'/'xpub' for mainnet, 'tprv'/'tpub' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					description = "BIP32 'm' private/public key in base58",
+					example = "tpubD6NzVbkrYhZ4XTPc4btCZ6SMgn8CxmWkj6VBVZ1tfcJfMq4UwAjZbG8U74gGSypL9XBYk2R2BLbDBe8pcEyBKM1edsGQEPKXNbEskZozeZc"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(array = @ArraySchema( schema = @Schema( implementation = SimpleTransaction.class ) ) )
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public List<SimpleTransaction> getLitecoinWalletTransactions(String key58) {
+		Security.checkApiCallAllowed(request);
+
+		Litecoin litecoin = Litecoin.getInstance();
+
+		if (!litecoin.isValidDeterministicKey(key58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		try {
+			return litecoin.getWalletTransactions(key58);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+	}
+
+	@POST
+	@Path("/send")
+	@Operation(
+		summary = "Sends LTC from hierarchical, deterministic BIP32 wallet to specific address",
+		description = "Currently only supports 'legacy' P2PKH Litecoin addresses. Supply BIP32 'm' private key in base58, starting with 'xprv' for mainnet, 'tprv' for testnet",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = LitecoinSendRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string", description = "transaction hash"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE})
+	public String sendBitcoin(LitecoinSendRequest litecoinSendRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (litecoinSendRequest.litecoinAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (litecoinSendRequest.feePerByte != null && litecoinSendRequest.feePerByte <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		Litecoin litecoin = Litecoin.getInstance();
+
+		if (!litecoin.isValidAddress(litecoinSendRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (!litecoin.isValidDeterministicKey(litecoinSendRequest.xprv58))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		Transaction spendTransaction = litecoin.buildSpend(litecoinSendRequest.xprv58,
+				litecoinSendRequest.receivingAddress,
+				litecoinSendRequest.litecoinAmount,
+				litecoinSendRequest.feePerByte);
+
+		if (spendTransaction == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+		try {
+			litecoin.broadcastTransaction(spendTransaction);
+		} catch (ForeignBlockchainException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+		}
+
+		return spendTransaction.getTxId().toString();
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainResource.java

@@ -0,0 +1,424 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.function.Supplier;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.CrossChainCancelRequest;
+import org.qortal.api.model.CrossChainTradeSummary;
+import org.qortal.crosschain.SupportedBlockchain;
+import org.qortal.crosschain.ACCT;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.at.ATStateData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.transaction.BaseTransactionData;
+import org.qortal.data.transaction.MessageTransactionData;
+import org.qortal.data.transaction.TransactionData;
+import org.qortal.group.Group;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.MessageTransaction;
+import org.qortal.transaction.Transaction.ValidationResult;
+import org.qortal.transform.TransformationException;
+import org.qortal.transform.Transformer;
+import org.qortal.transform.transaction.MessageTransactionTransformer;
+import org.qortal.utils.Amounts;
+import org.qortal.utils.Base58;
+import org.qortal.utils.ByteArray;
+import org.qortal.utils.NTP;
+
+@Path("/crosschain")
+@Tag(name = "Cross-Chain")
+public class CrossChainResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Path("/tradeoffers")
+	@Operation(
+		summary = "Find cross-chain trade offers",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = CrossChainTradeData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public List<CrossChainTradeData> getTradeOffers(
+			@Parameter(
+				description = "Limit to specific blockchain",
+				example = "LITECOIN",
+				schema = @Schema(implementation = SupportedBlockchain.class)
+			) @QueryParam("foreignBlockchain") SupportedBlockchain foreignBlockchain,
+			@Parameter( ref = "limit") @QueryParam("limit") Integer limit,
+			@Parameter( ref = "offset" ) @QueryParam("offset") Integer offset,
+			@Parameter( ref = "reverse" ) @QueryParam("reverse") Boolean reverse) {
+		// Impose a limit on 'limit'
+		if (limit != null && limit > 100)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		final boolean isExecutable = true;
+		List<CrossChainTradeData> crossChainTradesData = new ArrayList<>();
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(foreignBlockchain);
+
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
+
+				List<ATData> atsData = repository.getATRepository().getATsByFunctionality(codeHash, isExecutable, limit, offset, reverse);
+
+				for (ATData atData : atsData) {
+					CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+					crossChainTradesData.add(crossChainTradeData);
+				}
+			}
+
+			return crossChainTradesData;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/trade/{ataddress}")
+	@Operation(
+		summary = "Show detailed trade info",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						implementation = CrossChainTradeData.class
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.ADDRESS_UNKNOWN, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public CrossChainTradeData getTrade(@PathParam("ataddress") String atAddress) {
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = repository.getATRepository().fromATAddress(atAddress);
+			if (atData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			return acct.populateTradeData(repository, atData);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/trades")
+	@Operation(
+		summary = "Find completed cross-chain trades",
+		description = "Returns summary info about successfully completed cross-chain trades",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = CrossChainTradeSummary.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public List<CrossChainTradeSummary> getCompletedTrades(
+			@Parameter(
+					description = "Limit to specific blockchain",
+					example = "LITECOIN",
+					schema = @Schema(implementation = SupportedBlockchain.class)
+				) @QueryParam("foreignBlockchain") SupportedBlockchain foreignBlockchain,
+			@Parameter(
+				description = "Only return trades that completed on/after this timestamp (milliseconds since epoch)",
+				example = "1597310000000"
+			) @QueryParam("minimumTimestamp") Long minimumTimestamp,
+			@Parameter( ref = "limit") @QueryParam("limit") Integer limit,
+			@Parameter( ref = "offset" ) @QueryParam("offset") Integer offset,
+			@Parameter( ref = "reverse" ) @QueryParam("reverse") Boolean reverse) {
+		// Impose a limit on 'limit'
+		if (limit != null && limit > 100)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// minimumTimestamp (if given) needs to be positive
+		if (minimumTimestamp != null && minimumTimestamp <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		final Boolean isFinished = Boolean.TRUE;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			Integer minimumFinalHeight = null;
+
+			if (minimumTimestamp != null) {
+				minimumFinalHeight = repository.getBlockRepository().getHeightFromTimestamp(minimumTimestamp);
+
+				if (minimumFinalHeight == 0)
+					// We don't have any blocks since minimumTimestamp, let alone trades, so nothing to return
+					return Collections.emptyList();
+
+				// height returned from repository is for block BEFORE timestamp
+				// but we want trades AFTER timestamp so bump height accordingly
+				minimumFinalHeight++;
+			}
+
+			List<CrossChainTradeSummary> crossChainTrades = new ArrayList<>();
+
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(foreignBlockchain);
+
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
+
+				List<ATStateData> atStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+						isFinished, acct.getModeByteOffset(), (long) AcctMode.REDEEMED.value, minimumFinalHeight,
+						limit, offset, reverse);
+
+				for (ATStateData atState : atStates) {
+					CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atState);
+
+					// We also need block timestamp for use as trade timestamp
+					long timestamp = repository.getBlockRepository().getTimestampFromHeight(atState.getHeight());
+
+					CrossChainTradeSummary crossChainTradeSummary = new CrossChainTradeSummary(crossChainTradeData, timestamp);
+					crossChainTrades.add(crossChainTradeSummary);
+				}
+			}
+
+			return crossChainTrades;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@GET
+	@Path("/price/{blockchain}")
+	@Operation(
+		summary = "Request current estimated trading price",
+		description = "Returns price based on most recent completed trades. Price is expressed in terms of QORT per unit foreign currency.",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "number"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	public long getTradePriceEstimate(
+			@Parameter(
+					description = "foreign blockchain",
+					example = "LITECOIN",
+					schema = @Schema(implementation = SupportedBlockchain.class)
+				) @PathParam("blockchain") SupportedBlockchain foreignBlockchain,
+			@Parameter(
+					description = "Maximum number of trades to include in price calculation",
+					example = "10",
+					schema = @Schema(type = "integer", defaultValue = "10")
+			) @QueryParam("maxtrades") Integer maxtrades) {
+		// foreignBlockchain is required
+		if (foreignBlockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		// We want both a minimum of 5 trades and enough trades to span at least 4 hours
+		int minimumCount = 5;
+		int maximumCount = maxtrades != null ? maxtrades : 10;
+		long minimumPeriod = 4 * 60 * 60 * 1000L; // ms
+		Boolean isFinished = Boolean.TRUE;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(foreignBlockchain);
+
+			long totalForeign = 0;
+			long totalQort = 0;
+
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
+
+				List<ATStateData> atStates = repository.getATRepository().getMatchingFinalATStatesQuorum(codeHash,
+						isFinished, acct.getModeByteOffset(), (long) AcctMode.REDEEMED.value, minimumCount, maximumCount, minimumPeriod);
+
+				for (ATStateData atState : atStates) {
+					CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atState);
+					totalForeign += crossChainTradeData.expectedForeignAmount;
+					totalQort += crossChainTradeData.qortAmount;
+				}
+			}
+
+			return Amounts.scaledDivide(totalQort, totalForeign);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@DELETE
+	@Path("/tradeoffer")
+	@Operation(
+		summary = "Builds raw, unsigned 'cancel' MESSAGE transaction that cancels cross-chain trade offer",
+		description = "Specify address of cross-chain AT that needs to be cancelled.<br>"
+			+ "AT needs to be in 'offer' mode. Messages sent to an AT in 'trade' mode will be ignored.<br>"
+			+ "Performs MESSAGE proof-of-work.<br>"
+			+ "You need to sign output with AT creator's private key otherwise the MESSAGE transaction will be invalid.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = CrossChainCancelRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					schema = @Schema(
+						type = "string"
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public String cancelTrade(CrossChainCancelRequest cancelRequest) {
+		Security.checkApiCallAllowed(request);
+
+		byte[] creatorPublicKey = cancelRequest.creatorPublicKey;
+
+		if (creatorPublicKey == null || creatorPublicKey.length != Transformer.PUBLIC_KEY_LENGTH)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+		if (cancelRequest.atAddress == null || !Crypto.isValidAtAddress(cancelRequest.atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, cancelRequest.atAddress);
+
+			ACCT acct = SupportedBlockchain.getAcctByCodeHash(atData.getCodeHash());
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+
+			if (crossChainTradeData.mode != AcctMode.OFFERING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			// Does supplied public key match AT creator's public key?
+			if (!Arrays.equals(creatorPublicKey, atData.getCreatorPublicKey()))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY);
+
+			// Good to make MESSAGE
+
+			String atCreatorAddress = Crypto.toAddress(creatorPublicKey);
+			byte[] messageData = acct.buildCancelMessage(atCreatorAddress);
+
+			byte[] messageTransactionBytes = buildAtMessage(repository, creatorPublicKey, cancelRequest.atAddress, messageData);
+
+			return Base58.encode(messageTransactionBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+	private byte[] buildAtMessage(Repository repository, byte[] senderPublicKey, String atAddress, byte[] messageData) throws DataException {
+		long txTimestamp = NTP.getTime();
+
+		// senderPublicKey could be ephemeral trade public key where there is no corresponding account and hence no reference
+		String senderAddress = Crypto.toAddress(senderPublicKey);
+		byte[] lastReference = repository.getAccountRepository().getLastReference(senderAddress);
+		final boolean requiresPoW = lastReference == null;
+
+		if (requiresPoW) {
+			Random random = new Random();
+			lastReference = new byte[Transformer.SIGNATURE_LENGTH];
+			random.nextBytes(lastReference);
+		}
+
+		int version = 4;
+		int nonce = 0;
+		long amount = 0L;
+		Long assetId = null; // no assetId as amount is zero
+		Long fee = 0L;
+
+		BaseTransactionData baseTransactionData = new BaseTransactionData(txTimestamp, Group.NO_GROUP, lastReference, senderPublicKey, fee, null);
+		TransactionData messageTransactionData = new MessageTransactionData(baseTransactionData, version, nonce, atAddress, amount, assetId, messageData, false, false);
+
+		MessageTransaction messageTransaction = new MessageTransaction(repository, messageTransactionData);
+
+		if (requiresPoW) {
+			messageTransaction.computeNonce();
+		} else {
+			fee = messageTransaction.calcRecommendedFee();
+			messageTransactionData.setFee(fee);
+		}
+
+		ValidationResult result = messageTransaction.isValidUnconfirmed();
+		if (result != ValidationResult.OK)
+			throw TransactionsResource.createTransactionInvalidException(request, result);
+
+		try {
+			return MessageTransactionTransformer.toBytes(messageTransactionData);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+	}
+
+}

