bump

DerivationSchemeParser should not override a label
Do not crash if derivation strategy is empty
2018-11-17 01:21:56 +09:00 · 2018-11-17 01:21:34 +09:00 · 2018-11-17 01:09:28 +09:00 · 2018-11-17 00:23:51 +09:00 · 2018-11-17 00:22:18 +09:00 · 2018-11-17 00:16:31 +09:00
384 changed files with 29336 additions and 6151 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -0,0 +1,30 @@
+version: 2
+jobs:
+  build:
+    machine: 
+      docker_layer_caching: true
+    steps: 
+      - checkout
+  test:
+    machine: true
+    steps:
+      - checkout
+      - run:
+          command: |
+            lsb_release -a
+            wget -q https://packages.microsoft.com/config/ubuntu/14.04/packages-microsoft-prod.deb
+            sudo dpkg -i packages-microsoft-prod.deb
+            sudo apt-get install apt-transport-https
+            sudo apt-get update
+            sudo apt-get install dotnet-sdk-2.1
+            dotnet --info
+            dotnet build /p:TreatWarningsAsErrors=true
+            cd BTCPayServer.Tests
+            dotnet test --filter Fast=Fast
+            docker-compose up -d dev
+            dotnet test --filter Integration=Integration
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - test
--- a/BTCPayServer.Tests/BTCPayServer.Tests.csproj
+++ b/BTCPayServer.Tests/BTCPayServer.Tests.csproj
@ -1,20 +1,21 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netcoreapp2.1</TargetFramework>

    <IsPackable>false</IsPackable>
    <NoWarn>NU1701,CA1816,CA1308,CA1810,CA2208</NoWarn>
+    <LangVersion>7.2</LangVersion>
+    <UserSecretsId>AB0AC1DD-9D26-485B-9416-56A33F268117</UserSecretsId>
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.7.0" />
-    <PackageReference Include="xunit" Version="2.3.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.3.1" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\BTCPayServer\BTCPayServer.csproj" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.9.0" />
+    <PackageReference Include="xunit" Version="2.4.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
  </ItemGroup>

  <ItemGroup>
@ -24,6 +25,12 @@
    <None Update="docker-compose.yml">
      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
    </None>
+    <None Update="xunit.runner.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
  </ItemGroup>

+  <ItemGroup>
+    <ProjectReference Include="..\BTCPayServer\BTCPayServer.csproj" />
+  </ItemGroup>
 </Project>
--- a/BTCPayServer.Tests/BTCPayServerTester.cs
+++ b/BTCPayServer.Tests/BTCPayServerTester.cs
@ -1,9 +1,14 @@
 using BTCPayServer.Configuration;
+using System.Linq;
+using BTCPayServer.HostedServices;
 using BTCPayServer.Hosting;
 using BTCPayServer.Payments;
 using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Rating;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
 using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
 using BTCPayServer.Tests.Logging;
 using BTCPayServer.Tests.Mocks;
 using Microsoft.AspNetCore.Hosting;
@ -32,6 +37,12 @@ using Xunit;

 namespace BTCPayServer.Tests
 {
+    public enum TestDatabases
+    {
+        Postgres,
+        MySQL,
+    }
+
    public class BTCPayServerTester : IDisposable
    {
        private string _Directory;
@ -54,6 +65,11 @@ namespace BTCPayServer.Tests
            set;
        }

+        public string MySQL
+        {
+            get; set;
+        }
+
        public string Postgres
        {
            get; set;
@ -65,6 +81,10 @@ namespace BTCPayServer.Tests
            get; set;
        }

+        public TestDatabases TestDatabase
+        {
+            get; set;
+        }

        public bool MockRates { get; set; } = true;

@ -91,7 +111,9 @@ namespace BTCPayServer.Tests

            config.AppendLine($"btc.lightning={IntegratedLightning.AbsoluteUri}");

-            if (Postgres != null)
+            if (TestDatabase == TestDatabases.MySQL && !String.IsNullOrEmpty(MySQL))
+                config.AppendLine($"mysql=" + MySQL);
+            else if (!String.IsNullOrEmpty(Postgres))
                config.AppendLine($"postgres=" + Postgres);
            var confPath = Path.Combine(chainDirectory, "settings.config");
            File.WriteAllText(confPath, config.ToString());
@ -104,15 +126,6 @@ namespace BTCPayServer.Tests
                    .UseConfiguration(conf)
                    .ConfigureServices(s =>
                    {
-                        if (MockRates)
-                        {
-                            var mockRates = new MockRateProviderFactory();
-                            var btc = new MockRateProvider("BTC", new Rate("USD", 5000m), new Rate("CAD", 4500m));
-                            var ltc = new MockRateProvider("LTC", new Rate("USD", 500m));
-                            mockRates.AddMock(btc);
-                            mockRates.AddMock(ltc);
-                            s.AddSingleton<IRateProviderFactory>(mockRates);
-                        }
                        s.AddLogging(l =>
                        {
                            l.SetMinimumLevel(LogLevel.Information)
@ -126,6 +139,72 @@ namespace BTCPayServer.Tests
                    .Build();
            _Host.Start();
            InvoiceRepository = (InvoiceRepository)_Host.Services.GetService(typeof(InvoiceRepository));
+            StoreRepository = (StoreRepository)_Host.Services.GetService(typeof(StoreRepository));
+            var dashBoard = (NBXplorerDashboard)_Host.Services.GetService(typeof(NBXplorerDashboard));
+            while(!dashBoard.IsFullySynched())
+            {
+                Thread.Sleep(10);
+            }
+
+            if (MockRates)
+            {
+                var rateProvider = (RateProviderFactory)_Host.Services.GetService(typeof(RateProviderFactory));
+                rateProvider.Providers.Clear();
+
+                var coinAverageMock = new MockRateProvider();
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("BTC_USD"),
+                    BidAsk = new BidAsk(5000m)
+                });
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("BTC_CAD"),
+                    BidAsk = new BidAsk(4500m)
+                });
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("LTC_BTC"),
+                    BidAsk = new BidAsk(0.001m)
+                });
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("LTC_USD"),
+                    BidAsk = new BidAsk(500m)
+                });
+                rateProvider.Providers.Add("coinaverage", coinAverageMock);
+
+                var bitflyerMock = new MockRateProvider();
+                bitflyerMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "bitflyer",
+                    CurrencyPair = CurrencyPair.Parse("BTC_JPY"),
+                    BidAsk = new BidAsk(700000m)
+                });
+                rateProvider.Providers.Add("bitflyer", bitflyerMock);
+
+                var quadrigacx = new MockRateProvider();
+                quadrigacx.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "quadrigacx",
+                    CurrencyPair = CurrencyPair.Parse("BTC_CAD"),
+                    BidAsk = new BidAsk(6000m)
+                });
+                rateProvider.Providers.Add("quadrigacx", quadrigacx);
+
+                var bittrex = new MockRateProvider();
+                bittrex.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "bittrex",
+                    CurrencyPair = CurrencyPair.Parse("DOGE_BTC"),
+                    BidAsk = new BidAsk(0.004m)
+                });
+                rateProvider.Providers.Add("bittrex", bittrex);
+            }
        }

        public string HostName
@ -134,6 +213,7 @@ namespace BTCPayServer.Tests
            internal set;
        }
        public InvoiceRepository InvoiceRepository { get; private set; }
+        public StoreRepository StoreRepository { get; private set; }
        public Uri IntegratedLightning { get; internal set; }
        public bool InContainer { get; internal set; }

@ -142,15 +222,23 @@ namespace BTCPayServer.Tests
            return _Host.Services.GetRequiredService<T>();
        }

-        public T GetController<T>(string userId = null) where T : Controller
+        public T GetController<T>(string userId = null, string storeId = null, Claim[] additionalClaims = null) where T : Controller
        {
            var context = new DefaultHttpContext();
-            context.Request.Host = new HostString("127.0.0.1");
+            context.Request.Host = new HostString("127.0.0.1", Port);
            context.Request.Scheme = "http";
            context.Request.Protocol = "http";
            if (userId != null)
            {
-                context.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, userId) }));
+                List<Claim> claims = new List<Claim>();
+                claims.Add(new Claim(ClaimTypes.NameIdentifier, userId));
+                if (additionalClaims != null)
+                    claims.AddRange(additionalClaims);
+                context.User = new ClaimsPrincipal(new ClaimsIdentity(claims.ToArray(), Policies.CookieAuthentication));
+            }
+            if (storeId != null)
+            {
+                context.SetStoreData(GetService<StoreRepository>().FindStore(storeId, userId).GetAwaiter().GetResult());
            }
            var scope = (IServiceScopeFactory)_Host.Services.GetService(typeof(IServiceScopeFactory));
            var provider = scope.CreateScope().ServiceProvider;
--- a/BTCPayServer.Tests/ChangellyTests.cs
+++ b/BTCPayServer.Tests/ChangellyTests.cs
@ -0,0 +1,253 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using BTCPayServer.Controllers;
+using BTCPayServer.Data;
+using BTCPayServer.Models;
+using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Payments.Changelly.Models;
+using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Tests.Logging;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace BTCPayServer.Tests
+{
+    public class ChangellyTests
+    {
+        public ChangellyTests(ITestOutputHelper helper)
+        {
+            Logs.Tester = new XUnitLog(helper) {Name = "Tests"};
+            Logs.LogProvider = new XUnitLogProvider(helper);
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanSetChangellyPaymentMethod()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                var controller = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+
+                var storeBlob = controller.StoreData.GetStoreBlob();
+                Assert.Null(storeBlob.ChangellySettings);
+
+                var updateModel = new UpdateChangellySettingsViewModel()
+                {
+                    ApiSecret = "secret",
+                    ApiKey = "key",
+                    ApiUrl = "http://gozo.com",
+                    ChangellyMerchantId = "aaa",
+                };
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await controller.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                var store = await tester.PayTester.StoreRepository.FindStore(user.StoreId);
+                storeBlob = controller.StoreData.GetStoreBlob();
+                Assert.NotNull(storeBlob.ChangellySettings);
+                Assert.NotNull(storeBlob.ChangellySettings);
+                Assert.IsType<ChangellySettings>(storeBlob.ChangellySettings);
+                Assert.Equal(storeBlob.ChangellySettings.ApiKey, updateModel.ApiKey);
+                Assert.Equal(storeBlob.ChangellySettings.ApiSecret,
+                    updateModel.ApiSecret);
+                Assert.Equal(storeBlob.ChangellySettings.ApiUrl, updateModel.ApiUrl);
+                Assert.Equal(storeBlob.ChangellySettings.ChangellyMerchantId,
+                    updateModel.ChangellyMerchantId);
+            }
+        }
+
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanToggleChangellyPaymentMethod()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                var controller = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+                var updateModel = new UpdateChangellySettingsViewModel()
+                {
+                    ApiSecret = "secret",
+                    ApiKey = "key",
+                    ApiUrl = "http://gozo.com",
+                    ChangellyMerchantId = "aaa",
+                    Enabled = true
+                };
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await controller.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+
+                var store = await tester.PayTester.StoreRepository.FindStore(user.StoreId);
+
+                Assert.True(store.GetStoreBlob().ChangellySettings.Enabled);
+
+                updateModel.Enabled = false;
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await controller.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                store = await tester.PayTester.StoreRepository.FindStore(user.StoreId);
+
+                Assert.False(store.GetStoreBlob().ChangellySettings.Enabled);
+            }
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CannotUseChangellyApiWithoutChangellyPaymentMethodSet()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                var changellyController =
+                    tester.PayTester.GetController<ChangellyController>(user.UserId, user.StoreId);
+                changellyController.IsTest = true;
+
+                //test non existing payment method
+                Assert.IsType<BitpayErrorModel>(Assert
+                    .IsType<BadRequestObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value);
+
+                var updateModel = CreateDefaultChangellyParams(false);
+                var storesController = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+                //set payment method but disabled
+
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+
+                Assert.IsType<BitpayErrorModel>(Assert
+                    .IsType<BadRequestObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value);
+
+                updateModel.Enabled = true;
+                //test with enabled method
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+
+                Assert.IsNotType<BitpayErrorModel>(Assert
+                    .IsType<OkObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value);
+            }
+        }
+
+        UpdateChangellySettingsViewModel CreateDefaultChangellyParams(bool enabled)
+        {
+            return new UpdateChangellySettingsViewModel()
+            {
+                ApiKey = "6ed02cdf1b614d89a8c0ceb170eebb61",
+                ApiSecret = "8fbd66a2af5fd15a6b5f8ed0159c5842e32a18538521ffa145bd6c9e124d3483",
+                ChangellyMerchantId = "804298eb5753",
+                Enabled = enabled
+            };
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanGetCurrencyListFromChangelly()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+
+                //save changelly settings
+                var updateModel = CreateDefaultChangellyParams(true);
+                var storesController = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+                //confirm saved
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                var factory = UnitTest1.CreateBTCPayRateFactory();
+                var fetcher = new RateFetcher(factory);
+                var httpClientFactory = new MockHttpClientFactory();
+                var changellyController = new ChangellyController(
+                    new ChangellyClientProvider(tester.PayTester.StoreRepository, httpClientFactory),
+                    tester.NetworkProvider, fetcher);
+                changellyController.IsTest = true;
+                var result = Assert
+                    .IsType<OkObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value as IEnumerable<CurrencyFull>;
+                Assert.True(result.Any());
+            }
+        }
+
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanCalculateToAmountForChangelly()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+
+                var updateModel = CreateDefaultChangellyParams(true);
+                var storesController = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                var factory = UnitTest1.CreateBTCPayRateFactory();
+                var fetcher = new RateFetcher(factory);
+                var httpClientFactory = new MockHttpClientFactory();
+                var changellyController = new ChangellyController(
+                    new ChangellyClientProvider(tester.PayTester.StoreRepository, httpClientFactory),
+                    tester.NetworkProvider, fetcher);
+                changellyController.IsTest = true;
+                Assert.IsType<decimal>(Assert
+                    .IsType<OkObjectResult>(await changellyController.CalculateAmount(user.StoreId, "ltc", "btc", 1.0m))
+                    .Value);
+            }
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public void CanComputeBaseAmount()
+        {
+            Assert.Equal(1, ChangellyCalculationHelper.ComputeBaseAmount(1, 1));
+            Assert.Equal(0.5m, ChangellyCalculationHelper.ComputeBaseAmount(1, 0.5m));
+            Assert.Equal(2, ChangellyCalculationHelper.ComputeBaseAmount(0.5m, 1));
+            Assert.Equal(4m, ChangellyCalculationHelper.ComputeBaseAmount(1, 4));
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public void CanComputeCorrectAmount()
+        {
+            Assert.Equal(1, ChangellyCalculationHelper.ComputeCorrectAmount(0.5m, 1, 2));
+            Assert.Equal(0.25m, ChangellyCalculationHelper.ComputeCorrectAmount(0.5m, 1, 0.5m));
+            Assert.Equal(20, ChangellyCalculationHelper.ComputeCorrectAmount(10, 1, 2));
+        }
+    }
+
+    public class MockHttpClientFactory : IHttpClientFactory
+    {
+        public HttpClient CreateClient(string name)
+        {
+            return new HttpClient();
+        }
+    }
+}
--- a/BTCPayServer.Tests/ChargeTester.cs
+++ b/BTCPayServer.Tests/ChargeTester.cs
@ -1,8 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
-using BTCPayServer.Payments.Lightning.Charge;
-using BTCPayServer.Payments.Lightning.CLightning;
+using BTCPayServer.Lightning;
+using BTCPayServer.Lightning.Charge;
+using BTCPayServer.Payments.Lightning;
 using NBitcoin;

