Frequently Asked Questions

General

What is Rebel Pay?

Rebel Pay is a privacy-focused payment processor that allows merchants to accept Monero (XMR) payments. We provide a simple API for creating charges and handling payments.

Why Monero?

Monero is the leading privacy-focused cryptocurrency. Unlike Bitcoin, Monero transactions are private by default - amounts, sender, and receiver are all hidden using ring signatures, stealth addresses, and RingCT.

Why no JavaScript?

JavaScript can be used for tracking, fingerprinting, and malicious attacks. Our no-JS version works in Tor Browser "Safest" mode, providing maximum privacy and security. The script-src 'none' CSP header proves no JavaScript can run.

Payments

How long does payment confirmation take?

Monero has 2-minute block times. You can configure your minimum confirmations (3, 5, or 10). At the default of 10 confirmations, payments typically confirm in about 20 minutes. Lowering to 3 confirmations brings that to ~6 minutes.

What happens if a charge expires?

Charges expire after 60 minutes by default. If the customer sends payment after expiration, the funds will still arrive at the subaddress. Contact support to reconcile expired payments.

How is the XMR amount calculated?

We fetch the current XMR/USD rate from Kraken at the moment of charge creation. The XMR amount is locked for the duration of the charge.

What if the customer sends the wrong amount?

The payment will still be detected and confirmed if it's sent to the correct address. Your webhook will include the actual amount received. Handle partial or over-payments in your application logic.

Fees

How much does Rebel Pay cost?

Free. No transaction fees. Rebel Pay is self-hosted, so you keep 100% of your payments. Self-hosted operators can optionally configure a fee for their users if desired.

Who pays the network fee?

The customer pays the Monero network fee (typically under $0.01).

Security

How do you secure my data?

All sensitive data (emails, API keys, addresses) is encrypted at rest using AES-256-GCM. We use SQLCipher for database encryption. Passwords are hashed with bcrypt (cost factor 12).

Do you store private keys?

We run our own Monero wallet for receiving payments. Funds are forwarded to your payout address automatically. We never have access to your personal wallet.

Is Rebel Pay open source?

The no-JS frontend is designed to be auditable. View source on any page to verify no JavaScript runs. The API is not currently open source.

Technical

What currencies do you support?

Charges can be denominated in USD or EUR. The amount is automatically converted to XMR at current market rates.

Can I use Rebel Pay on Tor?

Yes! Rebel Pay is designed for Tor. Access via our .onion address for maximum privacy. All features work in Tor Browser "Safest" mode.

What about the swap feature?

The swap feature lets you convert XMR to stablecoins (USDT, USDC) through our multi-provider aggregator for the best available rates. This is useful for merchants who want to avoid XMR price volatility. See Auto-Convert for automatic conversion on payment confirmation.

Do you support webhooks?

Yes. Configure webhook endpoints to receive notifications when payments confirm or expire. See the Webhooks documentation.

Account

How do I reset my password?

Currently, password reset is only available when logged in via Settings > Security. If you've lost access, contact support.

Can I delete my account?

Contact support to request account deletion. We'll remove all your data after any pending charges are resolved.

How do I regenerate my API key?

Go to Settings > API Keys and click "Regenerate". Your old key will immediately stop working. Update your integrations with the new key.