src/main/java/org/qortal/api/resource/CrossChainTradeBotResource.java

@@ -0,0 +1,289 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+import org.qortal.account.Account;
+import org.qortal.account.PublicKeyAccount;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrors;
+import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
+import org.qortal.api.model.crosschain.TradeBotCreateRequest;
+import org.qortal.api.model.crosschain.TradeBotRespondRequest;
+import org.qortal.asset.Asset;
+import org.qortal.controller.tradebot.AcctTradeBot;
+import org.qortal.controller.tradebot.TradeBot;
+import org.qortal.crosschain.ForeignBlockchain;
+import org.qortal.crosschain.SupportedBlockchain;
+import org.qortal.crosschain.ACCT;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.at.ATData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.data.crosschain.TradeBotData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.Base58;
+
+@Path("/crosschain/tradebot")
+@Tag(name = "Cross-Chain (Trade-Bot)")
+public class CrossChainTradeBotResource {
+
+	@Context
+	HttpServletRequest request;
+
+	@GET
+	@Operation(
+		summary = "List current trade-bot states",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = TradeBotData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.REPOSITORY_ISSUE})
+	public List<TradeBotData> getTradeBotStates(
+			@Parameter(
+					description = "Limit to specific blockchain",
+					example = "LITECOIN",
+					schema = @Schema(implementation = SupportedBlockchain.class)
+				) @QueryParam("foreignBlockchain") SupportedBlockchain foreignBlockchain) {
+		Security.checkApiCallAllowed(request);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> allTradeBotData = repository.getCrossChainRepository().getAllTradeBotData();
+
+			if (foreignBlockchain == null)
+				return allTradeBotData;
+
+			return allTradeBotData.stream().filter(tradeBotData -> tradeBotData.getForeignBlockchain().equals(foreignBlockchain.name())).collect(Collectors.toList());
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/create")
+	@Operation(
+		summary = "Create a trade offer (trade-bot entry)",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = TradeBotCreateRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.INSUFFICIENT_BALANCE, ApiError.REPOSITORY_ISSUE, ApiError.ORDER_SIZE_TOO_SMALL})
+	@SuppressWarnings("deprecation")
+	public String tradeBotCreator(TradeBotCreateRequest tradeBotCreateRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (tradeBotCreateRequest.foreignBlockchain == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		ForeignBlockchain foreignBlockchain = tradeBotCreateRequest.foreignBlockchain.getInstance();
+
+		// We prefer foreignAmount to deprecated bitcoinAmount
+		if (tradeBotCreateRequest.foreignAmount == null)
+			tradeBotCreateRequest.foreignAmount = tradeBotCreateRequest.bitcoinAmount;
+
+		if (!foreignBlockchain.isValidAddress(tradeBotCreateRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (tradeBotCreateRequest.tradeTimeout < 60)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		if (tradeBotCreateRequest.foreignAmount == null || tradeBotCreateRequest.foreignAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ORDER_SIZE_TOO_SMALL);
+
+		if (tradeBotCreateRequest.foreignAmount < foreignBlockchain.getMinimumOrderAmount())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ORDER_SIZE_TOO_SMALL);
+
+		if (tradeBotCreateRequest.qortAmount <= 0 || tradeBotCreateRequest.fundingQortAmount <= 0)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ORDER_SIZE_TOO_SMALL);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Do some simple checking first
+			Account creator = new PublicKeyAccount(repository, tradeBotCreateRequest.creatorPublicKey);
+
+			if (creator.getConfirmedBalance(Asset.QORT) < tradeBotCreateRequest.fundingQortAmount)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INSUFFICIENT_BALANCE);
+
+			byte[] unsignedBytes = TradeBot.getInstance().createTrade(repository, tradeBotCreateRequest);
+			if (unsignedBytes == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			return Base58.encode(unsignedBytes);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/respond")
+	@Operation(
+		summary = "Respond to a trade offer. NOTE: WILL SPEND FUNDS!)",
+		description = "Start a new trade-bot entry to respond to chosen trade offer.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.APPLICATION_JSON,
+				schema = @Schema(
+					implementation = TradeBotRespondRequest.class
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE, ApiError.REPOSITORY_ISSUE})
+	@SuppressWarnings("deprecation")
+	public String tradeBotResponder(TradeBotRespondRequest tradeBotRespondRequest) {
+		Security.checkApiCallAllowed(request);
+
+		final String atAddress = tradeBotRespondRequest.atAddress;
+
+		// We prefer foreignKey to deprecated xprv58
+		if (tradeBotRespondRequest.foreignKey == null)
+			tradeBotRespondRequest.foreignKey = tradeBotRespondRequest.xprv58;
+
+		if (tradeBotRespondRequest.foreignKey == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+		if (atAddress == null || !Crypto.isValidAtAddress(atAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		if (tradeBotRespondRequest.receivingAddress == null || !Crypto.isValidAddress(tradeBotRespondRequest.receivingAddress))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		// Extract data from cross-chain trading AT
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ATData atData = fetchAtDataWithChecking(repository, atAddress);
+
+			// TradeBot uses AT's code hash to map to ACCT
+			ACCT acct = TradeBot.getInstance().getAcctUsingAtData(atData);
+			if (acct == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			if (!acct.getBlockchain().isValidWalletKey(tradeBotRespondRequest.foreignKey))
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+
+			CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atData);
+			if (crossChainTradeData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+			if (crossChainTradeData.mode != AcctMode.OFFERING)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+			AcctTradeBot.ResponseResult result = TradeBot.getInstance().startResponse(repository, atData, acct, crossChainTradeData,
+					tradeBotRespondRequest.foreignKey, tradeBotRespondRequest.receivingAddress);
+
+			switch (result) {
+				case OK:
+					return "true";
+
+				case BALANCE_ISSUE:
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE);
+
+				case NETWORK_ISSUE:
+					throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE);
+
+				default:
+					return "false";
+			}
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@DELETE
+	@Operation(
+		summary = "Delete completed trade",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string",
+					example = "93MB2qRDNVLxbmmPuYpLdAqn3u2x9ZhaVZK5wELHueP8"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "string"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE})
+	public String tradeBotDelete(String tradePrivateKey58) {
+		Security.checkApiCallAllowed(request);
+
+		final byte[] tradePrivateKey;
+		try {
+			tradePrivateKey = Base58.decode(tradePrivateKey58);
+
+			if (tradePrivateKey.length != 32)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+		} catch (NumberFormatException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PRIVATE_KEY);
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Handed off to TradeBot
+			return TradeBot.getInstance().deleteEntry(repository, tradePrivateKey) ? "true" : "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	private ATData fetchAtDataWithChecking(Repository repository, String atAddress) throws DataException {
+		ATData atData = repository.getATRepository().fromATAddress(atAddress);
+		if (atData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+		// No point sending message to AT that's finished
+		if (atData.getIsFinished())
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+
+		return atData;
+	}
+
+}