 namespace BTCPayServer.Tests
@ -15,7 +16,7 @@ namespace BTCPayServer.Tests
        {
            this._Parent = serverTester;
            var url = serverTester.GetEnvironment(environmentName, defaultValue);
-            Client = new ChargeClient(new Uri(url), network);
+            Client = (ChargeClient)LightningClientFactory.CreateClient(url, network);
            P2PHost = _Parent.GetEnvironment(environmentName + "_HOST", defaultHost);
        }        
        public ChargeClient Client { get; set; }
--- a/BTCPayServer.Tests/Dockerfile
+++ b/BTCPayServer.Tests/Dockerfile
@ -1,4 +1,4 @@
-FROM microsoft/dotnet:2.0.6-sdk-2.1.101-stretch
+FROM microsoft/dotnet:2.1.403-sdk-alpine3.7
 WORKDIR /app
 # caches restore result by copying csproj file separately
 COPY BTCPayServer.Tests/BTCPayServer.Tests.csproj BTCPayServer.Tests/BTCPayServer.Tests.csproj
--- a/BTCPayServer.Tests/LightningDTester.cs
+++ b/BTCPayServer.Tests/LightningDTester.cs
@ -2,7 +2,7 @@
 using System.Collections.Generic;
 using System.Text;
 using System.Threading.Tasks;
-using BTCPayServer.Payments.Lightning.CLightning;
+using BTCPayServer.Lightning.CLightning;
 using NBitcoin;

 namespace BTCPayServer.Tests
@ -13,10 +13,10 @@ namespace BTCPayServer.Tests
        public LightningDTester(ServerTester parent, string environmentName, string defaultRPC, string defaultHost, Network network)
        {
            this.parent = parent;
-            RPC = new CLightningRPCClient(new Uri(parent.GetEnvironment(environmentName, defaultRPC)), network);
+            RPC = new CLightningClient(new Uri(parent.GetEnvironment(environmentName, defaultRPC)), network);
        }

-        public CLightningRPCClient RPC { get; }
+        public CLightningClient RPC { get; }
        public string P2PHost { get; }
        