src/main/java/org/qortal/api/resource/ListsResource.java

@@ -0,0 +1,298 @@
+package org.qortal.api.resource;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import org.qortal.api.*;
+import org.qortal.api.model.AddressListRequest;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.account.AccountData;
+import org.qortal.list.ResourceListManager;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+
+
+@Path("/lists")
+@Tag(name = "Lists")
+public class ListsResource {
+
+	@Context
+	HttpServletRequest request;
+	
+	@POST
+	@Path("/blacklist/address/{address}")
+	@Operation(
+		summary = "Add a QORT address to the local blacklist",
+		responses = {
+			@ApiResponse(
+				description = "Returns true on success, or an exception on failure",
+					content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
+	public String addAddressToBlacklist(@PathParam("address") String address) {
+		Security.checkApiCallAllowed(request);
+
+		if (!Crypto.isValidAddress(address))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			AccountData accountData = repository.getAccountRepository().getAccount(address);
+			// Not found?
+			if (accountData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			// Valid address, so go ahead and blacklist it
+			boolean success = ResourceListManager.getInstance().addAddressToBlacklist(address, true);
+
+			return success ? "true" : "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@POST
+	@Path("/blacklist/addresses")
+	@Operation(
+			summary = "Add one or more QORT addresses to the local blacklist",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.APPLICATION_JSON,
+							schema = @Schema(
+									implementation = AddressListRequest.class
+							)
+					)
+			),
+			responses = {
+					@ApiResponse(
+							description = "Returns true if all addresses were processed, false if any couldn't be " +
+									"processed, or an exception on failure. If false or an exception is returned, " +
+									"the list will not be updated, and the request will need to be re-issued.",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
+	public String addAddressesToBlacklist(AddressListRequest addressListRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (addressListRequest == null || addressListRequest.addresses == null) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		int successCount = 0;
+		int errorCount = 0;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			for (String address : addressListRequest.addresses) {
+
+				if (!Crypto.isValidAddress(address)) {
+					errorCount++;
+					continue;
+				}
+
+				AccountData accountData = repository.getAccountRepository().getAccount(address);
+				// Not found?
+				if (accountData == null) {
+					errorCount++;
+					continue;
+				}
+
+				// Valid address, so go ahead and blacklist it
+				boolean success = ResourceListManager.getInstance().addAddressToBlacklist(address, false);
+				if (success) {
+					successCount++;
+				}
+				else {
+					errorCount++;
+				}
+			}
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+
+		if (successCount > 0 && errorCount == 0) {
+			// All were successful, so save the blacklist
+			ResourceListManager.getInstance().saveBlacklist();
+			return "true";
+		}
+		else {
+			// Something went wrong, so revert
+			ResourceListManager.getInstance().revertBlacklist();
+			return "false";
+		}
+	}
+
+
+	@DELETE
+	@Path("/blacklist/address/{address}")
+	@Operation(
+			summary = "Remove a QORT address from the local blacklist",
+			responses = {
+					@ApiResponse(
+							description = "Returns true on success, or an exception on failure",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
+	public String removeAddressFromBlacklist(@PathParam("address") String address) {
+		Security.checkApiCallAllowed(request);
+
+		if (!Crypto.isValidAddress(address))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			AccountData accountData = repository.getAccountRepository().getAccount(address);
+			// Not found?
+			if (accountData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			// Valid address, so go ahead and blacklist it
+			boolean success = ResourceListManager.getInstance().removeAddressFromBlacklist(address, true);
+
+			return success ? "true" : "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+	@DELETE
+	@Path("/blacklist/addresses")
+	@Operation(
+			summary = "Remove one or more QORT addresses from the local blacklist",
+			requestBody = @RequestBody(
+					required = true,
+					content = @Content(
+							mediaType = MediaType.APPLICATION_JSON,
+							schema = @Schema(
+									implementation = AddressListRequest.class
+							)
+					)
+			),
+			responses = {
+					@ApiResponse(
+							description = "Returns true if all addresses were processed, false if any couldn't be " +
+									"processed, or an exception on failure. If false or an exception is returned, " +
+									"the list will not be updated, and the request will need to be re-issued.",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
+	public String removeAddressesFromBlacklist(AddressListRequest addressListRequest) {
+		Security.checkApiCallAllowed(request);
+
+		if (addressListRequest == null || addressListRequest.addresses == null) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+
+		int successCount = 0;
+		int errorCount = 0;
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+
+			for (String address : addressListRequest.addresses) {
+
+				if (!Crypto.isValidAddress(address)) {
+					errorCount++;
+					continue;
+				}
+
+				AccountData accountData = repository.getAccountRepository().getAccount(address);
+				// Not found?
+				if (accountData == null) {
+					errorCount++;
+					continue;
+				}
+
+				// Valid address, so go ahead and blacklist it
+				// Don't save as we will do this at the end of the process
+				boolean success = ResourceListManager.getInstance().removeAddressFromBlacklist(address, false);
+				if (success) {
+					successCount++;
+				}
+				else {
+					errorCount++;
+				}
+			}
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+
+		if (successCount > 0 && errorCount == 0) {
+			// All were successful, so save the blacklist
+			ResourceListManager.getInstance().saveBlacklist();
+			return "true";
+		}
+		else {
+			// Something went wrong, so revert
+			ResourceListManager.getInstance().revertBlacklist();
+			return "false";
+		}
+	}
+
+	@GET
+	@Path("/blacklist/addresses")
+	@Operation(
+			summary = "Fetch the list of blacklisted addresses",
+			responses = {
+					@ApiResponse(
+							description = "A JSON array of addresses",
+							content = @Content(mediaType = MediaType.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = String.class)))
+					)
+			}
+	)
+	public String getAddressBlacklist() {
+		Security.checkApiCallAllowed(request);
+		return ResourceListManager.getInstance().getBlacklistJSONString();
+	}
+
+	@GET
+	@Path("/blacklist/address/{address}")
+	@Operation(
+			summary = "Check if an address is present in the local blacklist",
+			responses = {
+					@ApiResponse(
+							description = "Returns true or false if the list was queried, or an exception on failure",
+							content = @Content(mediaType = MediaType.TEXT_PLAIN, schema = @Schema(type = "boolean"))
+					)
+			}
+	)
+	@ApiErrors({ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN, ApiError.REPOSITORY_ISSUE})
+	public String checkAddressInBlacklist(@PathParam("address") String address) {
+		Security.checkApiCallAllowed(request);
+
+		if (!Crypto.isValidAddress(address))
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_ADDRESS);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			AccountData accountData = repository.getAccountRepository().getAccount(address);
+			// Not found?
+			if (accountData == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
+
+			// Valid address, so go ahead and blacklist it
+			boolean blacklisted = ResourceListManager.getInstance().isAddressInBlacklist(address);
+
+			return blacklisted ? "true" : "false";
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
+}

src/main/java/org/qortal/api/resource/PeersResource.java

@@ -6,8 +6,12 @@ import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
+import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -25,12 +29,19 @@ import org.qortal.api.ApiException;
 import org.qortal.api.ApiExceptionFactory;
 import org.qortal.api.Security;
 import org.qortal.api.model.ConnectedPeer;
+import org.qortal.controller.Controller;
+import org.qortal.controller.Synchronizer;
+import org.qortal.controller.Synchronizer.SynchronizationResult;
+import org.qortal.data.block.BlockSummaryData;
 import org.qortal.data.network.PeerData;
 import org.qortal.network.Network;
+import org.qortal.network.Peer;
 import org.qortal.network.PeerAddress;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
 import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.ExecuteProduceConsume;
+import org.qortal.utils.NTP;
 
 @Path("/peers")
 @Tag(name = "Peers")
@@ -80,11 +91,7 @@ public class PeersResource {
 		ApiError.REPOSITORY_ISSUE
 	})
 	public List<PeerData> getKnownPeers() {
-		try (final Repository repository = RepositoryManager.getRepository()) {
-			return repository.getNetworkRepository().getAllPeers();
-		} catch (DataException e) {
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
-		}
+		return Network.getInstance().getAllKnownPeers();
 	}
 
 	@GET
@@ -108,6 +115,30 @@ public class PeersResource {
 		return Network.getInstance().getSelfPeers();
 	}
 
+	@GET
+	@Path("/enginestats")
+	@Operation(
+		summary = "Fetch statistics snapshot for networking engine",
+		responses = {
+			@ApiResponse(
+				content = @Content(
+					mediaType = MediaType.APPLICATION_JSON,
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = ExecuteProduceConsume.StatsSnapshot.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@SecurityRequirement(name = "apiKey")
+	public ExecuteProduceConsume.StatsSnapshot getEngineStats() {
+		Security.checkApiCallAllowed(request);
+
+		return Network.getInstance().getStatsSnapshot();
+	}
+
 	@POST
 	@Operation(
 		summary = "Add new peer address",
@@ -139,21 +170,25 @@ public class PeersResource {
 	@ApiErrors({
 		ApiError.INVALID_NETWORK_ADDRESS, ApiError.REPOSITORY_ISSUE
 	})
+	@SecurityRequirement(name = "apiKey")
 	public String addPeer(String address) {
 		Security.checkApiCallAllowed(request);
 
-		try (final Repository repository = RepositoryManager.getRepository()) {
+		final Long addedWhen = NTP.getTime();
+		if (addedWhen == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NO_TIME_SYNC);
+
+		try {
 			PeerAddress peerAddress = PeerAddress.fromString(address);
 
-			PeerData peerData = new PeerData(peerAddress, System.currentTimeMillis(), "API");
-			repository.getNetworkRepository().save(peerData);
-			repository.saveChanges();
+			List<PeerAddress> newPeerAddresses = new ArrayList<>(1);
+			newPeerAddresses.add(peerAddress);
 
-			return "true";
+			boolean addResult = Network.getInstance().mergePeers("API", addedWhen, newPeerAddresses);
+
+			return addResult ? "true" : "false";
 		} catch (IllegalArgumentException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_NETWORK_ADDRESS);
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		}
@@ -190,6 +225,7 @@ public class PeersResource {
 	@ApiErrors({
 		ApiError.INVALID_NETWORK_ADDRESS, ApiError.REPOSITORY_ISSUE
 	})
+	@SecurityRequirement(name = "apiKey")
 	public String removePeer(String address) {
 		Security.checkApiCallAllowed(request);
 
@@ -225,6 +261,7 @@ public class PeersResource {
 	@ApiErrors({
 		ApiError.REPOSITORY_ISSUE
 	})
+	@SecurityRequirement(name = "apiKey")
 	public String removeKnownPeers(String address) {
 		Security.checkApiCallAllowed(request);
 
@@ -237,4 +274,68 @@ public class PeersResource {
 		}
 	}
 
+	@POST
+	@Path("/commonblock")
+	@Operation(
+		summary = "Report common block with given peer.",
+		requestBody = @RequestBody(
+			required = true,
+			content = @Content(
+				mediaType = MediaType.TEXT_PLAIN,
+				schema = @Schema(
+					type = "string", example = "node2.qortal.org"
+				)
+			)
+		),
+		responses = {
+			@ApiResponse(
+				description = "the block",
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = BlockSummaryData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE})
+	@SecurityRequirement(name = "apiKey")
+	public List<BlockSummaryData> commonBlock(String targetPeerAddress) {
+		Security.checkApiCallAllowed(request);
+
+		try {
+			// Try to resolve passed address to make things easier
+			PeerAddress peerAddress = PeerAddress.fromString(targetPeerAddress);
+			InetSocketAddress resolvedAddress = peerAddress.toSocketAddress();
+
+			List<Peer> peers = Network.getInstance().getHandshakedPeers();
+			Peer targetPeer = peers.stream().filter(peer -> peer.getResolvedAddress().equals(resolvedAddress)).findFirst().orElse(null);
+
+			if (targetPeer == null)
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
+			try (final Repository repository = RepositoryManager.getRepository()) {
+				int ourInitialHeight = Controller.getInstance().getChainHeight();
+				boolean force = true;
+				List<BlockSummaryData> peerBlockSummaries = new ArrayList<>();
+
+				SynchronizationResult findCommonBlockResult = Synchronizer.getInstance().fetchSummariesFromCommonBlock(repository, targetPeer, ourInitialHeight, force, peerBlockSummaries, true);
+				if (findCommonBlockResult != SynchronizationResult.OK)
+					return null;
+
+				return peerBlockSummaries;
+			}
+		} catch (IllegalArgumentException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+		} catch (UnknownHostException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		} catch (InterruptedException e) {
+			return null;
+		}
+	}
+
 }

src/main/java/org/qortal/api/resource/TransactionsResource.java

@@ -363,6 +363,60 @@ public class TransactionsResource {
 		}
 	}
 
+	@GET
+	@Path("/creator/{publickey}")
+	@Operation(
+		summary = "Find matching transactions created by account with given public key",
+		responses = {
+			@ApiResponse(
+				description = "transactions",
+				content = @Content(
+					array = @ArraySchema(
+						schema = @Schema(
+							implementation = TransactionData.class
+						)
+					)
+				)
+			)
+		}
+	)
+	@ApiErrors({
+		ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE
+	})
+	public List<TransactionData> findCreatorsTransactions(@PathParam("publickey") String publicKey58,
+			@Parameter(
+				description = "whether to include confirmed, unconfirmed or both",
+				required = true
+			) @QueryParam("confirmationStatus") ConfirmationStatus confirmationStatus, @Parameter(
+				ref = "limit"
+			) @QueryParam("limit") Integer limit, @Parameter(
+				ref = "offset"
+			) @QueryParam("offset") Integer offset, @Parameter(
+				ref = "reverse"
+			) @QueryParam("reverse") Boolean reverse) {
+		// Decode public key
+		byte[] publicKey;
+		try {
+			publicKey = Base58.decode(publicKey58);
+		} catch (NumberFormatException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_PUBLIC_KEY, e);
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<byte[]> signatures = repository.getTransactionRepository().getSignaturesMatchingCriteria(null,
+					publicKey, confirmationStatus, limit, offset, reverse);
+
+			// Expand signatures to transactions
+			List<TransactionData> transactions = new ArrayList<>(signatures.size());
+			for (byte[] signature : signatures)
+				transactions.add(repository.getTransactionRepository().fromSignature(signature));
+
+			return transactions;
+		} catch (DataException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
+		}
+	}
+
 	@POST
 	@Path("/sign")
 	@Operation(
@@ -456,41 +510,39 @@ public class TransactionsResource {
 		if (!Controller.getInstance().isUpToDate())
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.BLOCKCHAIN_NEEDS_SYNC);
 
+		byte[] rawBytes = Base58.decode(rawBytes58);
+
+		TransactionData transactionData;
+		try {
+			transactionData = TransactionTransformer.fromBytes(rawBytes);
+		} catch (TransformationException e) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
+		}
+
+		if (transactionData == null)
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+
 		try (final Repository repository = RepositoryManager.getRepository()) {
-			byte[] rawBytes = Base58.decode(rawBytes58);
-
-			TransactionData transactionData = TransactionTransformer.fromBytes(rawBytes);
-
-			if (transactionData == null)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-
 			Transaction transaction = Transaction.fromData(repository, transactionData);
 
 			if (!transaction.isSignatureValid())
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_SIGNATURE);
 
 			ReentrantLock blockchainLock = Controller.getInstance().getBlockchainLock();
-			if (!blockchainLock.tryLock(500, TimeUnit.MILLISECONDS))
+			if (!blockchainLock.tryLock(30, TimeUnit.SECONDS))
 				throw createTransactionInvalidException(request, ValidationResult.NO_BLOCKCHAIN_LOCK);
 
 			try {
 				ValidationResult result = transaction.importAsUnconfirmed();
 				if (result != ValidationResult.OK)
 					throw createTransactionInvalidException(request, result);
-
-				// Notify controller of new transaction
-				Controller.getInstance().onNewTransaction(transactionData);
-
-				return "true";
 			} finally {
 				blockchainLock.unlock();
 			}
+
+			return "true";
 		} catch (NumberFormatException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA, e);
-		} catch (TransformationException e) {
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSFORMATION_ERROR, e);
-		} catch (ApiException e) {
-			throw e;
 		} catch (DataException e) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.REPOSITORY_ISSUE, e);
 		} catch (InterruptedException e) {
@@ -573,7 +625,7 @@ public class TransactionsResource {
 
 	public static ApiException createTransactionInvalidException(HttpServletRequest request, ValidationResult result) {
 		String translatedResult = Translator.INSTANCE.translate("TransactionValidity", request.getLocale().getLanguage(), result.name());
-		return ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID, null, translatedResult);
+		return ApiExceptionFactory.INSTANCE.createException(request, ApiError.TRANSACTION_INVALID, null, translatedResult, result.name());
 	}
 
 }

src/main/java/org/qortal/api/resource/UtilsResource.java

@@ -33,7 +33,6 @@ import org.qortal.transaction.Transaction.TransactionType;
 import org.qortal.transform.Transformer;
 import org.qortal.transform.transaction.TransactionTransformer;
 import org.qortal.transform.transaction.TransactionTransformer.Transformation;
-import org.qortal.utils.BIP39;
 import org.qortal.utils.Base58;
 
 import com.google.common.hash.HashCode;
@@ -195,123 +194,6 @@ public class UtilsResource {
 		return Base58.encode(random);
 	}
 
-	@GET
-	@Path("/mnemonic")
-	@Operation(
-		summary = "Generate 12-word BIP39 mnemonic",
-		description = "Optionally pass 16-byte, base58-encoded entropy or entropy will be internally generated.<br>"
-				+ "Example entropy input: YcVfxkQb6JRzqk5kF2tNLv",
-		responses = {
-			@ApiResponse(
-				description = "mnemonic",
-				content = @Content(
-					mediaType = MediaType.TEXT_PLAIN,
-					schema = @Schema(
-						type = "string"
-					)
-				)
-			)
-		}
-	)
-	@ApiErrors({ApiError.NON_PRODUCTION, ApiError.INVALID_DATA})
-	public String getMnemonic(@QueryParam("entropy") String suppliedEntropy) {
-		if (Settings.getInstance().isApiRestricted())
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
-
-		/*
-		 * BIP39 word lists have 2048 entries so can be represented by 11 bits.
-		 * UUID (128bits) and another 4 bits gives 132 bits.
-		 * 132 bits, divided by 11, gives 12 words.
-		 */
-		byte[] entropy;
-		if (suppliedEntropy != null) {
-			// Use caller-supplied entropy input
-			try {
-				entropy = Base58.decode(suppliedEntropy);
-			} catch (NumberFormatException e) {
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-			}
-
-			// Must be 16-bytes
-			if (entropy.length != 16)
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
-		} else {
-			// Generate entropy internally
-			UUID uuid = UUID.randomUUID();
-
-			byte[] uuidMSB = Longs.toByteArray(uuid.getMostSignificantBits());
-			byte[] uuidLSB = Longs.toByteArray(uuid.getLeastSignificantBits());
-			entropy = Bytes.concat(uuidMSB, uuidLSB);
-		}
-
-		// Use SHA256 to generate more bits
-		byte[] hash = Crypto.digest(entropy);
-
-		// Append first 4 bits from hash to end. (Actually 8 bits but we only use 4).
-		byte checksum = (byte) (hash[0] & 0xf0);
-		entropy = Bytes.concat(entropy, new byte[] {
-			checksum
-		});
-
-		return BIP39.encode(entropy, "en");
-	}
-
-	@POST
-	@Path("/mnemonic")
-	@Operation(
-		summary = "Calculate binary entropy from 12-word BIP39 mnemonic",
-		description = "Returns the base58-encoded binary form, or \"false\" if mnemonic is invalid.",
-		requestBody = @RequestBody(
-			required = true,
-			content = @Content(
-				mediaType = MediaType.TEXT_PLAIN,
-				schema = @Schema(
-					type = "string"
-				)
-			)
-		),
-		responses = {
-			@ApiResponse(
-				description = "entropy in base58",
-				content = @Content(
-					mediaType = MediaType.TEXT_PLAIN,
-					schema = @Schema(
-						type = "string"
-					)
-				)
-			)
-		}
-	)
-	@ApiErrors({ApiError.NON_PRODUCTION})
-	public String fromMnemonic(String mnemonic) {
-		if (Settings.getInstance().isApiRestricted())
-			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
-
-		if (mnemonic.isEmpty())
-			return "false";
-
-		// Strip leading/trailing whitespace if any
-		mnemonic = mnemonic.trim();
-
-		String[] phraseWords = mnemonic.split(" ");
-		if (phraseWords.length != 12)
-			return "false";
-
-		// Convert BIP39 mnemonic to binary
-		byte[] binary = BIP39.decode(phraseWords, "en");
-		if (binary == null)
-			return "false";
-
-		byte[] entropy = Arrays.copyOf(binary, 16); // 132 bits is 16.5 bytes, but we're discarding checksum nybble
-
-		byte checksumNybble = (byte) (binary[16] & 0xf0);
-		byte[] checksum = Crypto.digest(entropy);
-		if (checksumNybble != (byte) (checksum[0] & 0xf0))
-			return "false";
-
-		return Base58.encode(entropy);
-	}
-
 	@POST
 	@Path("/privatekey")
 	@Operation(

src/main/java/org/qortal/api/websocket/ActiveChatsWebSocket.java

@@ -0,0 +1,96 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.WebSocketException;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.controller.ChatNotifier;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.chat.ActiveChats;
+import org.qortal.data.transaction.ChatTransactionData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class ActiveChatsWebSocket extends ApiWebSocket {
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(ActiveChatsWebSocket.class);
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		Map<String, String> pathParams = getPathParams(session, "/{address}");
+
+		String address = pathParams.get("address");
+		if (address == null || !Crypto.isValidAddress(address)) {
+			session.close(4001, "invalid address");
+			return;
+		}
+
+		AtomicReference<String> previousOutput = new AtomicReference<>(null);
+
+		ChatNotifier.Listener listener = chatTransactionData -> onNotify(session, chatTransactionData, address, previousOutput);
+		ChatNotifier.getInstance().register(session, listener);
+
+		this.onNotify(session, null, address, previousOutput);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		ChatNotifier.getInstance().deregister(session);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* ignored */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private void onNotify(Session session, ChatTransactionData chatTransactionData, String ourAddress, AtomicReference<String> previousOutput) {
+		// If CHAT has a recipient (i.e. direct message, not group-based) and we're neither sender nor recipient, then it's of no interest
+		if (chatTransactionData != null) {
+			String recipient = chatTransactionData.getRecipient();
+
+			if (recipient != null && (!recipient.equals(ourAddress) && !chatTransactionData.getSender().equals(ourAddress)))
+				return;
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			ActiveChats activeChats = repository.getChatRepository().getActiveChats(ourAddress);
+
+			StringWriter stringWriter = new StringWriter();
+
+			marshall(stringWriter, activeChats);
+
+			// Only output if something has changed
+			String output = stringWriter.toString();
+			if (output.equals(previousOutput.get()))
+				return;
+
+			previousOutput.set(output);
+			session.getRemote().sendStringByFuture(output);
+		} catch (DataException | IOException | WebSocketException e) {
+			// No output this time?
+		}
+	}
+
+}