    }
--- a/BTCPayServer.Tests/Lnd/LndMockTester.cs
+++ b/BTCPayServer.Tests/Lnd/LndMockTester.cs
@ -0,0 +1,27 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using BTCPayServer.Lightning.LND;
+using NBitcoin;
+
+namespace BTCPayServer.Tests.Lnd
+{
+    public class LndMockTester
+    {
+        private ServerTester _Parent;
+
+        public LndMockTester(ServerTester serverTester, string environmentName, string defaultValue, string defaultHost, Network network)
+        {
+            this._Parent = serverTester;
+            var url = serverTester.GetEnvironment(environmentName, defaultValue);
+
+            Swagger = new LndSwaggerClient(new LndRestSettings(new Uri(url)) { AllowInsecure = true });
+            Client = new LndClient(Swagger, network);
+            P2PHost = _Parent.GetEnvironment(environmentName + "_HOST", defaultHost);
+        }
+
+        public LndSwaggerClient Swagger { get; set; }
+        public LndClient Client { get; set; }
+        public string P2PHost { get; }
+    }
+}
--- a/BTCPayServer.Tests/Mocks/MockRateProvider.cs
+++ b/BTCPayServer.Tests/Mocks/MockRateProvider.cs
@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using BTCPayServer.Rating;
+using BTCPayServer.Services.Rates;
+
+namespace BTCPayServer.Tests.Mocks
+{
+    public class MockRateProvider : IRateProvider
+    {
+        public ExchangeRates ExchangeRates { get; set; } = new ExchangeRates();
+        public Task<ExchangeRates> GetRatesAsync()
+        {
+            return Task.FromResult(ExchangeRates);
+        }
+    }
+}
--- a/BTCPayServer.Tests/README.md
+++ b/BTCPayServer.Tests/README.md
@ -29,11 +29,7 @@ If you want to stop, and remove all existing data
 docker-compose down --v
 ```

-You can run the tests inside a container by running
-
-```
-docker-compose run --rm tests
-```
+You can run tests on `MySql` database instead of `Postgres` by setting environnement variable `TESTS_DB` equals to `MySql`.

 ## How to manually test payments

--- a/BTCPayServer.Tests/RateRulesTest.cs
+++ b/BTCPayServer.Tests/RateRulesTest.cs
@ -0,0 +1,194 @@
+using System;
+using System.Linq;
+using System.Collections.Generic;
+using System.Text;
+using BTCPayServer.Rating;
+using Xunit;
+using System.Globalization;
+
+namespace BTCPayServer.Tests
+{
+    public class RateRulesTest
+    {
+        [Fact]
+        [Trait("Fast", "Fast")]
+        public void SecondDuplicatedRuleIsIgnored()
+        {
+            StringBuilder builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = 1.1");
+            builder.AppendLine("DOGE_X = 1.2");
+            Assert.True(RateRules.TryParse(builder.ToString(), out var rules));
+            var rule = rules.GetRuleFor(new CurrencyPair("DOGE", "BTC"));
+            rule.Reevaluate();
+            Assert.True(!rule.HasError);
+            Assert.Equal(1.1m, rule.BidAsk.Ask);
+        }
+
+        [Fact]
+        [Trait("Fast", "Fast")]
+        public void CanParseRateRules()
+        {
+            // Check happy path
+            StringBuilder builder = new StringBuilder();
+            builder.AppendLine("// Some cool comments");
+            builder.AppendLine("DOGE_X = DOGE_BTC * BTC_X * 1.1");
+            builder.AppendLine("DOGE_BTC = Bittrex(DOGE_BTC)");
+            builder.AppendLine("// Some other cool comments");
+            builder.AppendLine("BTC_usd = GDax(BTC_USD)");
+            builder.AppendLine("BTC_X = Coinbase(BTC_X);");
+            builder.AppendLine("X_X = CoinAverage(X_X) * 1.02");
+
+            Assert.False(RateRules.TryParse("DPW*&W&#hdi&#&3JJD", out var rules));
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            Assert.Equal(
+                "// Some cool comments\n" +
+                "DOGE_X = DOGE_BTC * BTC_X * 1.1;\n" +
+                "DOGE_BTC = bittrex(DOGE_BTC);\n" +
+                "// Some other cool comments\n" +
+                "BTC_USD = gdax(BTC_USD);\n" +
+                "BTC_X = coinbase(BTC_X);\n" +
+                "X_X = coinaverage(X_X) * 1.02;",
+                rules.ToString());
+            var tests = new[]
+            {
+                (Pair: "DOGE_USD", Expected: "bittrex(DOGE_BTC) * gdax(BTC_USD) * 1.1"),
+                (Pair: "BTC_USD", Expected: "gdax(BTC_USD)"),
+                (Pair: "BTC_CAD", Expected: "coinbase(BTC_CAD)"),
+                (Pair: "DOGE_CAD", Expected: "bittrex(DOGE_BTC) * coinbase(BTC_CAD) * 1.1"),
+                (Pair: "LTC_CAD", Expected: "coinaverage(LTC_CAD) * 1.02"),
+            };
+            foreach (var test in tests)
+            {
+                Assert.Equal(test.Expected, rules.GetRuleFor(CurrencyPair.Parse(test.Pair)).ToString());
+            }
+            rules.Spread = 0.2m;
+            Assert.Equal("(bittrex(DOGE_BTC) * gdax(BTC_USD) * 1.1) * (0.8, 1.2)", rules.GetRuleFor(CurrencyPair.Parse("DOGE_USD")).ToString());
+            ////////////////
+
+            // Check errors conditions
+            builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = LTC_CAD * BTC_X * 1.1");
+            builder.AppendLine("DOGE_BTC = Bittrex(DOGE_BTC)");
+            builder.AppendLine("BTC_usd = GDax(BTC_USD)");
+            builder.AppendLine("LTC_CHF = LTC_CHF * 1.01");
+            builder.AppendLine("BTC_X = Coinbase(BTC_X)");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+
+            tests = new[]
+            {
+                (Pair: "LTC_CAD", Expected: "ERR_NO_RULE_MATCH(LTC_CAD)"),
+                (Pair: "DOGE_USD", Expected: "ERR_NO_RULE_MATCH(LTC_CAD) * gdax(BTC_USD) * 1.1"),
+                (Pair: "LTC_CHF", Expected: "ERR_TOO_MUCH_NESTED_CALLS(LTC_CHF) * 1.01"),
+            };
+            foreach (var test in tests)
+            {
+                Assert.Equal(test.Expected, rules.GetRuleFor(CurrencyPair.Parse(test.Pair)).ToString());
+            }
+            //////////////////
+
+            // Check if we can resolve exchange rates
+            builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = DOGE_BTC * BTC_X * 1.1");
+            builder.AppendLine("DOGE_BTC = Bittrex(DOGE_BTC)");
+            builder.AppendLine("BTC_usd = GDax(BTC_USD)");
+            builder.AppendLine("BTC_X = Coinbase(BTC_X)");
+            builder.AppendLine("X_X = CoinAverage(X_X) * 1.02");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+
+            var tests2 = new[]
+            {
+                (Pair: "DOGE_USD", Expected: "bittrex(DOGE_BTC) * gdax(BTC_USD) * 1.1", ExpectedExchangeRates: "bittrex(DOGE_BTC),gdax(BTC_USD)"),
+                (Pair: "BTC_USD", Expected: "gdax(BTC_USD)", ExpectedExchangeRates: "gdax(BTC_USD)"),
+                (Pair: "BTC_CAD", Expected: "coinbase(BTC_CAD)", ExpectedExchangeRates: "coinbase(BTC_CAD)"),
+                (Pair: "DOGE_CAD", Expected: "bittrex(DOGE_BTC) * coinbase(BTC_CAD) * 1.1", ExpectedExchangeRates: "bittrex(DOGE_BTC),coinbase(BTC_CAD)"),
+                (Pair: "LTC_CAD", Expected: "coinaverage(LTC_CAD) * 1.02", ExpectedExchangeRates: "coinaverage(LTC_CAD)"),
+            };
+            foreach (var test in tests2)
+            {
+                var rule = rules.GetRuleFor(CurrencyPair.Parse(test.Pair));
+                Assert.Equal(test.Expected, rule.ToString());
+                Assert.Equal(test.ExpectedExchangeRates, string.Join(',', rule.ExchangeRates.OfType<object>().ToArray()));
+            }
+            var rule2 = rules.GetRuleFor(CurrencyPair.Parse("DOGE_CAD"));
+            rule2.ExchangeRates.SetRate("bittrex", CurrencyPair.Parse("DOGE_BTC"), new BidAsk(5000m));
+            rule2.Reevaluate();
+            Assert.True(rule2.HasError);
+            Assert.Equal("5000 * ERR_RATE_UNAVAILABLE(coinbase, BTC_CAD) * 1.1", rule2.ToString(true));
+            Assert.Equal("bittrex(DOGE_BTC) * coinbase(BTC_CAD) * 1.1", rule2.ToString(false));
+            rule2.ExchangeRates.SetRate("coinbase", CurrencyPair.Parse("BTC_CAD"), new BidAsk(2000.4m));
+            rule2.Reevaluate();
+            Assert.False(rule2.HasError);
+            Assert.Equal("5000 * 2000.4 * 1.1", rule2.ToString(true));
+            Assert.Equal(rule2.BidAsk.Bid, 5000m * 2000.4m * 1.1m);
+            ////////
+
+            // Make sure parenthesis are correctly calculated
+            builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = DOGE_BTC * BTC_X");
+            builder.AppendLine("BTC_USD = -3 + coinbase(BTC_CAD) + 50 - 5");
+            builder.AppendLine("DOGE_BTC = 2000");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rules.Spread = 0.1m;
+
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("DOGE_USD"));
+            Assert.Equal("(2000 * (-3 + coinbase(BTC_CAD) + 50 - 5)) * (0.9, 1.1)", rule2.ToString());
+            rule2.ExchangeRates.SetRate("coinbase", CurrencyPair.Parse("BTC_CAD"), new BidAsk(1000m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("(2000 * (-3 + 1000 + 50 - 5)) * (0.9, 1.1)", rule2.ToString(true));
+            Assert.Equal((2000m * (-3m + 1000m + 50m - 5m)) * 0.9m, rule2.BidAsk.Bid);
+
+            // Test inverse
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("USD_DOGE"));
+            Assert.Equal("(1 / (2000 * (-3 + coinbase(BTC_CAD) + 50 - 5))) * (0.9, 1.1)", rule2.ToString());
+            rule2.ExchangeRates.SetRate("coinbase", CurrencyPair.Parse("BTC_CAD"), new BidAsk(1000m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("(1 / (2000 * (-3 + 1000 + 50 - 5))) * (0.9, 1.1)", rule2.ToString(true));
+            Assert.Equal((1.0m / (2000m * (-3m + 1000m + 50m - 5m))) * 0.9m, rule2.BidAsk.Bid);
+            ////////
+
+            // Make sure kraken is not converted to CurrencyPair
+            builder = new StringBuilder();
+            builder.AppendLine("BTC_USD = kraken(BTC_USD)");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("BTC_USD"));
+            rule2.ExchangeRates.SetRate("kraken", CurrencyPair.Parse("BTC_USD"), new BidAsk(1000m));
+            Assert.True(rule2.Reevaluate());
+
+            // Make sure can handle pairs
+            builder = new StringBuilder();
+            builder.AppendLine("BTC_USD = kraken(BTC_USD)");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("BTC_USD"));
+            rule2.ExchangeRates.SetRate("kraken", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("(6000, 6100)", rule2.ToString(true));
+            Assert.Equal(6000m, rule2.BidAsk.Bid);
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("USD_BTC"));
+            rule2.ExchangeRates.SetRate("kraken", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("1 / (6000, 6100)", rule2.ToString(true));
+            Assert.Equal(1m / 6100m, rule2.BidAsk.Bid);
+
+            // Make sure the inverse has more priority than X_X or CDNT_X
+            builder = new StringBuilder();
+            builder.AppendLine("EUR_CDNT = 10");
+            builder.AppendLine("CDNT_BTC = CDNT_EUR * EUR_BTC;");
+            builder.AppendLine("CDNT_X = CDNT_BTC * BTC_X;");
+            builder.AppendLine("X_X = coinaverage(X_X);");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("CDNT_EUR"));
+            rule2.ExchangeRates.SetRate("coinaverage", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("1 / 10", rule2.ToString(false));
+
+            // Make sure an inverse can be solved on an exchange
+            builder = new StringBuilder();
+            builder.AppendLine("X_X = coinaverage(X_X);");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("USD_BTC"));
+            rule2.ExchangeRates.SetRate("coinaverage", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal($"({(1m / 6100m).ToString(CultureInfo.InvariantCulture)}, {(1m / 6000m).ToString(CultureInfo.InvariantCulture)})", rule2.ToString(true));
+        }
+    }
+}
--- a/BTCPayServer.Tests/ServerTester.cs
+++ b/BTCPayServer.Tests/ServerTester.cs
@ -18,8 +18,10 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Threading;
 using System.Globalization;
-using BTCPayServer.Payments.Lightning.CLightning;
-using BTCPayServer.Payments.Lightning.Charge;
+using BTCPayServer.Tests.Lnd;
+using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Lightning.CLightning;
+using BTCPayServer.Lightning;

 namespace BTCPayServer.Tests
 {
@ -47,16 +49,20 @@ namespace BTCPayServer.Tests
            LTCExplorerClient = new ExplorerClient(NetworkProvider.GetNetwork("LTC").NBXplorerNetwork, new Uri(GetEnvironment("TESTS_LTCNBXPLORERURL", "http://127.0.0.1:32838/")));

            var btc = NetworkProvider.GetNetwork("BTC").NBitcoinNetwork;
-            CustomerLightningD = new CLightningRPCClient(new Uri(GetEnvironment("TEST_CUSTOMERLIGHTNINGD", "tcp://127.0.0.1:30992/")), btc);
-            MerchantLightningD = new CLightningRPCClient(new Uri(GetEnvironment("TEST_MERCHANTLIGHTNINGD", "tcp://127.0.0.1:30993/")), btc);
+            CustomerLightningD = LightningClientFactory.CreateClient(GetEnvironment("TEST_CUSTOMERLIGHTNINGD", "type=clightning;server=tcp://127.0.0.1:30992/"), btc);
+            MerchantLightningD = LightningClientFactory.CreateClient(GetEnvironment("TEST_MERCHANTLIGHTNINGD", "type=clightning;server=tcp://127.0.0.1:30993/"), btc);

-            MerchantCharge = new ChargeTester(this, "TEST_MERCHANTCHARGE", "http://api-token:foiewnccewuify@127.0.0.1:54938/", "merchant_lightningd", btc);
+            MerchantCharge = new ChargeTester(this, "TEST_MERCHANTCHARGE", "type=charge;server=http://127.0.0.1:54938/;api-token=foiewnccewuify", "merchant_lightningd", btc);
+
+            MerchantLnd = new LndMockTester(this, "TEST_MERCHANTLND", "https://lnd:lnd@127.0.0.1:53280/", "merchant_lnd", btc);

            PayTester = new BTCPayServerTester(Path.Combine(_Directory, "pay"))
            {
                NBXplorerUri = ExplorerClient.Address,
                LTCNBXplorerUri = LTCExplorerClient.Address,
+                TestDatabase = Enum.Parse<TestDatabases>(GetEnvironment("TESTS_DB", TestDatabases.Postgres.ToString()), true),
                Postgres = GetEnvironment("TESTS_POSTGRES", "User ID=postgres;Host=127.0.0.1;Port=39372;Database=btcpayserver"),
+                MySQL = GetEnvironment("TESTS_MYSQL", "User ID=root;Host=127.0.0.1;Port=33036;Database=btcpayserver"),
                IntegratedLightning = MerchantCharge.Client.Uri
            };
            PayTester.Port = int.Parse(GetEnvironment("TESTS_PORT", Utils.FreeTcpPort().ToString(CultureInfo.InvariantCulture)), CultureInfo.InvariantCulture);
@ -74,69 +80,24 @@ namespace BTCPayServer.Tests
            PayTester.Start();
        }

-
-        /// <summary>
-        /// Connect a customer LN node to the merchant LN node
-        /// </summary>
-        public void PrepareLightning()
-        {
-            PrepareLightningAsync().GetAwaiter().GetResult();
-        }
-
-
        /// <summary>
        /// Connect a customer LN node to the merchant LN node
        /// </summary>
        /// <returns></returns>
-        public async Task PrepareLightningAsync()
+        public Task EnsureChannelsSetup()
        {
-            while (true)
-            {
-                var skippedStates = new[] { "ONCHAIN", "CHANNELD_SHUTTING_DOWN", "CLOSINGD_SIGEXCHANGE", "CLOSINGD_COMPLETE", "FUNDING_SPEND_SEEN" };
-                var channel = (await CustomerLightningD.ListPeersAsync())
-                            .SelectMany(p => p.Channels)
-                            .Where(c => !skippedStates.Contains(c.State ?? ""))
-                            .FirstOrDefault();
-                switch (channel?.State)
-                {
-                    case null:
-                        var merchantInfo = await WaitLNSynched();
-                        var clightning = new NodeInfo(merchantInfo.Id, MerchantCharge.P2PHost, merchantInfo.Port);
-                        await CustomerLightningD.ConnectAsync(clightning);
-                        var address = await CustomerLightningD.NewAddressAsync();
-                        await ExplorerNode.SendToAddressAsync(address, Money.Coins(0.2m));
-                        ExplorerNode.Generate(1);
-                        await WaitLNSynched();
-                        await Task.Delay(1000);
-                        await CustomerLightningD.FundChannelAsync(clightning, Money.Satoshis(16777215));
-                        break;
-                    case "CHANNELD_AWAITING_LOCKIN":
-                        ExplorerNode.Generate(1);
-                        await WaitLNSynched();
-                        break;
-                    case "CHANNELD_NORMAL":
-                        return;
-                    default:
-                        throw new NotSupportedException(channel?.State ?? "");
-                }
-            }
+            return BTCPayServer.Lightning.Tests.ConnectChannels.ConnectAll(ExplorerNode, GetLightningSenderClients(), GetLightningDestClients());
        }

-        private async Task<GetInfoResponse> WaitLNSynched()
+        private IEnumerable<ILightningClient> GetLightningSenderClients()
        {
-            while (true)
-            {
-                var merchantInfo = await MerchantCharge.Client.GetInfoAsync();
-                var blockCount = await ExplorerNode.GetBlockCountAsync();
-                if (merchantInfo.BlockHeight != blockCount)
-                {
-                    await Task.Delay(1000);
-                }
-                else
-                {
-                    return merchantInfo;
-                }
-            }
+            yield return CustomerLightningD;
+        }
+
+        private IEnumerable<ILightningClient> GetLightningDestClients()
+        {
+            yield return MerchantLightningD;
+            yield return MerchantLnd.Client;
        }

        public void SendLightningPayment(Invoice invoice)
@ -148,12 +109,14 @@ namespace BTCPayServer.Tests
        {
            var bolt11 = invoice.CryptoInfo.Where(o => o.PaymentUrls.BOLT11 != null).First().PaymentUrls.BOLT11;
            bolt11 = bolt11.Replace("lightning:", "", StringComparison.OrdinalIgnoreCase);
-            await CustomerLightningD.SendAsync(bolt11);
+            await CustomerLightningD.Pay(bolt11);
        }