src/main/java/org/qortal/api/websocket/AdminStatusWebSocket.java

@@ -0,0 +1,101 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.WebSocketException;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.api.model.NodeStatus;
+import org.qortal.controller.Controller;
+import org.qortal.event.Event;
+import org.qortal.event.EventBus;
+import org.qortal.event.Listener;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class AdminStatusWebSocket extends ApiWebSocket implements Listener {
+
+	private static final AtomicReference<String> previousOutput = new AtomicReference<>(null);
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(AdminStatusWebSocket.class);
+
+		try {
+			previousOutput.set(buildStatusString());
+		} catch (IOException e) {
+			// How to fail properly?
+			return;
+		}
+
+		EventBus.INSTANCE.addListener(this::listen);
+	}
+
+	@Override
+	public void listen(Event event) {
+		if (!(event instanceof Controller.StatusChangeEvent))
+			return;
+
+		String newOutput;
+		try {
+			newOutput = buildStatusString();
+		} catch (IOException e) {
+			// Ignore this time?
+			return;
+		}
+
+		if (previousOutput.getAndUpdate(currentValue -> newOutput).equals(newOutput))
+			// Output hasn't changed, so don't send anything
+			return;
+
+		for (Session session : getSessions())
+			this.sendStatus(session, newOutput);
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		this.sendStatus(session, previousOutput.get());
+
+		super.onWebSocketConnect(session);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		super.onWebSocketClose(session, statusCode, reason);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* We ignore errors for now, but method here to silence log spam */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private static String buildStatusString() throws IOException {
+		NodeStatus nodeStatus = new NodeStatus();
+		StringWriter stringWriter = new StringWriter();
+		marshall(stringWriter, nodeStatus);
+		return stringWriter.toString();
+	}
+
+	private void sendStatus(Session session, String status) {
+		try {
+			session.getRemote().sendStringByFuture(status);
+		} catch (WebSocketException e) {
+			// No output this time?
+		}
+	}
+
+}

src/main/java/org/qortal/api/websocket/ApiWebSocket.java

@@ -0,0 +1,122 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.io.Writer;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.eclipse.jetty.http.pathmap.UriTemplatePathSpec;
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
+import org.eclipse.jetty.websocket.servlet.WebSocketServlet;
+import org.eclipse.persistence.jaxb.JAXBContextFactory;
+import org.eclipse.persistence.jaxb.MarshallerProperties;
+import org.qortal.api.ApiError;
+import org.qortal.api.ApiErrorRoot;
+
+@SuppressWarnings("serial")
+abstract class ApiWebSocket extends WebSocketServlet {
+
+	private static final Map<Class<? extends ApiWebSocket>, List<Session>> SESSIONS_BY_CLASS = new HashMap<>();
+
+	protected static String getPathInfo(Session session) {
+		ServletUpgradeRequest upgradeRequest = (ServletUpgradeRequest) session.getUpgradeRequest();
+		return upgradeRequest.getHttpServletRequest().getPathInfo();
+	}
+
+	protected static Map<String, String> getPathParams(Session session, String pathSpec) {
+		UriTemplatePathSpec uriTemplatePathSpec = new UriTemplatePathSpec(pathSpec);
+		return uriTemplatePathSpec.getPathParams(getPathInfo(session));
+	}
+
+	protected static void sendError(Session session, ApiError apiError) {
+		ApiErrorRoot apiErrorRoot = new ApiErrorRoot();
+		apiErrorRoot.setApiError(apiError);
+
+		StringWriter stringWriter = new StringWriter();
+		try {
+			marshall(stringWriter, apiErrorRoot);
+			session.getRemote().sendString(stringWriter.toString());
+		} catch (IOException e) {
+			// Remote end probably closed
+		}
+	}
+
+	protected static void marshall(Writer writer, Object object) throws IOException {
+		Marshaller marshaller = createMarshaller(object.getClass());
+
+		try {
+			marshaller.marshal(object, writer);
+		} catch (JAXBException e) {
+			throw new IOException("Unable to create marshall object for websocket", e);
+		}
+	}
+
+	protected static void marshall(Writer writer, Collection<?> collection) throws IOException {
+		// If collection is empty then we're returning "[]" anyway
+		if (collection.isEmpty()) {
+			writer.append("[]");
+			return;
+		}
+
+		// Grab an entry from collection so we can determine type
+		Object entry = collection.iterator().next();
+
+		Marshaller marshaller = createMarshaller(entry.getClass());
+
+		try {
+			marshaller.marshal(collection, writer);
+		} catch (JAXBException e) {
+			throw new IOException("Unable to create marshall object for websocket", e);
+		}
+	}
+
+	private static Marshaller createMarshaller(Class<?> objectClass) {
+		try {
+			// Create JAXB context aware of object's class
+			JAXBContext jc = JAXBContextFactory.createContext(new Class[] { objectClass }, null);
+
+			// Create marshaller
+			Marshaller marshaller = jc.createMarshaller();
+
+			// Set the marshaller media type to JSON
+			marshaller.setProperty(MarshallerProperties.MEDIA_TYPE, "application/json");
+
+			// Tell marshaller not to include JSON root element in the output
+			marshaller.setProperty(MarshallerProperties.JSON_INCLUDE_ROOT, false);
+
+			return marshaller;
+		} catch (JAXBException e) {
+			throw new RuntimeException("Unable to create websocket marshaller", e);
+		}
+	}
+
+	public void onWebSocketConnect(Session session) {
+		synchronized (SESSIONS_BY_CLASS) {
+			SESSIONS_BY_CLASS.computeIfAbsent(this.getClass(), clazz -> new ArrayList<>()).add(session);
+		}
+	}
+
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		synchronized (SESSIONS_BY_CLASS) {
+			List<Session> sessions = SESSIONS_BY_CLASS.get(this.getClass());
+			if (sessions != null)
+				sessions.remove(session);
+		}
+	}
+
+	protected List<Session> getSessions() {
+		synchronized (SESSIONS_BY_CLASS) {
+			return new ArrayList<>(SESSIONS_BY_CLASS.get(this.getClass()));
+		}
+	}
+
+}

src/main/java/org/qortal/api/websocket/BlocksWebSocket.java

@@ -0,0 +1,141 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.WebSocketException;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.api.ApiError;
+import org.qortal.controller.Controller;
+import org.qortal.data.block.BlockData;
+import org.qortal.data.block.BlockSummaryData;
+import org.qortal.event.Event;
+import org.qortal.event.EventBus;
+import org.qortal.event.Listener;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.Base58;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class BlocksWebSocket extends ApiWebSocket implements Listener {
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(BlocksWebSocket.class);
+
+		EventBus.INSTANCE.addListener(this::listen);
+	}
+
+	@Override
+	public void listen(Event event) {
+		if (!(event instanceof Controller.NewBlockEvent))
+			return;
+
+		BlockData blockData = ((Controller.NewBlockEvent) event).getBlockData();
+		BlockSummaryData blockSummary = new BlockSummaryData(blockData);
+
+		for (Session session : getSessions())
+			sendBlockSummary(session, blockSummary);
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		super.onWebSocketConnect(session);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		super.onWebSocketClose(session, statusCode, reason);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* We ignore errors for now, but method here to silence log spam */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		// We're expecting either a base58 block signature or an integer block height
+		if (message.length() > 128) {
+			// Try base58 block signature
+			byte[] signature;
+
+			try {
+				signature = Base58.decode(message);
+			} catch (NumberFormatException e) {
+				sendError(session, ApiError.INVALID_SIGNATURE);
+				return;
+			}
+
+			try (final Repository repository = RepositoryManager.getRepository()) {
+				int height = repository.getBlockRepository().getHeightFromSignature(signature);
+				if (height == 0) {
+					sendError(session, ApiError.BLOCK_UNKNOWN);
+					return;
+				}
+
+				List<BlockSummaryData> blockSummaries = repository.getBlockRepository().getBlockSummaries(height, height);
+				if (blockSummaries == null || blockSummaries.isEmpty()) {
+					sendError(session, ApiError.BLOCK_UNKNOWN);
+					return;
+				}
+
+				sendBlockSummary(session, blockSummaries.get(0));
+			} catch (DataException e) {
+				sendError(session, ApiError.REPOSITORY_ISSUE);
+			}
+
+			return;
+		}
+
+		if (message.length() > 10)
+			// Bigger than max integer value, so probably a ping - silently ignore
+			return;
+
+		// Try integer
+		int height;
+
+		try {
+			height = Integer.parseInt(message);
+		} catch (NumberFormatException e) {
+			sendError(session, ApiError.INVALID_HEIGHT);
+			return;
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<BlockSummaryData> blockSummaries = repository.getBlockRepository().getBlockSummaries(height, height);
+			if (blockSummaries == null || blockSummaries.isEmpty()) {
+				sendError(session, ApiError.BLOCK_UNKNOWN);
+				return;
+			}
+
+			sendBlockSummary(session, blockSummaries.get(0));
+		} catch (DataException e) {
+			sendError(session, ApiError.REPOSITORY_ISSUE);
+		}
+	}
+
+	private void sendBlockSummary(Session session, BlockSummaryData blockSummary) {
+		StringWriter stringWriter = new StringWriter();
+
+		try {
+			marshall(stringWriter, blockSummary);
+
+			session.getRemote().sendStringByFuture(stringWriter.toString());
+		} catch (IOException | WebSocketException e) {
+			// No output this time
+		}
+	}
+
+}