-        public CLightningRPCClient CustomerLightningD { get; set; }
-        public CLightningRPCClient MerchantLightningD { get; private set; }
+        public ILightningClient CustomerLightningD { get; set; }
+
+        public ILightningClient MerchantLightningD { get; private set; }
        public ChargeTester MerchantCharge { get; private set; }
+        public LndMockTester MerchantLnd { get; set; }

        internal string GetEnvironment(string variable, string defaultValue)
        {
@ -185,106 +148,18 @@ namespace BTCPayServer.Tests

        HttpClient _Http = new HttpClient();

-        class MockHttpRequest : HttpRequest
-        {
-            Uri serverUri;
-            public MockHttpRequest(Uri serverUri)
-            {
-                this.serverUri = serverUri;
-            }
-            public override HttpContext HttpContext => throw new NotImplementedException();
-
-            public override string Method
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override string Scheme
-            {
-                get => serverUri.Scheme;
-                set => throw new NotImplementedException();
-            }
-            public override bool IsHttps
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override HostString Host
-            {
-                get => new HostString(serverUri.Host, serverUri.Port);
-                set => throw new NotImplementedException();
-            }
-            public override PathString PathBase
-            {
-                get => "";
-                set => throw new NotImplementedException();
-            }
-            public override PathString Path
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override QueryString QueryString
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override IQueryCollection Query
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override string Protocol
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-
-            public override IHeaderDictionary Headers => throw new NotImplementedException();
-
-            public override IRequestCookieCollection Cookies
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override long? ContentLength
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override string ContentType
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override Stream Body
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-
-            public override bool HasFormContentType => throw new NotImplementedException();
-
-            public override IFormCollection Form
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-
-            public override Task<IFormCollection> ReadFormAsync(CancellationToken cancellationToken = default(CancellationToken))
-            {
-                throw new NotImplementedException();
-            }
-        }
-
-
        public BTCPayServerTester PayTester
        {
            get; set;
        }
+        public List<string> Stores { get; internal set; } = new List<string>();

        public void Dispose()
        {
+            foreach (var store in Stores)
+            {
+                Xunit.Assert.True(PayTester.StoreRepository.DeleteStore(store).GetAwaiter().GetResult());
+            }
            if (PayTester != null)
                PayTester.Dispose();
        }
--- a/BTCPayServer.Tests/TestAccount.cs
+++ b/BTCPayServer.Tests/TestAccount.cs
@ -14,6 +14,9 @@ using Xunit;
 using NBXplorer.DerivationStrategy;
 using BTCPayServer.Payments;
 using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Tests.Logging;
+using BTCPayServer.Lightning;
+using BTCPayServer.Lightning.CLightning;

 namespace BTCPayServer.Tests
 {
@ -44,52 +47,53 @@ namespace BTCPayServer.Tests
        public async Task GrantAccessAsync()
        {
            await RegisterAsync();
-            var store = await CreateStoreAsync();
+            await CreateStoreAsync();
+            var store = this.GetController<StoresController>();
            var pairingCode = BitPay.RequestClientAuthorization("test", Facade.Merchant);
            Assert.IsType<ViewResult>(await store.RequestPairing(pairingCode.ToString()));
            await store.Pair(pairingCode.ToString(), StoreId);
        }
-        public StoresController CreateStore()
+        public void CreateStore()
        {
-            return CreateStoreAsync().GetAwaiter().GetResult();
+            CreateStoreAsync().GetAwaiter().GetResult();
        }

-        public T GetController<T>() where T : Controller
+        public T GetController<T>(bool setImplicitStore = true) where T : Controller
        {
-            return parent.PayTester.GetController<T>(UserId);
+            return parent.PayTester.GetController<T>(UserId, setImplicitStore ? StoreId : null);
        }

-        public async Task<StoresController> CreateStoreAsync()
+        public async Task CreateStoreAsync()
        {
-            var store = parent.PayTester.GetController<UserStoresController>(UserId);
+            var store = this.GetController<UserStoresController>();
            await store.CreateStore(new CreateStoreViewModel() { Name = "Test Store" });
            StoreId = store.CreatedStoreId;
-            var store2 = parent.PayTester.GetController<StoresController>(UserId);
-            store2.CreatedStoreId = store.CreatedStoreId;
-            return store2;
+            parent.Stores.Add(StoreId);
        }

        public BTCPayNetwork SupportedNetwork { get; set; }

-        public void RegisterDerivationScheme(string crytoCode)
+        public WalletId RegisterDerivationScheme(string crytoCode, bool segwit = false)
        {
-            RegisterDerivationSchemeAsync(crytoCode).GetAwaiter().GetResult();
+            return RegisterDerivationSchemeAsync(crytoCode, segwit).GetAwaiter().GetResult();
        }
-        public async Task RegisterDerivationSchemeAsync(string cryptoCode)
+        public async Task<WalletId> RegisterDerivationSchemeAsync(string cryptoCode, bool segwit = false)
        {
            SupportedNetwork = parent.NetworkProvider.GetNetwork(cryptoCode);
-            var store = parent.PayTester.GetController<StoresController>(UserId);
+            var store = parent.PayTester.GetController<StoresController>(UserId, StoreId);
            ExtKey = new ExtKey().GetWif(SupportedNetwork.NBitcoinNetwork);
-            DerivationScheme = new DerivationStrategyFactory(SupportedNetwork.NBitcoinNetwork).Parse(ExtKey.Neuter().ToString() + "-[legacy]");
-            var vm = (StoreViewModel)((ViewResult)await store.UpdateStore(StoreId)).Model;
+            DerivationScheme = new DerivationStrategyFactory(SupportedNetwork.NBitcoinNetwork).Parse(ExtKey.Neuter().ToString() + (segwit ? "" : "-[legacy]"));
+            var vm = (StoreViewModel)((ViewResult)store.UpdateStore()).Model;
            vm.SpeedPolicy = SpeedPolicy.MediumSpeed;
-            await store.UpdateStore(StoreId, vm);
+            await store.UpdateStore(vm);

            await store.AddDerivationScheme(StoreId, new DerivationSchemeViewModel()
            {
                DerivationScheme = DerivationScheme.ToString(),
                Confirmation = true
            }, cryptoCode);
+
+            return new WalletId(StoreId, cryptoCode);
        }

        public DerivationStrategyBase DerivationScheme { get; set; }
@ -119,7 +123,7 @@ namespace BTCPayServer.Tests
        {
            get; set;
        }
-        
+
        public void RegisterLightningNode(string cryptoCode, LightningConnectionType connectionType)
        {
            RegisterLightningNodeAsync(cryptoCode, connectionType).GetAwaiter().GetResult();
@ -127,16 +131,25 @@ namespace BTCPayServer.Tests

        public async Task RegisterLightningNodeAsync(string cryptoCode, LightningConnectionType connectionType)
        {
-            var storeController = parent.PayTester.GetController<StoresController>(UserId);
+            var storeController = this.GetController<StoresController>();
+
+            string connectionString = null;
+            if (connectionType == LightningConnectionType.Charge)
+                connectionString = "type=charge;server=" + parent.MerchantCharge.Client.Uri.AbsoluteUri;
+            else if (connectionType == LightningConnectionType.CLightning)
+                connectionString = "type=clightning;server=" + ((CLightningClient)parent.MerchantLightningD).Address.AbsoluteUri;
+            else if (connectionType == LightningConnectionType.LndREST)
+                connectionString = $"type=lnd-rest;server={parent.MerchantLnd.Swagger.BaseUrl};allowinsecure=true";
+            else
+                throw new NotSupportedException(connectionType.ToString());
+
            await storeController.AddLightningNode(StoreId, new LightningNodeViewModel()
            {
-                Url = connectionType == LightningConnectionType.Charge ? parent.MerchantCharge.Client.Uri.AbsoluteUri :
-                      connectionType == LightningConnectionType.CLightning ? parent.MerchantLightningD.Address.AbsoluteUri
-                      : throw new NotSupportedException(connectionType.ToString()),
+                ConnectionString = connectionString,
                SkipPortTest = true
            }, "save", "BTC");
            if (storeController.ModelState.ErrorCount != 0)
                Assert.False(true, storeController.ModelState.FirstOrDefault().Value.Errors[0].ErrorMessage);
        }
-}
+    }
 }
--- a/BTCPayServer.Tests/UnitTest1.cs
+++ b/BTCPayServer.Tests/UnitTest1.cs
--- a/BTCPayServer.Tests/UnitTestPeusa.cs
+++ b/BTCPayServer.Tests/UnitTestPeusa.cs
@ -1,52 +0,0 @@
-using NBitcoin;
-using NBitcoin.DataEncoders;
-using NBitpayClient;
-using System;
-using System.Collections.Generic;
-using System.Text;
-using Xunit;
-
-namespace BTCPayServer.Tests
-{
-    // Helper class for testing functionality and generating data needed during coding/debuging
-    public class UnitTestPeusa
-    {
-        // Unit test that generates temorary checkout Bitpay page
-        // https://forkbitpay.slack.com/archives/C7M093Z55/p1508293682000217
-
-        // Testnet of Bitpay down
-        //[Fact]
-        //public void BitpayCheckout()
-        //{
-        //    var key = new Key(Encoders.Hex.DecodeData("7b70a06f35562873e3dcb46005ed0fe78e1991ad906e56adaaafa40ba861e056"));
-        //    var url = new Uri("https://test.bitpay.com/");
-        //    var btcpay = new Bitpay(key, url);
-        //    var invoice = btcpay.CreateInvoice(new Invoice()
-        //    {
-
-        //        Price = 5.0,
-        //        Currency = "USD",
-        //        PosData = "posData",
-        //        OrderId = "cdfd8a5f-6928-4c3b-ba9b-ddf438029e73",
-        //        ItemDesc = "Hello from the otherside"
-        //    }, Facade.Merchant);
-
-        //    // go to invoice.Url
-        //    Console.WriteLine(invoice.Url);
-        //}
-
-        // Generating Extended public key to use on http://localhost:14142/stores/{storeId}
-        [Fact]
-        public void GeneratePubkey()
-        {
-            var network = Network.RegTest;
-
-            ExtKey masterKey = new ExtKey();
-            Console.WriteLine("Master key : " + masterKey.ToString(network));
-            ExtPubKey masterPubKey = masterKey.Neuter();
-
-            ExtPubKey pubkey = masterPubKey.Derive(0);
-            Console.WriteLine("PubKey " + 0 + " : " + pubkey.ToString(network));
-        }
-    }
-}
--- a/BTCPayServer.Tests/UtilitiesTests.cs
+++ b/BTCPayServer.Tests/UtilitiesTests.cs
@ -0,0 +1,93 @@
+using System;
+using System.Linq;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Configuration;
+using NBitcoin.DataEncoders;
+using Newtonsoft.Json.Linq;
+using Xunit;
+using System.IO;
+
+namespace BTCPayServer.Tests
+{
+    /// <summary>
+    /// This class hold easy to run utilities for dev time
+    /// </summary>
+    public class UtilitiesTests
+    {
+        /// <summary>
+        /// Download transifex transactions and put them in BTCPayServer\wwwroot\locales
+        /// </summary>
+        [Trait("Utilities", "Utilities")]
+        [Fact]
+        public async Task PullTransifexTranslations()
+        {
+            // 1. Generate an API Token on https://www.transifex.com/user/settings/api/
+            // 2. Run "dotnet user-secrets set TransifexAPIToken <youapitoken>"
+            var client = new TransifexClient(GetTransifexAPIToken());
+            var json = await client.GetTransifexAsync("https://api.transifex.com/organizations/btcpayserver/projects/btcpayserver/resources/enjson/");
+            var langs = ((JObject)json["stats"]).Properties().Select(n => n.Name).ToArray();
+
+            var langsDir = Path.Combine(Services.LanguageService.TryGetSolutionDirectoryInfo().FullName, "BTCPayServer", "wwwroot", "locales");
+
+            Task.WaitAll(langs.Select(async l =>
+            {
+                if (l == "no")
+                    return;
+                var j = await client.GetTransifexAsync($"https://www.transifex.com/api/2/project/btcpayserver/resource/enjson/translation/{l}/");
+                var content = j["content"].Value<string>();
+                if (l == "en_US")
+                    l = "en";
+                if (l == "ne_NP")
+                    l = "np_NP";
+                if (l == "zh_CN")
+                    l = "zh-SP";
+                if (l == "kk")
+                    l = "kk-KZ";
+
+                var langCode = l.Replace("_", "-");
+                var langFile = Path.Combine(langsDir, langCode + ".json");
+                var jobj = JObject.Parse(content);
+                jobj["code"] = langCode;
+                if ((string)jobj["currentLanguage"] == "English")
+                    return;
+                jobj.AddFirst(new JProperty("NOTICE_WARN", "THIS CODE HAS BEEN AUTOMATICALLY GENERATED FROM TRANSIFEX, IF YOU WISH TO HELP TRANSLATION COME ON THE SLACK http://slack.btcpayserver.org TO REQUEST PERMISSION TO https://www.transifex.com/btcpayserver/btcpayserver/"));
+                content = jobj.ToString(Newtonsoft.Json.Formatting.Indented);
+                File.WriteAllText(Path.Combine(langsDir, langFile), content);
+            }).ToArray());
+        }
+
+        private static string GetTransifexAPIToken()
+        {
+            var builder = new ConfigurationBuilder();
+            builder.AddUserSecrets("AB0AC1DD-9D26-485B-9416-56A33F268117");
+            var config = builder.Build();
+            var token = config["TransifexAPIToken"];
+            Assert.False(token == null, "TransifexAPIToken is not set.\n 1.Generate an API Token on https://www.transifex.com/user/settings/api/ \n 2.Run \"dotnet user-secrets set TransifexAPIToken <youapitoken>\"");
+            return token;
+        }
+    }
+
+    public class TransifexClient
+    {
+        public TransifexClient(string apiToken)
+        {
+            Client = new HttpClient();
+            APIToken = apiToken;
+        }
+
+        public HttpClient Client { get; }
+        public string APIToken { get; }
+
+        public async Task<JObject> GetTransifexAsync(string uri)
+        {
+            var message = new HttpRequestMessage(HttpMethod.Get, uri);
+            message.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Encoders.Base64.EncodeData(Encoding.ASCII.GetBytes($"api:{APIToken}")));
+            message.Headers.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
+            var response = await Client.SendAsync(message);
+            return await response.Content.ReadAsAsync<JObject>();
+        }
+    }
+}
--- a/BTCPayServer.Tests/docker-compose.yml
+++ b/BTCPayServer.Tests/docker-compose.yml
@ -14,12 +14,15 @@ services:
      TESTS_LTCRPCCONNECTION: server=http://litecoind:43782;ceiwHEbqWI83:DwubwWsoo3
      TESTS_BTCNBXPLORERURL: http://nbxplorer:32838/
      TESTS_LTCNBXPLORERURL: http://nbxplorer:32838/
+      TESTS_DB: "Postgres"
      TESTS_POSTGRES: User ID=postgres;Host=postgres;Port=5432;Database=btcpayserver
+      TESTS_MYSQL: User ID=root;Host=mysql;Port=3306;Database=btcpayserver
      TESTS_PORT: 80
      TESTS_HOSTNAME: tests
-      TEST_MERCHANTLIGHTNINGD: "/etc/merchant_lightningd_datadir/lightning-rpc"
-      TEST_CUSTOMERLIGHTNINGD: "/etc/customer_lightningd_datadir/lightning-rpc"
-      TEST_MERCHANTCHARGE: http://api-token:foiewnccewuify@lightning-charged:9112/
+      TEST_MERCHANTLIGHTNINGD: "type=clightning;server=/etc/merchant_lightningd_datadir/lightning-rpc"
+      TEST_CUSTOMERLIGHTNINGD: "type=clightning;server=/etc/customer_lightningd_datadir/lightning-rpc"
+      TEST_MERCHANTCHARGE: "type=charge;server=https://lightning-charged:9112/;api-token=foiewnccewuify;allowinsecure=true"
+      TEST_MERCHANTLND: "type=lnd-rest;server=https://lnd:lnd@127.0.0.1:53280/;allowinsecure=true"
      TESTS_INCONTAINER: "true"
    expose:
      - "80"
@ -33,20 +36,41 @@ services:

  # The dev container is not actually used, it is just handy to run `docker-compose up dev` to start all services
  dev: 
-    image: nicolasdorier/docker-bitcoin:0.16.0
+    image: nicolasdorier/docker-bitcoin:0.17.0
    environment:
+      BITCOIN_NETWORK: regtest
      BITCOIN_EXTRA_ARGS: |
-        regtest=1
+        deprecatedrpc=signrawtransaction
        connect=bitcoind:39388
    links:
      - nbxplorer
      - postgres
+      - mysql
      - customer_lightningd
      - merchant_lightningd
      - lightning-charged
+      - customer_lnd
+      - merchant_lnd
+
+  devlnd: 
+    image: nicolasdorier/docker-bitcoin:0.17.0
+    environment:
+      BITCOIN_NETWORK: regtest
+      BITCOIN_EXTRA_ARGS: |
+        deprecatedrpc=signrawtransaction
+        connect=bitcoind:39388
+    links:
+      - nbxplorer
+      - postgres
+      - mysql
+      - customer_lnd
+      - merchant_lnd
+
+

  nbxplorer:
-    image: nicolasdorier/nbxplorer:1.0.2.0
+    image: nicolasdorier/nbxplorer:1.1.0.18
+    restart: unless-stopped
    ports:
      - "32838:32838"
    expose: 
@ -70,34 +94,44 @@ services:
      - litecoind

  bitcoind:
-    image: nicolasdorier/docker-bitcoin:0.16.0
+    image: nicolasdorier/docker-bitcoin:0.17.0
    environment:
+      BITCOIN_NETWORK: regtest
      BITCOIN_EXTRA_ARGS: |
+        deprecatedrpc=signrawtransaction
        rpcuser=ceiwHEbqWI83
        rpcpassword=DwubwWsoo3
-        regtest=1
-        server=1
        rpcport=43782
        port=39388
        whitelist=0.0.0.0/0
+        zmqpubrawblock=tcp://0.0.0.0:28332
+        zmqpubrawtx=tcp://0.0.0.0:28333
    ports: 
      - "43782:43782"
+      - "28332:28332"
    expose:
      - "43782" # RPC
      - "39388" # P2P
+      - "28332" # ZMQ
+      - "28333" # ZMQ
    volumes:
      - "bitcoin_datadir:/data"

  customer_lightningd:
-    image: nicolasdorier/clightning:0.0.0.3
+    image: nicolasdorier/clightning:v0.6.2-3-dev
+    stop_signal: SIGKILL
+    restart: unless-stopped
    environment: 
      EXPOSE_TCP: "true"
      LIGHTNINGD_OPT: |
        bitcoin-datadir=/etc/bitcoin
        bitcoin-rpcconnect=bitcoind
        network=regtest
-        ipaddr=customer_lightningd
+        bind-addr=0.0.0.0
+        announce-addr=customer_lightningd
        log-level=debug
+        dev-broadcast-interval=1000
+        dev-bitcoind-poll=1
    ports:
      - "30992:9835" # api port
    expose:
@ -110,7 +144,8 @@ services:
      - bitcoind

  lightning-charged:
-    image: shesek/lightning-charge:0.3.9
+    image: shesek/lightning-charge:0.4.3
+    restart: unless-stopped
    environment:
      NETWORK: regtest
      API_TOKEN: foiewnccewuify
@ -129,13 +164,15 @@ services:
      - merchant_lightningd

  merchant_lightningd:
-    image: nicolasdorier/clightning:0.0.0.5-dev
+    image: nicolasdorier/clightning:v0.6.2-3-dev
+    stop_signal: SIGKILL
    environment: 
      EXPOSE_TCP: "true"
      LIGHTNINGD_OPT: |
        bitcoin-datadir=/etc/bitcoin
        bitcoin-rpcconnect=bitcoind
-        ipaddr=merchant_lightningd
+        bind-addr=0.0.0.0
+        announce-addr=merchant_lightningd
        network=regtest
        log-level=debug
        dev-broadcast-interval=1000
@ -173,9 +210,75 @@ services:
      - "39372:5432"
    expose:
      - "5432"
+      
+  mysql:
+    image:  mysql:8.0.12
+    expose:
+      - "3306"
+    ports:
+      - "33036:3306"
+    environment:
+      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
+
+  merchant_lnd:
+    image: btcpayserver/lnd:0.5-beta-2
+    restart: unless-stopped
+    environment:
+      LND_CHAIN: "btc"
+      LND_ENVIRONMENT: "regtest"
+      LND_EXTRA_ARGS: |
+        restlisten=0.0.0.0:8080
+        bitcoin.node=bitcoind
+        bitcoind.rpchost=bitcoind:43782
+        bitcoind.zmqpubrawblock=tcp://bitcoind:28332
+        bitcoind.zmqpubrawtx=tcp://bitcoind:28333
+        externalip=merchant_lnd:9735
+        no-macaroons=1
+        debuglevel=debug
+        noseedbackup=1
+        trickledelay=1000
+    ports:
+      - "53280:8080"
+    expose:
+      - "9735"
+    volumes:
+      - "merchant_lnd_datadir:/data"
+      - "bitcoin_datadir:/deps/.bitcoin"
+    links:
+      - bitcoind
+
+  customer_lnd:
+    image: btcpayserver/lnd:0.5-beta-2
+    restart: unless-stopped
+    environment:
+      LND_CHAIN: "btc"
+      LND_ENVIRONMENT: "regtest"
+      LND_EXTRA_ARGS: |
+        restlisten=0.0.0.0:8080
+        bitcoin.node=bitcoind
+        bitcoind.rpchost=bitcoind:43782
+        bitcoind.zmqpubrawblock=tcp://bitcoind:28332
+        bitcoind.zmqpubrawtx=tcp://bitcoind:28333
+        externalip=customer_lnd:10009
+        no-macaroons=1
+        debuglevel=debug
+        noseedbackup=1
+        trickledelay=1000
+    ports:
+      - "53281:8080"
+    expose:
+      - "8080"
+      - "10009"
+    volumes:
+      - "customer_lnd_datadir:/root/.lnd"
+      - "bitcoin_datadir:/deps/.bitcoin"
+    links:
+      - bitcoind

 volumes:
    bitcoin_datadir:
    customer_lightningd_datadir:
    merchant_lightningd_datadir:
    lightning_charge_datadir:
+    customer_lnd_datadir:
+    merchant_lnd_datadir:
--- a/BTCPayServer.Tests/xunit.runner.json
+++ b/BTCPayServer.Tests/xunit.runner.json
@ -0,0 +1,3 @@
+{
+    "parallelizeTestCollections": false
+}
--- a/BTCPayServer/Authentication/BitIdentity.cs
+++ b/BTCPayServer/Authentication/BitIdentity.cs
@ -1,35 +0,0 @@
-using NBitcoin;
-using NBitcoin.DataEncoders;
-using System;
-using System.Collections.Generic;
-using System.Security.Principal;
-using System.Text;
-
-namespace BTCPayServer.Authentication
-{
-    public class BitIdentity : IIdentity
-    {
-        public BitIdentity(PubKey key)
-        {
-            PubKey = key;
-            _Name = Encoders.Base58Check.EncodeData(Encoders.Hex.DecodeData("0f02" + key.Hash.ToString()));
-            SIN = NBitpayClient.Extensions.BitIdExtensions.GetBitIDSIN(key);
-        }
-        string _Name;
-
-        public string SIN
-        {
-            get;
-        }
-        public PubKey PubKey
-        {
-            get;
-        }
-
-        public string AuthenticationType => "BitID";
-
-        public bool IsAuthenticated => true;
-
-        public string Name => _Name;
-    }
-}
--- a/BTCPayServer/Authentication/TokenRepository.cs
+++ b/BTCPayServer/Authentication/TokenRepository.cs
@ -33,6 +33,8 @@ namespace BTCPayServer.Authentication

        public async Task<BitTokenEntity[]> GetTokens(string sin)
        {
+            if (sin == null)
+                return Array.Empty<BitTokenEntity>();
            using (var ctx = _Factory.CreateContext())
            {
                return (await ctx.PairedSINData
@ -43,6 +45,46 @@ namespace BTCPayServer.Authentication
            }
        }

+        public async Task<String> GetStoreIdFromAPIKey(string apiKey)
+        {
+            using (var ctx = _Factory.CreateContext())
+            {
+                return await ctx.ApiKeys.Where(o => o.Id == apiKey).Select(o => o.StoreId).FirstOrDefaultAsync();
+            }
+        }
+
+        public async Task GenerateLegacyAPIKey(string storeId)
+        {
+            // It is legacy support and Bitpay generate string of unknown format, trying to replicate them
+            // as good as possible. The string below got generated for me.
+            var chars = "ERo0vkBMOYhyU0ZHvirCplbLDIGWPdi1ok77VnW7QdE";
+            var rand = new Random(Math.Abs(RandomUtils.GetInt32()));
+            var generated = new char[chars.Length];
+            for (int i = 0; i < generated.Length; i++)
+            {
+                generated[i] = chars[rand.Next(0, generated.Length)];
+            }
+
+            using (var ctx = _Factory.CreateContext())
+            {
+                var existing = await ctx.ApiKeys.Where(o => o.StoreId == storeId).FirstOrDefaultAsync();
+                if (existing != null)
+                {
+                    ctx.ApiKeys.Remove(existing);
+                }
+                ctx.ApiKeys.Add(new APIKeyData() { Id = new string(generated), StoreId = storeId });
+                await ctx.SaveChangesAsync().ConfigureAwait(false);
+            }
+        }
+
+        public async Task<string[]> GetLegacyAPIKeys(string storeId)
+        {
+            using (var ctx = _Factory.CreateContext())
+            {
+                return await ctx.ApiKeys.Where(o => o.StoreId == storeId).Select(c => c.Id).ToArrayAsync();
+            }
+        }
+
        private BitTokenEntity CreateTokenEntity(PairedSINData data)
        {
            return new BitTokenEntity()
--- a/BTCPayServer/BTCPayNetwork.cs
+++ b/BTCPayServer/BTCPayNetwork.cs
@ -44,7 +44,8 @@ namespace BTCPayServer
        public string CryptoCode { get; internal set; }
        public string BlockExplorerLink { get; internal set; }
        public string UriScheme { get; internal set; }
-        public RateProviderDescription DefaultRateProvider { get; set; }
+        public Money MinFee { get; internal set; }
+        public string DisplayName { get; set; }

        [Obsolete("Should not be needed")]
        public bool IsBTC
@ -62,6 +63,7 @@ namespace BTCPayServer
        public BTCPayDefaultSettings DefaultSettings { get; set; }
        public KeyPath CoinType { get; internal set; }
        public int MaxTrackedConfirmation { get; internal set; } = 6;
+        public string[] DefaultRateRules { get; internal set; } = Array.Empty<string>();

        public override string ToString()
        {
--- a/BTCPayServer/BTCPayNetworkProvider.Bitcoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Bitcoin.cs
@ -14,19 +14,16 @@ namespace BTCPayServer
        public void InitBitcoin()
        {
            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("BTC");
-            var coinaverage = new CoinAverageRateProviderDescription("BTC");
-            var bitpay = new BitpayRateProviderDescription();
-            var btcRate = new FallbackRateProviderDescription(new RateProviderDescription[] { coinaverage, bitpay });
            Add(new BTCPayNetwork()
            {
                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Bitcoin",
                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://www.smartbit.com.au/tx/{0}" : "https://testnet.smartbit.com.au/tx/{0}",
                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
                NBXplorerNetwork = nbxplorerNetwork,
                UriScheme = "bitcoin",
-                DefaultRateProvider = btcRate,
-                CryptoImagePath = "imlegacy/bitcoin-symbol.svg",
-                LightningImagePath = "imlegacy/btc-lightning.svg",
+                CryptoImagePath = "imlegacy/bitcoin.svg",
+                LightningImagePath = "imlegacy/bitcoin-lightning.svg",
                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("0'") : new KeyPath("1'")
            });
--- a/BTCPayServer/BTCPayNetworkProvider.BitcoinGold.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.BitcoinGold.cs
@ -0,0 +1,30 @@
+using NBitcoin;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitBitcoinGold()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("BTG");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "BGold",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://explorer.bitcoingold.org/insight/tx/{0}/" : "https://test-explorer.bitcoingold.org/insight/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "bitcoingold",
+                DefaultRateRules = new[]
+                {
+                    "BTG_X = BTG_BTC * BTC_X",
+                    "BTG_BTC = bitfinex(BTG_BTC)",
+                },
+                CryptoImagePath = "imlegacy/btg.svg",
+                LightningImagePath = "imlegacy/btg-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("156'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Bitcore.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Bitcore.cs
@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitBitcore()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("BTX");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Bitcore",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://insight.bitcore.cc/tx/{0}" : "https://insight.bitcore.cc/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "bitcore",
+                DefaultRateRules = new[]
+                {
+                                "BTX_X = BTX_BTC * BTC_X",
+                                "BTX_BTC = cryptopia(BTX_BTC)"
+                },
+                CryptoImagePath = "imlegacy/bitcore.svg",
+                LightningImagePath = "imlegacy/bitcore-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("160'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Dash.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Dash.cs
@ -0,0 +1,35 @@
+using NBitcoin;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitDash()
+        {
+            //not needed: NBitcoin.Altcoins.Dash.Instance.EnsureRegistered();
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("DASH");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Dash",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet
+                    ? "https://insight.dash.org/insight/tx/{0}"
+                    : "https://testnet-insight.dashevo.org/insight/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "dash",
+                DefaultRateRules = new[]
+                    {
+                        "DASH_X = DASH_BTC * BTC_X",
+                        "DASH_BTC = bittrex(DASH_BTC)"
+                    },
+                CryptoImagePath = "imlegacy/dash.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                //https://github.com/satoshilabs/slips/blob/master/slip-0044.md
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("5'")
+                    : new KeyPath("1'"),
+                MinFee = Money.Satoshis(1m)
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Dogecoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Dogecoin.cs
@ -16,14 +16,20 @@ namespace BTCPayServer
            Add(new BTCPayNetwork()
            {
                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Dogecoin",
                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://dogechain.info/tx/{0}" : "https://dogechain.info/tx/{0}",
                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
                NBXplorerNetwork = nbxplorerNetwork,
                UriScheme = "dogecoin",
-                DefaultRateProvider = new CoinAverageRateProviderDescription("DOGE"),
+                DefaultRateRules = new[] 
+                {
+                                "DOGE_X = DOGE_BTC * BTC_X",
+                                "DOGE_BTC = bittrex(DOGE_BTC)"
+                },
                CryptoImagePath = "imlegacy/dogecoin.png",
                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
-                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("3'") : new KeyPath("1'")
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("3'") : new KeyPath("1'"),
+                MinFee = Money.Coins(1m)
            });
        }
    }
--- a/BTCPayServer/BTCPayNetworkProvider.Feathercoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Feathercoin.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitFeathercoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("FTC");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Feathercoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://explorer.feathercoin.com/tx/{0}" : "https://explorer.feathercoin.com/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "feathercoin",
+                DefaultRateRules = new[] 
+                {
+                                "FTC_X = FTC_BTC * BTC_X",
+                                "FTC_BTC = bittrex(FTC_BTC)"
+                },
+                CryptoImagePath = "imlegacy/feathercoin.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("8'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Groestlcoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Groestlcoin.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using NBitcoin;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitGroestlcoin()
+        {
+
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("GRS");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Groestlcoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://chainz.cryptoid.info/grs/tx.dws?{0}.htm" : "https://chainz.cryptoid.info/grs-test/tx.dws?{0}.htm",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "groestlcoin",
+                DefaultRateRules = new[]
+                {
+                                "GRS_X = GRS_BTC * BTC_X",
+                                "GRS_BTC = bittrex(GRS_BTC)"
+                },
+                CryptoImagePath = "imlegacy/groestlcoin.png",
+                LightningImagePath = "imlegacy/groestlcoin-lightning.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("17'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Litecoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Litecoin.cs
@ -16,13 +16,13 @@ namespace BTCPayServer
            Add(new BTCPayNetwork()
            {
                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Litecoin",
                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://live.blockcypher.com/ltc/tx/{0}/" : "http://explorer.litecointools.com/tx/{0}",
                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
                NBXplorerNetwork = nbxplorerNetwork,
                UriScheme = "litecoin",
-                DefaultRateProvider = new CoinAverageRateProviderDescription("LTC"),
-                CryptoImagePath = "imlegacy/litecoin-symbol.svg",
-                LightningImagePath = "imlegacy/ltc-lightning.svg",
+                CryptoImagePath = "imlegacy/litecoin.svg",
+                LightningImagePath = "imlegacy/litecoin-lightning.svg",
                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("2'") : new KeyPath("1'")
            });
--- a/BTCPayServer/BTCPayNetworkProvider.Monacoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Monacoin.cs
@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitMonacoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("MONA");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Monacoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://mona.insight.monaco-ex.org/insight/tx/{0}" : "https://testnet-mona.insight.monaco-ex.org/insight/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "monacoin",
+                DefaultRateRules = new[] 
+                {
+                                "MONA_X = MONA_BTC * BTC_X",
+                                "MONA_BTC = zaif(MONA_BTC)"
+                },
+                CryptoImagePath = "imlegacy/monacoin.png",
+                LightningImagePath = "imlegacy/mona-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("22'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Polis.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Polis.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitPolis()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("POLIS");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Polis",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://insight.polispay.org/tx/{0}" : "https://insight.polispay.org/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "polis",