src/main/java/org/qortal/api/websocket/ChatMessagesWebSocket.java

@@ -0,0 +1,159 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.WebSocketException;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.controller.ChatNotifier;
+import org.qortal.data.chat.ChatMessage;
+import org.qortal.data.transaction.ChatTransactionData;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class ChatMessagesWebSocket extends ApiWebSocket {
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(ChatMessagesWebSocket.class);
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
+
+		List<String> txGroupIds = queryParams.get("txGroupId");
+		if (txGroupIds != null && txGroupIds.size() == 1) {
+			int txGroupId = Integer.parseInt(txGroupIds.get(0));
+
+			try (final Repository repository = RepositoryManager.getRepository()) {
+				List<ChatMessage> chatMessages = repository.getChatRepository().getMessagesMatchingCriteria(
+						null,
+						null,
+						txGroupId,
+						null,
+						null, null, null);
+
+				sendMessages(session, chatMessages);
+			} catch (DataException e) {
+				// Not a good start
+				session.close(4001, "Couldn't fetch initial messages from repository");
+				return;
+			}
+
+			ChatNotifier.Listener listener = chatTransactionData -> onNotify(session, chatTransactionData, txGroupId);
+			ChatNotifier.getInstance().register(session, listener);
+
+			return;
+		}
+
+		List<String> involvingAddresses = queryParams.get("involving");
+		if (involvingAddresses == null || involvingAddresses.size() != 2) {
+			session.close(4001, "invalid criteria");
+			return;
+		}
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<ChatMessage> chatMessages = repository.getChatRepository().getMessagesMatchingCriteria(
+					null,
+					null,
+					null,
+					involvingAddresses,
+					null, null, null);
+
+			sendMessages(session, chatMessages);
+		} catch (DataException e) {
+			// Not a good start
+			session.close(4001, "Couldn't fetch initial messages from repository");
+			return;
+		}
+
+		ChatNotifier.Listener listener = chatTransactionData -> onNotify(session, chatTransactionData, involvingAddresses);
+		ChatNotifier.getInstance().register(session, listener);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		ChatNotifier.getInstance().deregister(session);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* ignored */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private void onNotify(Session session, ChatTransactionData chatTransactionData, int txGroupId) {
+		if (chatTransactionData == null)
+			// There has been a group-membership change, but we're not interested
+			return;
+
+		// We only want group-based messages with our txGroupId
+		if (chatTransactionData.getRecipient() != null || chatTransactionData.getTxGroupId() != txGroupId)
+			return;
+
+		sendChat(session, chatTransactionData);
+	}
+
+	private void onNotify(Session session, ChatTransactionData chatTransactionData, List<String> involvingAddresses) {
+		if (chatTransactionData == null)
+			return;
+
+		// We only want direct/non-group messages where sender/recipient match our addresses
+		String recipient = chatTransactionData.getRecipient();
+		if (recipient == null)
+			return;
+
+		List<String> transactionAddresses = Arrays.asList(recipient, chatTransactionData.getSender());
+
+		if (!transactionAddresses.containsAll(involvingAddresses))
+			return;
+
+		sendChat(session, chatTransactionData);
+	}
+
+	private void sendMessages(Session session, List<ChatMessage> chatMessages) {
+		StringWriter stringWriter = new StringWriter();
+
+		try {
+			marshall(stringWriter, chatMessages);
+
+			session.getRemote().sendStringByFuture(stringWriter.toString());
+		} catch (IOException | WebSocketException e) {
+			// No output this time?
+		}
+	}
+
+	private void sendChat(Session session, ChatTransactionData chatTransactionData) {
+		// Convert ChatTransactionData to ChatMessage
+		ChatMessage chatMessage;
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			chatMessage = repository.getChatRepository().toChatMessage(chatTransactionData);
+		} catch (DataException e) {
+			// No output this time?
+			return;
+		}
+
+		sendMessages(session, Collections.singletonList(chatMessage));
+	}
+
+}

src/main/java/org/qortal/api/websocket/PresenceWebSocket.java

@@ -0,0 +1,244 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Collections;
+import java.util.EnumMap;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.controller.Controller;
+import org.qortal.crypto.Crypto;
+import org.qortal.data.transaction.PresenceTransactionData;
+import org.qortal.data.transaction.TransactionData;
+import org.qortal.event.Event;
+import org.qortal.event.EventBus;
+import org.qortal.event.Listener;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.transaction.PresenceTransaction.PresenceType;
+import org.qortal.transaction.Transaction.TransactionType;
+import org.qortal.utils.Base58;
+import org.qortal.utils.NTP;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class PresenceWebSocket extends ApiWebSocket implements Listener {
+
+	@XmlAccessorType(XmlAccessType.FIELD)
+	@SuppressWarnings("unused")
+	private static class PresenceInfo {
+		private final PresenceType presenceType;
+		private final String publicKey;
+		private final long timestamp;
+		private final String address;
+
+		protected PresenceInfo() {
+			this.presenceType = null;
+			this.publicKey = null;
+			this.timestamp = 0L;
+			this.address = null;
+		}
+
+		public PresenceInfo(PresenceType presenceType, String pubKey58, long timestamp) {
+			this.presenceType = presenceType;
+			this.publicKey = pubKey58;
+			this.timestamp = timestamp;
+			this.address = Crypto.toAddress(Base58.decode(this.publicKey));
+		}
+
+		public PresenceType getPresenceType() {
+			return this.presenceType;
+		}
+
+		public String getPublicKey() {
+			return this.publicKey;
+		}
+
+		public long getTimestamp() {
+			return this.timestamp;
+		}
+
+		public String getAddress() {
+			return this.address;
+		}
+	}
+
+	/** Outer map key is PresenceType (enum), inner map key is public key in base58, inner map value is timestamp */
+	private static final Map<PresenceType, Map<String, Long>> currentEntries = Collections.synchronizedMap(new EnumMap<>(PresenceType.class));
+
+	/** (Optional) PresenceType used for filtering by that Session. */
+	private static final Map<Session, PresenceType> sessionPresenceTypes = Collections.synchronizedMap(new HashMap<>());
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(PresenceWebSocket.class);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			populateCurrentInfo(repository);
+		} catch (DataException e) {
+			// How to fail properly?
+			return;
+		}
+
+		EventBus.INSTANCE.addListener(this::listen);
+	}
+
+	@Override
+	public void listen(Event event) {
+		// We use NewBlockEvent as a proxy for 1-minute timer
+		if (!(event instanceof Controller.NewTransactionEvent) && !(event instanceof Controller.NewBlockEvent))
+			return;
+
+		removeOldEntries();
+
+		if (event instanceof Controller.NewBlockEvent)
+			// We only wanted a chance to cull old entries
+			return;
+
+		TransactionData transactionData = ((Controller.NewTransactionEvent) event).getTransactionData();
+
+		if (transactionData.getType() != TransactionType.PRESENCE)
+			return;
+
+		PresenceTransactionData presenceData = (PresenceTransactionData) transactionData;
+		PresenceType presenceType = presenceData.getPresenceType();
+
+		// Put/replace for this publickey making sure we keep newest timestamp
+		String pubKey58 = Base58.encode(presenceData.getCreatorPublicKey());
+		long ourTimestamp = presenceData.getTimestamp();
+		long computedTimestamp = mergePresence(presenceType, pubKey58, ourTimestamp);
+
+		if (computedTimestamp != ourTimestamp)
+			// nothing changed
+			return;
+
+		List<PresenceInfo> presenceInfo = Collections.singletonList(new PresenceInfo(presenceType, pubKey58, computedTimestamp));
+
+		// Notify sessions
+		for (Session session : getSessions()) {
+			PresenceType sessionPresenceType = sessionPresenceTypes.get(session);
+
+			if (sessionPresenceType == null || sessionPresenceType == presenceType)
+				sendPresenceInfo(session, presenceInfo);
+		}
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
+		List<String> presenceTypes = queryParams.get("presenceType");
+
+		// We only support ONE presenceType
+		String presenceTypeName = presenceTypes == null || presenceTypes.isEmpty() ? null : presenceTypes.get(0);
+
+		PresenceType presenceType = presenceTypeName == null ? null : PresenceType.fromString(presenceTypeName);
+
+		// Make sure that if caller does give a presenceType, that it is a valid/known one.
+		if (presenceTypeName != null && presenceType == null) {
+			session.close(4003, "unknown presenceType: " + presenceTypeName);
+			return;
+		}
+
+		// Save session's requested PresenceType, if given
+		if (presenceType != null)
+			sessionPresenceTypes.put(session, presenceType);
+
+		List<PresenceInfo> presenceInfo;
+
+		synchronized (currentEntries) {
+			presenceInfo = currentEntries.entrySet().stream()
+					.filter(entry -> presenceType == null ? true : entry.getKey() == presenceType)
+					.flatMap(entry -> entry.getValue().entrySet().stream().map(innerEntry -> new PresenceInfo(entry.getKey(), innerEntry.getKey(), innerEntry.getValue())))
+					.collect(Collectors.toList());
+		}
+
+		if (!sendPresenceInfo(session, presenceInfo)) {
+			session.close(4002, "websocket issue");
+			return;
+		}
+
+		super.onWebSocketConnect(session);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		// clean up
+		sessionPresenceTypes.remove(session);
+
+		super.onWebSocketClose(session, statusCode, reason);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* ignored */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private boolean sendPresenceInfo(Session session, List<PresenceInfo> presenceInfo) {
+		try {
+			StringWriter stringWriter = new StringWriter();
+			marshall(stringWriter, presenceInfo);
+
+			String output = stringWriter.toString();
+			session.getRemote().sendStringByFuture(output);
+		} catch (IOException e) {
+			// No output this time?
+			return false;
+		}
+
+		return true;
+	}
+
+	private static void populateCurrentInfo(Repository repository) throws DataException {
+		// We want ALL PRESENCE transactions
+
+		List<TransactionData> presenceTransactionsData = repository.getTransactionRepository().getUnconfirmedTransactions(TransactionType.PRESENCE, null);
+
+		for (TransactionData transactionData : presenceTransactionsData) {
+			PresenceTransactionData presenceData = (PresenceTransactionData) transactionData;
+
+			PresenceType presenceType = presenceData.getPresenceType();
+
+			// Put/replace for this publickey making sure we keep newest timestamp
+			String pubKey58 = Base58.encode(presenceData.getCreatorPublicKey());
+			long ourTimestamp = presenceData.getTimestamp();
+
+			mergePresence(presenceType, pubKey58, ourTimestamp);
+		}
+	}
+
+	private static long mergePresence(PresenceType presenceType, String pubKey58, long ourTimestamp) {
+		Map<String, Long> typedPubkeyTimestamps = currentEntries.computeIfAbsent(presenceType, someType -> Collections.synchronizedMap(new HashMap<>()));
+		return typedPubkeyTimestamps.compute(pubKey58, (somePubKey58, currentTimestamp) -> (currentTimestamp == null || currentTimestamp < ourTimestamp) ? ourTimestamp : currentTimestamp);
+	}
+
+	private static void removeOldEntries() {
+		long now = NTP.getTime();
+
+		currentEntries.entrySet().forEach(entry -> {
+			long expiryThreshold = now - entry.getKey().getLifetime();
+			entry.getValue().entrySet().removeIf(pubkeyTimestamp -> pubkeyTimestamp.getValue() < expiryThreshold);
+		});
+	}
+
+}