+                DefaultRateRules = new[]
+                {
+                                "POLIS_X = POLIS_BTC * BTC_X",
+                                "POLIS_BTC = cryptopia(POLIS_BTC)"
+                },
+                CryptoImagePath = "imlegacy/polis.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("1997'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Ufo.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Ufo.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitUfo()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("UFO");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Ufo",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://chainz.cryptoid.info/ufo/tx.dws?{0}" : "https://chainz.cryptoid.info/ufo/tx.dws?{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "ufo",
+                DefaultRateRules = new[] 
+                {
+                                "UFO_X = UFO_BTC * BTC_X",
+                                "UFO_BTC = coinexchange(UFO_BTC)"
+                },
+                CryptoImagePath = "imlegacy/ufo.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("202'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Viacoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Viacoin.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitViacoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("VIA");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Viacoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://explorer.viacoin.org/tx/{0}" : "https://explorer.viacoin.org/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "viacoin",
+                DefaultRateRules = new[]
+                {
+                                "VIA_X = VIA_BTC * BTC_X",
+                                "VIA_BTC = bittrex(VIA_BTC)"
+                },
+                CryptoImagePath = "imlegacy/viacoin.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("14'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.cs
@ -47,7 +47,16 @@ namespace BTCPayServer
            NetworkType = networkType;
            InitBitcoin();
            InitLitecoin();
+            InitBitcore();
            InitDogecoin();
+            InitBitcoinGold();
+            InitMonacoin();
+            InitDash();
+            InitPolis();
+            InitFeathercoin();
+            InitGroestlcoin();
+            InitViacoin();
+            //InitUfo();
        }

        /// <summary>
@ -86,7 +95,11 @@ namespace BTCPayServer

        public BTCPayNetwork GetNetwork(string cryptoCode)
        {
-            _Networks.TryGetValue(cryptoCode.ToUpperInvariant(), out BTCPayNetwork network);
+            if(!_Networks.TryGetValue(cryptoCode.ToUpperInvariant(), out BTCPayNetwork network))
+            {
+                if (cryptoCode == "XBT")
+                    return GetNetwork("BTC");
+            }
            return network;
        }
    }
--- a/BTCPayServer/BTCPayServer.csproj
+++ b/BTCPayServer/BTCPayServer.csproj
@ -1,10 +1,13 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
-		<Version>1.0.1.92</Version>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+		<Version>1.0.3.12</Version>
    <NoWarn>NU1701,CA1816,CA1308,CA1810,CA2208</NoWarn>
  </PropertyGroup>
+  <PropertyGroup>
+    <LangVersion>7.3</LangVersion>
+  </PropertyGroup>
  <ItemGroup>
    <Compile Remove="Build\dockerfiles\**" />
    <Compile Remove="wwwroot\bundles\jqueryvalidate\**" />
@ -30,37 +33,46 @@
    <EmbeddedResource Include="Currencies.txt" />
  </ItemGroup>
  <ItemGroup>
-    <PackageReference Include="BuildBundlerMinifier" Version="2.6.375" />
-    <PackageReference Include="Hangfire" Version="1.6.19" />
+    <PackageReference Include="BTCPayServer.Lightning.All" Version="1.1.0.2" />
+    <PackageReference Include="BuildBundlerMinifier" Version="2.7.385" />
+    <PackageReference Include="DigitalRuby.ExchangeSharp" Version="0.5.3" />
+    <PackageReference Include="Hangfire" Version="1.6.20" />
    <PackageReference Include="Hangfire.MemoryStorage" Version="1.5.2" />
-    <PackageReference Include="Hangfire.PostgreSql" Version="1.4.8.1" />
-    <PackageReference Include="LedgerWallet" Version="1.0.1.35" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="2.6.1" />
-    <PackageReference Include="Meziantou.AspNetCore.BundleTagHelpers" Version="1.0.1" />
+    <PackageReference Include="LedgerWallet" Version="2.0.0.3" />
+    <PackageReference Include="Meziantou.AspNetCore.BundleTagHelpers" Version="2.0.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="2.1.4" />
    <PackageReference Include="Microsoft.Extensions.Logging.Filter" Version="1.1.2" />
-    <PackageReference Include="Microsoft.NetCore.Analyzers" Version="2.6.0" />
-    <PackageReference Include="NBitcoin" Version="4.1.1" />
-    <PackageReference Include="NBitpayClient" Version="1.0.0.18" />	  
-    <PackageReference Include="DBreeze" Version="1.87.0" />
-    <PackageReference Include="NBXplorer.Client" Version="1.0.2" />
-    <PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.1" />
-    <PackageReference Include="NicolasDorier.CommandLine.Configuration" Version="1.0.0.2" />
-    <PackageReference Include="NicolasDorier.StandardConfiguration" Version="1.0.0.13" />
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="2.0.1" />
-    <PackageReference Include="System.ValueTuple" Version="4.4.0" />
-    <PackageReference Include="System.Xml.XmlSerializer" Version="4.0.11" />
-    <PackageReference Include="Text.Analyzers" Version="2.6.0" />
+    <PackageReference Include="Microsoft.NetCore.Analyzers" Version="2.6.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="NBitcoin" Version="4.1.1.71" />
+    <PackageReference Include="NBitpayClient" Version="1.0.0.30" />	  
+    <PackageReference Include="DBreeze" Version="1.92.0" />
+    <PackageReference Include="NBXplorer.Client" Version="1.0.3.11" />
+    <PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.2" />
+    <PackageReference Include="NicolasDorier.CommandLine.Configuration" Version="1.0.0.3" />
+    <PackageReference Include="NicolasDorier.RateLimits" Version="1.0.0.3" />
+    <PackageReference Include="NicolasDorier.StandardConfiguration" Version="1.0.0.18" />
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="2.1.2" />
+    <PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="2.1.2" />
+    <PackageReference Include="Serilog" Version="2.7.1" />
+    <PackageReference Include="Serilog.AspNetCore" Version="2.1.1" />
+    <PackageReference Include="Serilog.Sinks.File" Version="4.0.0" />
+    <PackageReference Include="SSH.NET" Version="2016.1.0" />
+    <PackageReference Include="System.Xml.XmlSerializer" Version="4.3.0" />
+    <PackageReference Include="Text.Analyzers" Version="2.6.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
  </ItemGroup>

 	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.6" />
-		<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="2.0.2" PrivateAssets="All" />
-		<PackageReference Include="YamlDotNet" Version="4.3.1" />
+    <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.6" />
+		<PackageReference Include="YamlDotNet" Version="5.2.1" />
 	</ItemGroup>

 	<ItemGroup>
-		<DotNetCliToolReference Include="Microsoft.EntityFrameworkCore.Tools.DotNet" Version="2.0.0" />
-		<DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="2.0.0" />
 		<DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="2.0.0" />
 	</ItemGroup>

@ -113,11 +125,61 @@
 	<ItemGroup>
 	  <Folder Include="Build\" />
 	  <Folder Include="wwwroot\vendor\clipboard.js\" />
+	  <Folder Include="wwwroot\vendor\highlightjs\" />
 	</ItemGroup>

 	<ItemGroup>
-	  <None Update="devtest.pfx">
-	    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-	  </None>
+    <Content Update="Views\Apps\_ViewImports.cshtml">
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Server\LndRestServices.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Server\SSHService.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Stores\ShowToken.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Stores\PayButtonEnable.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+	  <Content Update="Views\Stores\PayButton.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Public\PayButtonHandle.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Server\LndGrpcServices.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Server\Maintenance.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Server\Services.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\ListWallets.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\WalletRescan.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\WalletSendLedger.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\WalletTransactions.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\_Nav.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\_ViewImports.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\_ViewStart.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
 	</ItemGroup>
 </Project>
--- a/BTCPayServer/Configuration/BTCPayServerOptions.cs
+++ b/BTCPayServer/Configuration/BTCPayServerOptions.cs
@ -11,6 +11,12 @@ using StandardConfiguration;
 using Microsoft.Extensions.Configuration;
 using NBXplorer;
 using BTCPayServer.Payments.Lightning;
+using Renci.SshNet;
+using NBitcoin.DataEncoders;
+using BTCPayServer.SSH;
+using BTCPayServer.Lightning;
+using BTCPayServer.Configuration.External;
+using Serilog.Events;

 namespace BTCPayServer.Configuration
 {
@ -28,6 +34,12 @@ namespace BTCPayServer.Configuration
            get; set;
        }
        public string ConfigurationFile
+        {
+            get;
+            private set;
+        } 
+        
+        public string LogFile
        {
            get;
            private set;
@ -49,6 +61,16 @@ namespace BTCPayServer.Configuration
            set;
        } = new List<NBXplorerConnectionSetting>();

+        public static string GetDebugLog(IConfiguration configuration)
+        {
+            return configuration.GetValue<string>("debuglog", null);
+        }
+        public static LogEventLevel GetDebugLogLevel(IConfiguration configuration)
+        {
+            var raw = configuration.GetValue("debugloglevel", nameof(LogEventLevel.Debug));
+            return  (LogEventLevel)Enum.Parse(typeof(LogEventLevel), raw, true);
+        }
+
        public void LoadArgs(IConfiguration conf)
        {
            NetworkType = DefaultConfiguration.GetNetworkType(conf);
@ -74,34 +96,159 @@ namespace BTCPayServer.Configuration
                setting.ExplorerUri = conf.GetOrDefault<Uri>($"{net.CryptoCode}.explorer.url", net.NBXplorerNetwork.DefaultSettings.DefaultUrl);
                setting.CookieFile = conf.GetOrDefault<string>($"{net.CryptoCode}.explorer.cookiefile", net.NBXplorerNetwork.DefaultSettings.DefaultCookieFile);
                NBXplorerConnectionSettings.Add(setting);
-                var lightning = conf.GetOrDefault<string>($"{net.CryptoCode}.lightning", string.Empty);
-                if(lightning.Length != 0)
+
                {
-                    if(!LightningConnectionString.TryParse(lightning, out var connectionString, out var error))
+                    var lightning = conf.GetOrDefault<string>($"{net.CryptoCode}.lightning", string.Empty);
+                    if (lightning.Length != 0)
                    {
-                        throw new ConfigException($"Invalid setting {net.CryptoCode}.lightning, you need to pass either " +
-                            $"the absolute path to the unix socket of a running CLightning instance (eg. /root/.lightning/lightning-rpc), " +
-                            $"or the url to a charge server with crendetials (eg. https://apitoken@API_TOKEN_SECRET:charge.example.com/)");
+                        if (!LightningConnectionString.TryParse(lightning, true, out var connectionString, out var error))
+                        {
+                            throw new ConfigException($"Invalid setting {net.CryptoCode}.lightning, " + Environment.NewLine +
+                                $"If you have a lightning server use: 'type=clightning;server=/root/.lightning/lightning-rpc', " + Environment.NewLine +
+                                $"If you have a lightning charge server: 'type=charge;server=https://charge.example.com;api-token=yourapitoken'" + Environment.NewLine +
+                                $"If you have a lnd server: 'type=lnd-rest;server=https://lnd:lnd@lnd.example.com;macaroon=abf239...;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                $"              lnd server: 'type=lnd-rest;server=https://lnd:lnd@lnd.example.com;macaroonfilepath=/root/.lnd/admin.macaroon;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                error);
+                        }
+                        if (connectionString.IsLegacy)
+                        {
+                            Logs.Configuration.LogWarning($"Setting {net.CryptoCode}.lightning will work but use an deprecated format, please replace it by '{connectionString.ToString()}'");
+                        }
+                        InternalLightningByCryptoCode.Add(net.CryptoCode, connectionString);
                    }
-                    InternalLightningByCryptoCode.Add(net.CryptoCode, connectionString);
                }
+
+                void externalLnd<T>(string code, string lndType)
+                {
+                    var lightning = conf.GetOrDefault<string>(code, string.Empty);
+                    if (lightning.Length != 0)
+                    {
+                        if (!LightningConnectionString.TryParse(lightning, false, out var connectionString, out var error))
+                        {
+                            throw new ConfigException($"Invalid setting {code}, " + Environment.NewLine +
+                                $"lnd server: 'type={lndType};server=https://lnd.example.com;macaroon=abf239...;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                $"lnd server: 'type={lndType};server=https://lnd.example.com;macaroonfilepath=/root/.lnd/admin.macaroon;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                error);
+                        }
+                        var instanceType = typeof(T);
+                        ExternalServicesByCryptoCode.Add(net.CryptoCode, (ExternalService)Activator.CreateInstance(instanceType, connectionString));
+                    }
+                };
+
+                externalLnd<ExternalLndGrpc>($"{net.CryptoCode}.external.lnd.grpc", "lnd-grpc");
+                externalLnd<ExternalLndRest>($"{net.CryptoCode}.external.lnd.rest", "lnd-rest");
            }

            Logs.Configuration.LogInformation("Supported chains: " + String.Join(',', supportedChains.ToArray()));

            PostgresConnectionString = conf.GetOrDefault<string>("postgres", null);
+            MySQLConnectionString = conf.GetOrDefault<string>("mysql", null);
            BundleJsCss = conf.GetOrDefault<bool>("bundlejscss", true);
            ExternalUrl = conf.GetOrDefault<Uri>("externalurl", null);

+            var sshSettings = ParseSSHConfiguration(conf);
+            if ((!string.IsNullOrEmpty(sshSettings.Password) || !string.IsNullOrEmpty(sshSettings.KeyFile)) && !string.IsNullOrEmpty(sshSettings.Server))
+            {
+                int waitTime = 0;
+                while (!string.IsNullOrEmpty(sshSettings.KeyFile) && !File.Exists(sshSettings.KeyFile))
+                {
+                    if (waitTime++ < 5)
+                        System.Threading.Thread.Sleep(1000);
+                    else
+                        throw new ConfigException($"sshkeyfile does not exist");
+                }
+
+                if (sshSettings.Port > ushort.MaxValue ||
+                   sshSettings.Port < ushort.MinValue)
+                    throw new ConfigException($"ssh port is invalid");
+                if (!string.IsNullOrEmpty(sshSettings.Password) && !string.IsNullOrEmpty(sshSettings.KeyFile))
+                    throw new ConfigException($"sshpassword or sshkeyfile should be provided, but not both");
+                try
+                {
+                    sshSettings.CreateConnectionInfo();
+                }
+                catch
+                {
+                    throw new ConfigException($"sshkeyfilepassword is invalid");
+                }
+                SSHSettings = sshSettings;
+            }
+
+            var fingerPrints = conf.GetOrDefault<string>("sshtrustedfingerprints", "");
+            if (!string.IsNullOrEmpty(fingerPrints))
+            {
+                foreach (var fingerprint in fingerPrints.Split(';', StringSplitOptions.RemoveEmptyEntries))
+                {
+                    if (!SSHFingerprint.TryParse(fingerprint, out var f))
+                        throw new ConfigException($"Invalid ssh fingerprint format {fingerprint}");
+                    TrustedFingerprints.Add(f);
+                }
+            }
+
            RootPath = conf.GetOrDefault<string>("rootpath", "/");
            if (!RootPath.StartsWith("/", StringComparison.InvariantCultureIgnoreCase))
                RootPath = "/" + RootPath;
            var old = conf.GetOrDefault<Uri>("internallightningnode", null);
-            if(old != null)
+            if (old != null)
                throw new ConfigException($"internallightningnode should not be used anymore, use btclightning instead");
+
+            LogFile = GetDebugLog(conf);
+            if (!string.IsNullOrEmpty(LogFile))
+            {
+                Logs.Configuration.LogInformation("LogFile: " + LogFile);
+                Logs.Configuration.LogInformation("Log Level: " + GetDebugLogLevel(conf));
+            }
        }
+
+        private SSHSettings ParseSSHConfiguration(IConfiguration conf)
+        {
+            var externalUrl = conf.GetOrDefault<Uri>("externalurl", null);
+            var settings = new SSHSettings();
+            settings.Server = conf.GetOrDefault<string>("sshconnection", null);
+            if (settings.Server != null)
+            {