src/main/java/org/qortal/api/websocket/TradeBotWebSocket.java

@@ -0,0 +1,157 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.controller.tradebot.TradeBot;
+import org.qortal.crosschain.SupportedBlockchain;
+import org.qortal.data.crosschain.TradeBotData;
+import org.qortal.event.Event;
+import org.qortal.event.EventBus;
+import org.qortal.event.Listener;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.Base58;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class TradeBotWebSocket extends ApiWebSocket implements Listener {
+
+	/** Cache of trade-bot entry states, keyed by trade-bot entry's "trade private key" (base58) */
+	private static final Map<String, Integer> PREVIOUS_STATES = new HashMap<>();
+
+	private static final Map<Session, String> sessionBlockchain = Collections.synchronizedMap(new HashMap<>());
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(TradeBotWebSocket.class);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> tradeBotEntries = repository.getCrossChainRepository().getAllTradeBotData();
+			if (tradeBotEntries == null)
+				// How do we properly fail here?
+				return;
+
+			PREVIOUS_STATES.putAll(tradeBotEntries.stream().collect(Collectors.toMap(entry -> Base58.encode(entry.getTradePrivateKey()), TradeBotData::getStateValue)));
+		} catch (DataException e) {
+			// No output this time
+		}
+
+		EventBus.INSTANCE.addListener(this::listen);
+	}
+
+	@Override
+	public void listen(Event event) {
+		if (!(event instanceof TradeBot.StateChangeEvent))
+			return;
+
+		TradeBotData tradeBotData = ((TradeBot.StateChangeEvent) event).getTradeBotData();
+		String tradePrivateKey58 = Base58.encode(tradeBotData.getTradePrivateKey());
+
+		synchronized (PREVIOUS_STATES) {
+			Integer previousStateValue = PREVIOUS_STATES.get(tradePrivateKey58);
+			if (previousStateValue != null && previousStateValue == tradeBotData.getStateValue())
+				// Not changed
+				return;
+
+			PREVIOUS_STATES.put(tradePrivateKey58, tradeBotData.getStateValue());
+		}
+
+		List<TradeBotData> tradeBotEntries = Collections.singletonList(tradeBotData);
+
+		for (Session session : getSessions()) {
+			// Only send if this session has this/no preferred blockchain
+			String preferredBlockchain = sessionBlockchain.get(session);
+
+			if (preferredBlockchain == null || preferredBlockchain.equals(tradeBotData.getForeignBlockchain()))
+				sendEntries(session, tradeBotEntries);
+		}
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
+
+		List<String> foreignBlockchains = queryParams.get("foreignBlockchain");
+		final String foreignBlockchain = foreignBlockchains == null ? null : foreignBlockchains.get(0);
+
+		// Make sure blockchain (if any) is valid
+		if (foreignBlockchain != null && SupportedBlockchain.fromString(foreignBlockchain) == null) {
+			session.close(4003, "unknown blockchain: " + foreignBlockchain);
+			return;
+		}
+
+		// save session's preferred blockchain (if any)
+		sessionBlockchain.put(session, foreignBlockchain);
+
+		// Send all known trade-bot entries
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			List<TradeBotData> tradeBotEntries = repository.getCrossChainRepository().getAllTradeBotData();
+
+			// Optional filtering
+			if (foreignBlockchain != null)
+				tradeBotEntries = tradeBotEntries.stream()
+						.filter(tradeBotData -> tradeBotData.getForeignBlockchain().equals(foreignBlockchain))
+						.collect(Collectors.toList());
+
+			if (!sendEntries(session, tradeBotEntries)) {
+				session.close(4002, "websocket issue");
+				return;
+			}
+		} catch (DataException e) {
+			session.close(4001, "repository issue fetching trade-bot entries");
+			return;
+		}
+
+		super.onWebSocketConnect(session);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		// clean up
+		sessionBlockchain.remove(session);
+
+		super.onWebSocketClose(session, statusCode, reason);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* ignored */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private boolean sendEntries(Session session, List<TradeBotData> tradeBotEntries) {
+		try {
+			StringWriter stringWriter = new StringWriter();
+			marshall(stringWriter, tradeBotEntries);
+
+			String output = stringWriter.toString();
+			session.getRemote().sendStringByFuture(output);
+		} catch (IOException e) {
+			// No output this time?
+			return false;
+		}
+
+		return true;
+	}
+
+}

src/main/java/org/qortal/api/websocket/TradeOffersWebSocket.java

@@ -0,0 +1,351 @@
+package org.qortal.api.websocket;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Predicate;
+import java.util.function.Supplier;
+import java.util.stream.Collectors;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketConnect;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketError;
+import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
+import org.eclipse.jetty.websocket.api.annotations.WebSocket;
+import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.qortal.api.model.CrossChainOfferSummary;
+import org.qortal.controller.Controller;
+import org.qortal.crosschain.SupportedBlockchain;
+import org.qortal.crosschain.ACCT;
+import org.qortal.crosschain.AcctMode;
+import org.qortal.data.at.ATStateData;
+import org.qortal.data.block.BlockData;
+import org.qortal.data.crosschain.CrossChainTradeData;
+import org.qortal.event.Event;
+import org.qortal.event.EventBus;
+import org.qortal.event.Listener;
+import org.qortal.repository.DataException;
+import org.qortal.repository.Repository;
+import org.qortal.repository.RepositoryManager;
+import org.qortal.utils.ByteArray;
+import org.qortal.utils.NTP;
+
+@WebSocket
+@SuppressWarnings("serial")
+public class TradeOffersWebSocket extends ApiWebSocket implements Listener {
+
+	private static final Logger LOGGER = LogManager.getLogger(TradeOffersWebSocket.class);
+
+	private static class CachedOfferInfo {
+		public final Map<String, AcctMode> previousAtModes = new HashMap<>();
+
+		// OFFERING
+		public final Map<String, CrossChainOfferSummary> currentSummaries = new HashMap<>();
+		// REDEEMED/REFUNDED/CANCELLED
+		public final Map<String, CrossChainOfferSummary> historicSummaries = new HashMap<>();
+	}
+	// Manual synchronization
+	private static final Map<String, CachedOfferInfo> cachedInfoByBlockchain = new HashMap<>();
+
+	private static final Predicate<CrossChainOfferSummary> isHistoric = offerSummary
+			-> offerSummary.getMode() == AcctMode.REDEEMED
+			|| offerSummary.getMode() == AcctMode.REFUNDED
+			|| offerSummary.getMode() == AcctMode.CANCELLED;
+
+	private static final Map<Session, String> sessionBlockchain = Collections.synchronizedMap(new HashMap<>());
+
+	@Override
+	public void configure(WebSocketServletFactory factory) {
+		factory.register(TradeOffersWebSocket.class);
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			populateCurrentSummaries(repository);
+
+			populateHistoricSummaries(repository);
+		} catch (DataException e) {
+			// How to fail properly?
+			return;
+		}
+
+		EventBus.INSTANCE.addListener(this::listen);
+	}
+
+	@Override
+	public void listen(Event event) {
+		if (!(event instanceof Controller.NewBlockEvent))
+			return;
+
+		BlockData blockData = ((Controller.NewBlockEvent) event).getBlockData();
+
+		// Process any new info
+
+		try (final Repository repository = RepositoryManager.getRepository()) {
+			// Find any new/changed trade ATs since this block
+			final Boolean isFinished = null;
+			final Integer dataByteOffset = null;
+			final Long expectedValue = null;
+			final Integer minimumFinalHeight = blockData.getHeight();
+
+			for (SupportedBlockchain blockchain : SupportedBlockchain.values()) {
+				Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(blockchain);
+
+				List<CrossChainOfferSummary> crossChainOfferSummaries = new ArrayList<>();
+
+				synchronized (cachedInfoByBlockchain) {
+					CachedOfferInfo cachedInfo = cachedInfoByBlockchain.computeIfAbsent(blockchain.name(), k -> new CachedOfferInfo());
+
+					for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+						byte[] codeHash = acctInfo.getKey().value;
+						ACCT acct = acctInfo.getValue().get();
+
+						List<ATStateData> atStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+								isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
+								null, null, null);
+
+						crossChainOfferSummaries.addAll(produceSummaries(repository, acct, atStates, blockData.getTimestamp()));
+					}
+
+					// Remove any entries unchanged from last time
+					crossChainOfferSummaries.removeIf(offerSummary -> cachedInfo.previousAtModes.get(offerSummary.getQortalAtAddress()) == offerSummary.getMode());
+
+					// Skip to next blockchain if nothing has changed (for this blockchain)
+					if (crossChainOfferSummaries.isEmpty())
+						continue;
+
+					// Update
+					for (CrossChainOfferSummary offerSummary : crossChainOfferSummaries) {
+						String offerAtAddress = offerSummary.getQortalAtAddress();
+
+						cachedInfo.previousAtModes.put(offerAtAddress, offerSummary.getMode());
+						LOGGER.trace(() -> String.format("Block height: %d, AT: %s, mode: %s", blockData.getHeight(), offerAtAddress, offerSummary.getMode().name()));
+
+						switch (offerSummary.getMode()) {
+							case OFFERING:
+								cachedInfo.currentSummaries.put(offerAtAddress, offerSummary);
+								cachedInfo.historicSummaries.remove(offerAtAddress);
+								break;
+
+							case REDEEMED:
+							case REFUNDED:
+							case CANCELLED:
+								cachedInfo.currentSummaries.remove(offerAtAddress);
+								cachedInfo.historicSummaries.put(offerAtAddress, offerSummary);
+								break;
+
+							case TRADING:
+								cachedInfo.currentSummaries.remove(offerAtAddress);
+								cachedInfo.historicSummaries.remove(offerAtAddress);
+								break;
+						}
+					}
+
+					// Remove any historic offers that are over 24 hours old
+					final long tooOldTimestamp = NTP.getTime() - 24 * 60 * 60 * 1000L;
+					cachedInfo.historicSummaries.values().removeIf(historicSummary -> historicSummary.getTimestamp() < tooOldTimestamp);
+				}
+
+				// Notify sessions
+				for (Session session : getSessions()) {
+					// Only send if this session has this/no preferred blockchain
+					String preferredBlockchain = sessionBlockchain.get(session);
+
+					if (preferredBlockchain == null || preferredBlockchain.equals(blockchain.name()))
+						sendOfferSummaries(session, crossChainOfferSummaries);
+				}
+
+			}
+		} catch (DataException e) {
+			// No output this time
+		}
+	}
+
+	@OnWebSocketConnect
+	@Override
+	public void onWebSocketConnect(Session session) {
+		Map<String, List<String>> queryParams = session.getUpgradeRequest().getParameterMap();
+		final boolean includeHistoric = queryParams.get("includeHistoric") != null;
+
+		List<String> foreignBlockchains = queryParams.get("foreignBlockchain");
+		final String foreignBlockchain = foreignBlockchains == null ? null : foreignBlockchains.get(0);
+
+		// Make sure blockchain (if any) is valid
+		if (foreignBlockchain != null && SupportedBlockchain.fromString(foreignBlockchain) == null) {
+			session.close(4003, "unknown blockchain: " + foreignBlockchain);
+			return;
+		}
+
+		// Save session's preferred blockchain, if given
+		if (foreignBlockchain != null)
+			sessionBlockchain.put(session, foreignBlockchain);
+
+		List<CrossChainOfferSummary> crossChainOfferSummaries = new ArrayList<>();
+
+		synchronized (cachedInfoByBlockchain) {
+			Collection<CachedOfferInfo> cachedInfos;
+
+			if (foreignBlockchain == null)
+				// No preferred blockchain, so iterate through all of them
+				cachedInfos = cachedInfoByBlockchain.values();
+			else
+				cachedInfos = Collections.singleton(cachedInfoByBlockchain.computeIfAbsent(foreignBlockchain, k -> new CachedOfferInfo()));
+
+			for (CachedOfferInfo cachedInfo : cachedInfos) {
+				crossChainOfferSummaries.addAll(cachedInfo.currentSummaries.values());
+
+				if (includeHistoric)
+					crossChainOfferSummaries.addAll(cachedInfo.historicSummaries.values());
+			}
+		}
+
+		if (!sendOfferSummaries(session, crossChainOfferSummaries)) {
+			session.close(4002, "websocket issue");
+			return;
+		}
+
+		super.onWebSocketConnect(session);
+	}
+
+	@OnWebSocketClose
+	@Override
+	public void onWebSocketClose(Session session, int statusCode, String reason) {
+		// clean up
+		sessionBlockchain.remove(session);
+
+		super.onWebSocketClose(session, statusCode, reason);
+	}
+
+	@OnWebSocketError
+	public void onWebSocketError(Session session, Throwable throwable) {
+		/* ignored */
+	}
+
+	@OnWebSocketMessage
+	public void onWebSocketMessage(Session session, String message) {
+		/* ignored */
+	}
+
+	private boolean sendOfferSummaries(Session session, List<CrossChainOfferSummary> crossChainOfferSummaries) {
+		try {
+			StringWriter stringWriter = new StringWriter();
+			marshall(stringWriter, crossChainOfferSummaries);
+
+			String output = stringWriter.toString();
+			session.getRemote().sendStringByFuture(output);
+		} catch (IOException e) {
+			// No output this time?
+			return false;
+		}
+
+		return true;
+	}
+
+	private static void populateCurrentSummaries(Repository repository) throws DataException {
+		// We want ALL OFFERING trades
+		Boolean isFinished = Boolean.FALSE;
+		Long expectedValue = (long) AcctMode.OFFERING.value;
+		Integer minimumFinalHeight = null;
+
+		for (SupportedBlockchain blockchain : SupportedBlockchain.values()) {
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(blockchain);
+
+			CachedOfferInfo cachedInfo = cachedInfoByBlockchain.computeIfAbsent(blockchain.name(), k -> new CachedOfferInfo());
+
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
+
+				Integer dataByteOffset = acct.getModeByteOffset();
+				List<ATStateData> initialAtStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+					isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
+					null, null, null);
+
+				if (initialAtStates == null)
+					throw new DataException("Couldn't fetch current trades from repository");
+
+				// Save initial AT modes
+				cachedInfo.previousAtModes.putAll(initialAtStates.stream().collect(Collectors.toMap(ATStateData::getATAddress, atState -> AcctMode.OFFERING)));
+
+				// Convert to offer summaries
+				cachedInfo.currentSummaries.putAll(produceSummaries(repository, acct, initialAtStates, null).stream()
+										.collect(Collectors.toMap(CrossChainOfferSummary::getQortalAtAddress, offerSummary -> offerSummary)));
+			}
+		}
+	}
+
+	private static void populateHistoricSummaries(Repository repository) throws DataException {
+		// We want REDEEMED/REFUNDED/CANCELLED trades over the last 24 hours
+		long timestamp = System.currentTimeMillis() - 24 * 60 * 60 * 1000L;
+		int minimumFinalHeight = repository.getBlockRepository().getHeightFromTimestamp(timestamp);
+
+		if (minimumFinalHeight == 0)
+			throw new DataException("Couldn't fetch block timestamp from repository");
+
+		Boolean isFinished = Boolean.TRUE;
+		Integer dataByteOffset = null;
+		Long expectedValue = null;
+		++minimumFinalHeight; // because height is just *before* timestamp
+
+		for (SupportedBlockchain blockchain : SupportedBlockchain.values()) {
+			Map<ByteArray, Supplier<ACCT>> acctsByCodeHash = SupportedBlockchain.getFilteredAcctMap(blockchain);
+
+			CachedOfferInfo cachedInfo = cachedInfoByBlockchain.computeIfAbsent(blockchain.name(), k -> new CachedOfferInfo());
+
+			for (Map.Entry<ByteArray, Supplier<ACCT>> acctInfo : acctsByCodeHash.entrySet()) {
+				byte[] codeHash = acctInfo.getKey().value;
+				ACCT acct = acctInfo.getValue().get();
+
+				List<ATStateData> historicAtStates = repository.getATRepository().getMatchingFinalATStates(codeHash,
+					isFinished, dataByteOffset, expectedValue, minimumFinalHeight,
+					null, null, null);
+
+				if (historicAtStates == null)
+					throw new DataException("Couldn't fetch historic trades from repository");
+
+				for (ATStateData historicAtState : historicAtStates) {
+					CrossChainOfferSummary historicOfferSummary = produceSummary(repository, acct, historicAtState, null);
+
+					if (!isHistoric.test(historicOfferSummary))
+						continue;
+
+					// Add summary to initial burst
+					cachedInfo.historicSummaries.put(historicOfferSummary.getQortalAtAddress(), historicOfferSummary);
+
+					// Save initial AT mode
+					cachedInfo.previousAtModes.put(historicOfferSummary.getQortalAtAddress(), historicOfferSummary.getMode());
+				}
+			}
+		}
+	}
+
+	private static CrossChainOfferSummary produceSummary(Repository repository, ACCT acct, ATStateData atState, Long timestamp) throws DataException {
+		CrossChainTradeData crossChainTradeData = acct.populateTradeData(repository, atState);
+
+		long atStateTimestamp;
+
+		if (crossChainTradeData.mode == AcctMode.OFFERING)
+			// We want when trade was created, not when it was last updated
+			atStateTimestamp = crossChainTradeData.creationTimestamp;
+		else
+			atStateTimestamp = timestamp != null ? timestamp : repository.getBlockRepository().getTimestampFromHeight(atState.getHeight());
+
+		return new CrossChainOfferSummary(crossChainTradeData, atStateTimestamp);
+	}
+
+	private static List<CrossChainOfferSummary> produceSummaries(Repository repository, ACCT acct, List<ATStateData> atStates, Long timestamp) throws DataException {
+		List<CrossChainOfferSummary> offerSummaries = new ArrayList<>();
+
+		for (ATStateData atState : atStates)
+			offerSummaries.add(produceSummary(repository, acct, atState, timestamp));
+
+		return offerSummaries;
+	}
+
+}

src/main/java/org/qortal/asset/Asset.java

@@ -1,11 +1,13 @@
 package org.qortal.asset;
 
+import org.qortal.crypto.Crypto;
 import org.qortal.data.asset.AssetData;
 import org.qortal.data.transaction.IssueAssetTransactionData;
 import org.qortal.data.transaction.TransactionData;
 import org.qortal.data.transaction.UpdateAssetTransactionData;
 import org.qortal.repository.DataException;
 import org.qortal.repository.Repository;
+import org.qortal.utils.Amounts;
 
 public class Asset {
 
@@ -21,12 +23,12 @@ public class Asset {
 
 	// Other useful constants
 
-	public static final int MAX_NAME_SIZE = 400;
+	public static final int MIN_NAME_SIZE = 3;
+	public static final int MAX_NAME_SIZE = 40;
 	public static final int MAX_DESCRIPTION_SIZE = 4000;
 	public static final int MAX_DATA_SIZE = 400000;
 
-	public static final long MAX_DIVISIBLE_QUANTITY = 10_000_000_000L; // but also to 8 decimal places
-	public static final long MAX_INDIVISIBLE_QUANTITY = 1_000_000_000_000_000_000L;
+	public static final long MAX_QUANTITY = 10_000_000_000L * Amounts.MULTIPLIER; // but also to 8 decimal places
 
 	// Properties
 	private Repository repository;
@@ -42,12 +44,14 @@ public class Asset {
 	public Asset(Repository repository, IssueAssetTransactionData issueAssetTransactionData) {
 		this.repository = repository;
 
+		String ownerAddress = Crypto.toAddress(issueAssetTransactionData.getCreatorPublicKey());
+
 		// NOTE: transaction's reference is used to look up newly assigned assetID on creation!
-		this.assetData = new AssetData(issueAssetTransactionData.getOwner(), issueAssetTransactionData.getAssetName(),
+		this.assetData = new AssetData(ownerAddress, issueAssetTransactionData.getAssetName(),
 				issueAssetTransactionData.getDescription(), issueAssetTransactionData.getQuantity(),
-				issueAssetTransactionData.getIsDivisible(), issueAssetTransactionData.getData(),
-				issueAssetTransactionData.getIsUnspendable(),
-				issueAssetTransactionData.getTxGroupId(), issueAssetTransactionData.getSignature());
+				issueAssetTransactionData.isDivisible(), issueAssetTransactionData.getData(),
+				issueAssetTransactionData.isUnspendable(), issueAssetTransactionData.getTxGroupId(),
+				issueAssetTransactionData.getSignature(), issueAssetTransactionData.getReducedAssetName());
 	}
 
 	public Asset(Repository repository, long assetId) throws DataException {
@@ -118,10 +122,11 @@ public class Asset {
 				throw new IllegalStateException("Missing referenced transaction when orphaning UPDATE_ASSET");
 
 			switch (previousTransactionData.getType()) {
-				case ISSUE_ASSET:
+				case ISSUE_ASSET: {
 					IssueAssetTransactionData previousIssueAssetTransactionData = (IssueAssetTransactionData) previousTransactionData;
 
-					this.assetData.setOwner(previousIssueAssetTransactionData.getOwner());
+					String ownerAddress = Crypto.toAddress(previousIssueAssetTransactionData.getCreatorPublicKey());
+					this.assetData.setOwner(ownerAddress);
 
 					if (needDescription) {
 						this.assetData.setDescription(previousIssueAssetTransactionData.getDescription());
@@ -133,8 +138,9 @@ public class Asset {
 						needData = false;
 					}
 					break;
+				}
 
-				case UPDATE_ASSET:
+				case UPDATE_ASSET: {
 					UpdateAssetTransactionData previousUpdateAssetTransactionData = (UpdateAssetTransactionData) previousTransactionData;
 
 					this.assetData.setOwner(previousUpdateAssetTransactionData.getNewOwner());
@@ -152,7 +158,9 @@ public class Asset {
 					// Get signature for previous transaction in chain, just in case we need it
 					if (needDescription || needData)
 						previousTransactionSignature = previousUpdateAssetTransactionData.getOrphanReference();
+
 					break;
+				}
 
 				default:
 					throw new IllegalStateException("Invalid referenced transaction when orphaning UPDATE_ASSET");