+                var parts = settings.Server.Split(':');
+                if (parts.Length == 2 && int.TryParse(parts[1], out int port))
+                {
+                    settings.Port = port;
+                    settings.Server = parts[0];
+                }
+                else
+                {
+                    settings.Port = 22;
+                }
+
+                parts = settings.Server.Split('@');
+                if (parts.Length == 2)
+                {
+                    settings.Username = parts[0];
+                    settings.Server = parts[1];
+                }
+                else
+                {
+                    settings.Username = "root";
+                }
+            }
+            else if (externalUrl != null)
+            {
+                settings.Port = 22;
+                settings.Username = "root";
+                settings.Server = externalUrl.DnsSafeHost;
+            }
+            settings.Password = conf.GetOrDefault<string>("sshpassword", "");
+            settings.KeyFile = conf.GetOrDefault<string>("sshkeyfile", "");
+            settings.KeyFilePassword = conf.GetOrDefault<string>("sshkeyfilepassword", "");
+            return settings;
+        }
+
+        internal bool IsTrustedFingerprint(byte[] fingerPrint, byte[] hostKey)
+        {
+            return TrustedFingerprints.Any(f => f.Match(fingerPrint, hostKey));
+        }
+
        public string RootPath { get; set; }
        public Dictionary<string, LightningConnectionString> InternalLightningByCryptoCode { get; set; } = new Dictionary<string, LightningConnectionString>();
+        public ExternalServices ExternalServicesByCryptoCode { get; set; } = new ExternalServices();

        public BTCPayNetworkProvider NetworkProvider { get; set; }
        public string PostgresConnectionString
@ -109,6 +256,11 @@ namespace BTCPayServer.Configuration
            get;
            set;
        }
+        public string MySQLConnectionString
+        {
+            get;
+            set;
+        }
        public Uri ExternalUrl
        {
            get;
@ -119,6 +271,12 @@ namespace BTCPayServer.Configuration
            get;
            set;
        }
+        public List<SSHFingerprint> TrustedFingerprints { get; set; } = new List<SSHFingerprint>();
+        public SSHSettings SSHSettings
+        {
+            get;
+            set;
+        }

        internal string GetRootUri()
        {
--- a/BTCPayServer/Configuration/ConfigurationExtensions.cs
+++ b/BTCPayServer/Configuration/ConfigurationExtensions.cs
@ -37,6 +37,8 @@ namespace BTCPayServer.Configuration
                }
            else if (typeof(T) == typeof(string))
                return (T)(object)str;
+            else if (typeof(T) == typeof(IPAddress))
+                return (T)(object)IPAddress.Parse(str);
            else if (typeof(T) == typeof(IPEndPoint))
            {
                var separator = str.LastIndexOf(":", StringComparison.InvariantCulture);
--- a/BTCPayServer/Configuration/DefaultConfiguration.cs
+++ b/BTCPayServer/Configuration/DefaultConfiguration.cs
@ -27,19 +27,28 @@ namespace BTCPayServer.Configuration
            };
            app.HelpOption("-? | -h | --help");
            app.Option("-n | --network", $"Set the network among (mainnet,testnet,regtest) (default: mainnet)", CommandOptionType.SingleValue);
-            app.Option("--testnet | -testnet", $"Use testnet (Deprecated, use --network instead)", CommandOptionType.BoolValue);
-            app.Option("--regtest | -regtest", $"Use regtest (Deprecated, use --network instead)", CommandOptionType.BoolValue);
-            app.Option("--chains | -c", $"Chains to support comma separated (default: btc, available: {chains})", CommandOptionType.SingleValue);
-            app.Option("--postgres", $"Connection string to postgres database (default: sqlite is used)", CommandOptionType.SingleValue);
-            app.Option("--externalurl", $"The expected external url of this service, to use if BTCPay is behind a reverse proxy (default: empty, use the incoming HTTP request to figure out)", CommandOptionType.SingleValue);
-            app.Option("--bundlejscss", $"Bundle javascript and css files for better performance (default: true)", CommandOptionType.SingleValue);
+            app.Option("--testnet | -testnet", $"Use testnet (deprecated, use --network instead)", CommandOptionType.BoolValue);
+            app.Option("--regtest | -regtest", $"Use regtest (deprecated, use --network instead)", CommandOptionType.BoolValue);
+            app.Option("--chains | -c", $"Chains to support as a comma separated (default: btc; available: {chains})", CommandOptionType.SingleValue);
+            app.Option("--postgres", $"Connection string to a PostgreSQL database (default: SQLite)", CommandOptionType.SingleValue);
+            app.Option("--mysql", $"Connection string to a MySQL database (default: SQLite)", CommandOptionType.SingleValue);
+            app.Option("--externalurl", $"The expected external URL of this service, to use if BTCPay is behind a reverse proxy (default: empty, use the incoming HTTP request to figure out)", CommandOptionType.SingleValue);
+            app.Option("--bundlejscss", $"Bundle JavaScript and CSS files for better performance (default: true)", CommandOptionType.SingleValue);
            app.Option("--rootpath", "The root path in the URL to access BTCPay (default: /)", CommandOptionType.SingleValue);
+            app.Option("--sshconnection", "SSH server to manage BTCPay under the form user@server:port (default: root@externalhost or empty)", CommandOptionType.SingleValue);
+            app.Option("--sshpassword", "SSH password to manage BTCPay (default: empty)", CommandOptionType.SingleValue);
+            app.Option("--sshkeyfile", "SSH private key file to manage BTCPay (default: empty)", CommandOptionType.SingleValue);
+            app.Option("--sshkeyfilepassword", "Password of the SSH keyfile (default: empty)", CommandOptionType.SingleValue);
+            app.Option("--sshtrustedfingerprints", "SSH Host public key fingerprint or sha256 (default: empty, it will allow untrusted connections)", CommandOptionType.SingleValue);
+            app.Option("--debuglog", "A rolling log file for debug messages.", CommandOptionType.SingleValue);
+            app.Option("--debugloglevel", "The severity you log (default:information)", CommandOptionType.SingleValue);
            foreach (var network in provider.GetAll())
            {
                var crypto = network.CryptoCode.ToLowerInvariant();
-                app.Option($"--{crypto}explorerurl", $"Url of the NBxplorer for {network.CryptoCode} (default: {network.NBXplorerNetwork.DefaultSettings.DefaultUrl})", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}explorerurl", $"URL of the NBXplorer for {network.CryptoCode} (default: {network.NBXplorerNetwork.DefaultSettings.DefaultUrl})", CommandOptionType.SingleValue);
                app.Option($"--{crypto}explorercookiefile", $"Path to the cookie file (default: {network.NBXplorerNetwork.DefaultSettings.DefaultCookieFile})", CommandOptionType.SingleValue);
-                app.Option($"--{crypto}lightning", $"Easy configuration of lightning for the server adnistrator: Must be a unix socket of CLightning (lightning-rpc) or URL to a charge server (default: empty)", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}lightning", $"Easy configuration of lightning for the server administrator: Must be a UNIX socket of c-lightning (lightning-rpc) or URL to a charge server (default: empty)", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}externallndgrpc", $"The LND gRPC configuration BTCPay will expose to easily connect to the internal lnd wallet from Zap wallet (default: empty)", CommandOptionType.SingleValue);
            }
            return app;
        }
@ -98,9 +107,12 @@ namespace BTCPayServer.Configuration
            builder.AppendLine("### Server settings ###");
            builder.AppendLine("#port=" + defaultSettings.DefaultPort);
            builder.AppendLine("#bind=127.0.0.1");
+            builder.AppendLine("#httpscertificatefilepath=devtest.pfx");
+            builder.AppendLine("#httpscertificatefilepassword=toto");
            builder.AppendLine();
            builder.AppendLine("### Database ###");
            builder.AppendLine("#postgres=User ID=root;Password=myPassword;Host=localhost;Port=5432;Database=myDataBase;");
+            builder.AppendLine("#mysql=User ID=root;Password=myPassword;Host=localhost;Port=3306;Database=myDataBase;");
            builder.AppendLine();
            builder.AppendLine("### NBXplorer settings ###");
            foreach (var n in new BTCPayNetworkProvider(networkType).GetAll())
--- a/BTCPayServer/Configuration/External/ExternalLnd.cs
+++ b/BTCPayServer/Configuration/External/ExternalLnd.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Lightning;
+
+namespace BTCPayServer.Configuration.External
+{
+    public abstract class ExternalLnd : ExternalService
+    {
+        public ExternalLnd(LightningConnectionString connectionString, LndTypes type)
+        {
+            ConnectionString = connectionString;
+            Type = type;
+        }
+
+        public LndTypes Type { get; set; }
+        public LightningConnectionString ConnectionString { get; set; }
+    }
+
+    public enum LndTypes
+    {
+        gRPC, Rest
+    }
+
+    public class ExternalLndGrpc : ExternalLnd
+    {
+        public ExternalLndGrpc(LightningConnectionString connectionString) : base(connectionString, LndTypes.gRPC) { }
+    }
+
+    public class ExternalLndRest : ExternalLnd
+    {
+        public ExternalLndRest(LightningConnectionString connectionString) : base(connectionString, LndTypes.Rest) { }
+    }
+}
--- a/BTCPayServer/Configuration/External/ExternalService.cs
+++ b/BTCPayServer/Configuration/External/ExternalService.cs
@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Lightning;
+
+namespace BTCPayServer.Configuration.External
+{
+    public class ExternalServices : MultiValueDictionary<string, ExternalService>
+    {
+        public IEnumerable<T> GetServices<T>(string cryptoCode) where T : ExternalService
+        {
+            if (!this.TryGetValue(cryptoCode.ToUpperInvariant(), out var services))
+                return Array.Empty<T>();
+            return services.OfType<T>();
+        }
+    }
+
+    public class ExternalService
+    {
+    }
+}
--- a/BTCPayServer/Controllers/AccessTokenController.cs
+++ b/BTCPayServer/Controllers/AccessTokenController.cs
@ -12,6 +12,8 @@ using System.Threading.Tasks;

 namespace BTCPayServer.Controllers
 {
+    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
+    [BitpayAPIConstraint(true)]
    public class AccessTokenController : Controller
    {
        TokenRepository _TokenRepository;
@ -23,12 +25,13 @@ namespace BTCPayServer.Controllers
        [Route("tokens")]
        public async Task<GetTokensResponse> Tokens()
        {
-            var tokens = await _TokenRepository.GetTokens(this.GetBitIdentity().SIN);
+            var tokens = await _TokenRepository.GetTokens(this.User.GetSIN());
            return new GetTokensResponse(tokens);
        }

        [HttpPost]
        [Route("tokens")]
+        [AllowAnonymous]
        public async Task<DataWrapper<List<PairingCodeResponse>>> Tokens([FromBody] TokenRequest request)
        {
            PairingCodeEntity pairingEntity = null;
@ -51,8 +54,8 @@ namespace BTCPayServer.Controllers
            }
            else
            {
-                var sin = this.GetBitIdentity(false)?.SIN ?? request.Id;
-                if (string.IsNullOrEmpty(request.Id) || !NBitpayClient.Extensions.BitIdExtensions.ValidateSIN(request.Id))
+                var sin = this.User.GetSIN() ?? request.Id;
+                if (string.IsNullOrEmpty(sin) || !NBitpayClient.Extensions.BitIdExtensions.ValidateSIN(sin))
                    throw new BitpayHttpException(400, "'id' property is required, alternatively, use BitId");

                pairingEntity = await _TokenRepository.GetPairingAsync(request.PairingCode);
@ -76,6 +79,7 @@ namespace BTCPayServer.Controllers
                {
                    new PairingCodeResponse()
                    {
+                        Policies = new Newtonsoft.Json.Linq.JArray(),
                        PairingCode = pairingEntity.Id,
                        PairingExpiration = pairingEntity.Expiration,
                        DateCreated = pairingEntity.CreatedTime,
--- a/BTCPayServer/Controllers/AccountController.cs
+++ b/BTCPayServer/Controllers/AccountController.cs
@ -16,10 +16,13 @@ using BTCPayServer.Services;
 using BTCPayServer.Services.Mails;
 using BTCPayServer.Services.Stores;
 using BTCPayServer.Logging;
+using BTCPayServer.Security;
+using System.Globalization;
+using NicolasDorier.RateLimits;

 namespace BTCPayServer.Controllers
 {
-    [Authorize]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [Route("[controller]/[action]")]
    public class AccountController : Controller
    {
@ -68,6 +71,7 @@ namespace BTCPayServer.Controllers
        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
+        [RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
        public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
        {
            ViewData["ReturnUrl"] = returnUrl;
@ -86,7 +90,7 @@ namespace BTCPayServer.Controllers
                }
                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
-                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
+                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
                if (result.Succeeded)
                {
                    _logger.LogInformation("User logged in.");
@ -235,23 +239,25 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [AllowAnonymous]
-        public async Task<IActionResult> Register(string returnUrl = null)
+        public async Task<IActionResult> Register(string returnUrl = null, bool logon = true)
        {
            var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
-            if (policies.LockSubscription)
+            if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
                return RedirectToAction(nameof(HomeController.Index), "Home");
            ViewData["ReturnUrl"] = returnUrl;
+            ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
            return View();
        }

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
-        public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null)
+        public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null, bool logon = true)
        {
            ViewData["ReturnUrl"] = returnUrl;
+            ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
            var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
-            if (policies.LockSubscription)
+            if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
                return RedirectToAction(nameof(HomeController.Index), "Home");
            if (ModelState.IsValid)
            {
@ -273,7 +279,8 @@ namespace BTCPayServer.Controllers
                    await _emailSender.SendEmailConfirmationAsync(model.Email, callbackUrl);
                    if (!policies.RequiresConfirmedEmail)
                    {
-                        await _signInManager.SignInAsync(user, isPersistent: false);
+                        if(logon)
+                            await _signInManager.SignInAsync(user, isPersistent: false);
                        return RedirectToLocal(returnUrl);
                    }
                    else
--- a/BTCPayServer/Controllers/AppsController.PointOfSale.cs
+++ b/BTCPayServer/Controllers/AppsController.PointOfSale.cs
@ -1,22 +1,11 @@
-using System;
-using Microsoft.EntityFrameworkCore;
-using System.Collections.Generic;
-using System.Linq;
+using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using BTCPayServer.Data;
-using BTCPayServer.Models;
 using BTCPayServer.Models.AppViewModels;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.Mvc;
-using NBitcoin.DataEncoders;
-using NBitcoin;
 using BTCPayServer.Services.Apps;
-using Newtonsoft.Json;
-using YamlDotNet.RepresentationModel;
-using System.IO;
-using BTCPayServer.Services.Rates;
-using System.Globalization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;

 namespace BTCPayServer.Controllers
 {
@ -26,26 +15,47 @@ namespace BTCPayServer.Controllers
        {
            public PointOfSaleSettings()
            {
-                Title = "My awesome Point of Sale";
+                Title = "Tea shop";
                Currency = "USD";
                Template =
-                    "tea:\n" +
-                    "  price: 0.02\n" +
-                    "  title: Green Tea # title is optional, defaults to the keys\n\n" +
-                    "coffee:\n" +
-                    "  price: 1\n\n" +
-                    "bamba:\n" +
-                    "  price: 3\n\n" +
-                    "beer:\n" +
-                    "  price: 7\n\n" +
-                    "hat:\n" +
-                    "  price: 15\n\n" +
-                    "tshirt:\n" +
-                    "  price: 25";
+                    "green tea:\n" +
+                    "  price: 1\n" +
+                    "  title: Green Tea\n" +
+                    "  description:  Lovely, fresh and tender, Meng Ding Gan Lu ('sweet dew') is grown in the lush Meng Ding Mountains of the southwestern province of Sichuan where it has been cultivated for over a thousand years.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2015/03/26/11/03/green-tea-692339__480.jpg\n\n" +
+                    "black tea:\n" +
+                    "  price: 1\n" +
+                    "  title: Black Tea\n" +
+                    "  description: Tian Jian Tian Jian means 'heavenly tippy tea' in Chinese, and it describes the finest grade of dark tea. Our Tian Jian dark tea is from Hunan province which is famous for making some of the best dark teas available.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2016/11/29/13/04/beverage-1869716__480.jpg\n\n" +
+                    "rooibos:\n" +
+                    "  price: 1.2\n" +
+                    "  title: Rooibos\n" +
+                    "  description: Rooibos is a dramatic red tea made from a South African herb that contains polyphenols and flavonoids. Often called 'African redbush tea', Rooibos herbal tea delights the senses and delivers potential health benefits with each caffeine-free sip.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2017/01/08/08/14/water-1962388__480.jpg\n\n" +
+                    "pu erh:\n" +
+                    "  price: 2\n" +
+                    "  title: Pu Erh\n" +
+                    "  description: This loose pur-erh tea is produced in Yunnan Province, China. The process in a relatively high humidity environment has mellowed the elemental character of the tea when compared to young Pu-erh.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2018/07/21/16/56/tea-cup-3552917__480.jpg\n\n" +
+                    "herbal tea:\n" +
+                    "  price: 1.8\n" +
+                    "  title: Herbal Tea\n" +
+                    "  description: Chamomile tea is made from the flower heads of the chamomile plant. The medicinal use of chamomile dates back to the ancient Egyptians, Romans and Greeks. Pay us what you want!\n" +
+                    "  image: https://cdn.pixabay.com/photo/2015/07/02/20/57/chamomile-829538__480.jpg\n" +
+                    "  custom: true\n\n" +
+                    "fruit tea:\n" +
+                    "  price: 1.5\n" +
+                    "  title: Fruit Tea\n" +
+                    "  description: The Tibetan Himalayas, the land is majestic and beautiful—a spiritual place where, despite the perilous environment, many journey seeking enlightenment. Pay us what you want!\n" +
+                    "  image: https://cdn.pixabay.com/photo/2016/09/16/11/24/darts-1673812__480.jpg\n" +
+                    "  custom: true";
+                ShowCustomAmount = true;
            }
            public string Title { get; set; }
            public string Currency { get; set; }
            public string Template { get; set; }
+            public bool ShowCustomAmount { get; set; }
        }

        [HttpGet]
@ -55,19 +65,60 @@ namespace BTCPayServer.Controllers
            var app = await GetOwnedApp(appId, AppType.PointOfSale);
            if (app == null)
                return NotFound();
-
            var settings = app.GetSettings<PointOfSaleSettings>();
-            return View(new UpdatePointOfSaleViewModel() { Title = settings.Title, Currency = settings.Currency, Template = settings.Template });
+            var vm = new UpdatePointOfSaleViewModel()
+            {
+                Title = settings.Title,
+                ShowCustomAmount = settings.ShowCustomAmount,
+                Currency = settings.Currency,
+                Template = settings.Template
+            };
+            if (HttpContext?.Request != null)
+            {
+                var appUrl = HttpContext.Request.GetAbsoluteRoot().WithTrailingSlash() + $"apps/{appId}/pos";
+                var encoder = HtmlEncoder.Default;
+                if (settings.ShowCustomAmount)
+                {
+                    StringBuilder builder = new StringBuilder();
+                    builder.AppendLine($"<form method=\"POST\" action=\"{encoder.Encode(appUrl)}\">");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"amount\" value=\"100\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"email\" value=\"customer@example.com\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"orderId\" value=\"CustomOrderId\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"notificationUrl\" value=\"https://example.com/callbacks\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"redirectUrl\" value=\"https://example.com/thanksyou\" />");
+                    builder.AppendLine($"  <button type=\"submit\">Buy now</button>");
+                    builder.AppendLine($"</form>");
+                    vm.Example1 = builder.ToString();
+                }
+                try
+                {
+                    var items = _AppsHelper.Parse(settings.Template, settings.Currency);
+                    var builder = new StringBuilder();
+                    builder.AppendLine($"<form method=\"POST\" action=\"{encoder.Encode(appUrl)}\">");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"email\" value=\"customer@example.com\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"orderId\" value=\"CustomOrderId\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"notificationUrl\" value=\"https://example.com/callbacks\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"redirectUrl\" value=\"https://example.com/thanksyou\" />");
+                    builder.AppendLine($"  <button type=\"submit\" name=\"choiceKey\" value=\"{items[0].Id}\">Buy now</button>");
+                    builder.AppendLine($"</form>");
+                    vm.Example2 = builder.ToString();
+                }
+                catch { }
+                vm.InvoiceUrl = appUrl + "invoices/SkdsDghkdP3D3qkj7bLq3";
+            }
+
+            vm.ExampleCallback = "{\n  \"id\":\"SkdsDghkdP3D3qkj7bLq3\",\n  \"url\":\"https://btcpay.example.com/invoice?id=SkdsDghkdP3D3qkj7bLq3\",\n  \"status\":\"paid\",\n  \"price\":10,\n  \"currency\":\"EUR\",\n  \"invoiceTime\":1520373130312,\n  \"expirationTime\":1520374030312,\n  \"currentTime\":1520373179327,\n  \"exceptionStatus\":false,\n  \"buyerFields\":{\n    \"buyerEmail\":\"customer@example.com\",\n    \"buyerNotify\":false\n  },\n  \"paymentSubtotals\": {\n    \"BTC\":114700\n  },\n  \"paymentTotals\": {\n    \"BTC\":118400\n  },\n  \"transactionCurrency\": \"BTC\",\n  \"amountPaid\": \"1025900\",\n  \"exchangeRates\": {\n    \"BTC\": {\n      \"EUR\": 8721.690715789999,\n      \"USD\": 10817.99\n    }\n  }\n}";
+            return View(vm);
        }
        [HttpPost]
        [Route("{appId}/settings/pos")]
        public async Task<IActionResult> UpdatePointOfSale(string appId, UpdatePointOfSaleViewModel vm)
        {
-            if (_Currencies.GetCurrencyData(vm.Currency) == null)
+            if (_AppsHelper.GetCurrencyData(vm.Currency, false) == null)
                ModelState.AddModelError(nameof(vm.Currency), "Invalid currency");
            try
            {
-                Parse(vm.Template, vm.Currency);
+                _AppsHelper.Parse(vm.Template, vm.Currency);
            }
            catch
            {
@ -83,105 +134,13 @@ namespace BTCPayServer.Controllers
            app.SetSettings(new PointOfSaleSettings()
            {
                Title = vm.Title,
+                ShowCustomAmount = vm.ShowCustomAmount,
                Currency = vm.Currency.ToUpperInvariant(),
                Template = vm.Template
            });
            await UpdateAppSettings(app);
            StatusMessage = "App updated";
-            return RedirectToAction(nameof(UpdatePointOfSale));
-        }
-
-        [HttpGet]
-        [Route("{appId}/pos")]
-        public async Task<IActionResult> ViewPointOfSale(string appId)
-        {
-            var app = await GetApp(appId, AppType.PointOfSale);
-            if (app == null)
-                return NotFound();
-            var settings = app.GetSettings<PointOfSaleSettings>();
-            return View(new ViewPointOfSaleViewModel()
-            {
-                Title = settings.Title,
-                Items = Parse(settings.Template, settings.Currency)
-            });
-        }
-
-        private async Task<AppData> GetApp(string appId, AppType appType)
-        {
-            using (var ctx = _ContextFactory.CreateContext())
-            {
-                return await ctx.Apps
-                                .Where(us => us.Id == appId && us.AppType == appType.ToString())
-                                .FirstOrDefaultAsync();
-            }
-        }
-
-        private ViewPointOfSaleViewModel.Item[] Parse(string template, string currency)
-        {
-            var input = new StringReader(template);
-            YamlStream stream = new YamlStream();
-            stream.Load(input);
-            var root = (YamlMappingNode)stream.Documents[0].RootNode;
-            return root
-                .Children
-                .Select(kv => new { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlMappingNode })
-                .Where(kv => kv.Value != null)
-                .Select(c => new ViewPointOfSaleViewModel.Item()
-                {
-                    Id = c.Key,
-                    Title = c.Value.Children
-                             .Select(kv => new { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlScalarNode })
-                             .Where(kv => kv.Value != null)
-                             .Where(cc => cc.Key == "title")
-                             .FirstOrDefault()?.Value?.Value ?? c.Key,
-                    Price = c.Value.Children
-                             .Select(kv => new { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlScalarNode })
-                             .Where(kv => kv.Value != null)
-                             .Where(cc => cc.Key == "price")
-                             .Select(cc => new ViewPointOfSaleViewModel.Item.ItemPrice()
-                             {
-                                 Value = decimal.Parse(cc.Value.Value, CultureInfo.InvariantCulture),
-                                 Formatted = FormatCurrency(cc.Value.Value, currency)
-                             })
-                             .Single()
-                })
-                .ToArray();
-        }
-
-        string FormatCurrency(string price, string currency)
-        {
-            return decimal.Parse(price, CultureInfo.InvariantCulture).ToString("C", _Currencies.GetCurrencyProvider(currency));
-        }
-
-        [HttpPost]
-        [Route("{appId}/pos")]
-        public async Task<IActionResult> ViewPointOfSale(string appId, string choiceKey)
-        {
-            var app = await GetApp(appId, AppType.PointOfSale);
-            if (app == null)
-                return NotFound();
-            var settings = app.GetSettings<PointOfSaleSettings>();
-            var choices = Parse(settings.Template, settings.Currency);
-            var choice = choices.FirstOrDefault(c => c.Id == choiceKey);
-            if (choice == null)
-                return NotFound();
-
-            var store = await GetStore(app);
-            var invoice = await _InvoiceController.CreateInvoiceCore(new NBitpayClient.Invoice()
-            {
-                ItemDesc = choice.Title,
-                Currency = settings.Currency,
-                Price = (double)choice.Price.Value,
-            }, store, HttpContext.Request.GetAbsoluteRoot());
-            return Redirect(invoice.Data.Url);
-        }
-
-        private async Task<StoreData> GetStore(AppData app)
-        {
-            using (var ctx = _ContextFactory.CreateContext())
-            {
-                return await ctx.Stores.FirstOrDefaultAsync(s => s.Id == app.StoreDataId);
-            }
+            return RedirectToAction(nameof(ListApps));
        }

        private async Task UpdateAppSettings(AppData app)
--- a/BTCPayServer/Controllers/AppsController.cs
+++ b/BTCPayServer/Controllers/AppsController.cs
@ -1,44 +1,47 @@
 using System;
-using Microsoft.EntityFrameworkCore;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 using BTCPayServer.Data;
 using BTCPayServer.Models;
 using BTCPayServer.Models.AppViewModels;
+using BTCPayServer.Security;
+using BTCPayServer.Services.Apps;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
-using NBitcoin.DataEncoders;
+using Microsoft.EntityFrameworkCore;
 using NBitcoin;
-using BTCPayServer.Services.Apps;
-using BTCPayServer.Services.Rates;
+using NBitcoin.DataEncoders;

 namespace BTCPayServer.Controllers
 {
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [AutoValidateAntiforgeryToken]
    [Route("apps")]
    public partial class AppsController : Controller
    {
-        ApplicationDbContextFactory _ContextFactory;
-        UserManager<ApplicationUser> _UserManager;
-        CurrencyNameTable _Currencies;
-        InvoiceController _InvoiceController;
-
-        [TempData]
-        public string StatusMessage { get; set; }
-
        public AppsController(
            UserManager<ApplicationUser> userManager,
            ApplicationDbContextFactory contextFactory,
-            CurrencyNameTable currencies,
-            InvoiceController invoiceController)
+            BTCPayNetworkProvider networkProvider,
+            AppsHelper appsHelper)
        {
-            _InvoiceController = invoiceController;
            _UserManager = userManager;
            _ContextFactory = contextFactory;
-            _Currencies = currencies;
+            _NetworkProvider = networkProvider;
+            _AppsHelper = appsHelper;
        }
+
+        private UserManager<ApplicationUser> _UserManager;
+        private ApplicationDbContextFactory _ContextFactory;
+        private BTCPayNetworkProvider _NetworkProvider;
+        private AppsHelper _AppsHelper;
+
+        [TempData]
+        public string StatusMessage { get; set; }
+        public string CreatedAppId { get; set; }
+
        public async Task<IActionResult> ListApps()
        {
            var apps = await GetAllApps();
@ -102,9 +105,9 @@ namespace BTCPayServer.Controllers
                StatusMessage = "Error: You are not owner of this store";
                return RedirectToAction(nameof(ListApps));
            }
+            var id = Encoders.Base58.EncodeData(RandomUtils.GetBytes(20));
            using (var ctx = _ContextFactory.CreateContext())
            {
-                var id = Encoders.Base58.EncodeData(RandomUtils.GetBytes(32));
                var appData = new AppData() { Id = id };
                appData.StoreDataId = selectedStore;
                appData.Name = vm.Name;
@ -113,6 +116,9 @@ namespace BTCPayServer.Controllers
                await ctx.SaveChangesAsync();
            }
            StatusMessage = "App successfully created";
+            CreatedAppId = id;
+            if (appType == AppType.PointOfSale)
+                return RedirectToAction(nameof(UpdatePointOfSale), new { appId = id });
            return RedirectToAction(nameof(ListApps));
        }

@ -131,19 +137,9 @@ namespace BTCPayServer.Controllers
            });
        }

-        private async Task<AppData> GetOwnedApp(string appId, AppType? type = null)
+        private Task<AppData> GetOwnedApp(string appId, AppType? type = null)
        {
-            var userId = GetUserId();
-            using (var ctx = _ContextFactory.CreateContext())
-            {
-                var app = await ctx.UserStore
-                                .Where(us => us.ApplicationUserId == userId && us.Role == StoreRoles.Owner)
-                                .SelectMany(us => us.StoreData.Apps.Where(a => a.Id == appId))
-                   .FirstOrDefaultAsync();
-                if (type != null && type.Value.ToString() != app.AppType)
-                    return null;
-                return app;
-            }
+            return _AppsHelper.GetAppDataIfOwner(GetUserId(), appId, type);
        }

        private async Task<StoreData[]> GetOwnedStores()
@ -174,24 +170,19 @@ namespace BTCPayServer.Controllers
            using (var ctx = _ContextFactory.CreateContext())
            {
                return await ctx.UserStore
-                   .Where(us => us.ApplicationUserId == userId)
-                   .Select(us => new
-                   {
-                       IsOwner = us.Role == StoreRoles.Owner,
-                       StoreId = us.StoreDataId,
-                       StoreName = us.StoreData.StoreName,
-                       Apps = us.StoreData.Apps
-                   })
-                   .SelectMany(us => us.Apps.Select(app => new ListAppsViewModel.ListAppViewModel()
-                   {
-                       IsOwner = us.IsOwner,
-                       AppName = app.Name,
-                       AppType = app.AppType,
-                       Id = app.Id,
-                       StoreId = us.StoreId,
-                       StoreName = us.StoreName
-                   }))
-                   .ToArrayAsync();
+                    .Where(us => us.ApplicationUserId == userId)
+                    .Join(ctx.Apps, us => us.StoreDataId, app => app.StoreDataId,
+                    (us, app) =>
+                    new ListAppsViewModel.ListAppViewModel()
+                    {
+                        IsOwner = us.Role == StoreRoles.Owner,
+                        StoreId = us.StoreDataId,
+                        StoreName = us.StoreData.StoreName,
+                        AppName = app.Name,
+                        AppType = app.AppType,
+                        Id = app.Id
+                    })
+                    .ToArrayAsync();
            }
        }

--- a/BTCPayServer/Controllers/AppsPublicController.cs
+++ b/BTCPayServer/Controllers/AppsPublicController.cs
@ -0,0 +1,228 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Models.AppViewModels;
+using BTCPayServer.Security;
+using BTCPayServer.Services.Apps;
+using BTCPayServer.Services.Rates;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using YamlDotNet.RepresentationModel;
+using static BTCPayServer.Controllers.AppsController;
+
+namespace BTCPayServer.Controllers
+{
+    public class AppsPublicController : Controller
+    {
+        public AppsPublicController(AppsHelper appsHelper, InvoiceController invoiceController)
+        {
+            _AppsHelper = appsHelper;
+            _InvoiceController = invoiceController;
+        }
+
+        private AppsHelper _AppsHelper;
+        private InvoiceController _InvoiceController;
+
+        [HttpGet]
+        [Route("/apps/{appId}/pos")]
+        public async Task<IActionResult> ViewPointOfSale(string appId)
+        {
+            var app = await _AppsHelper.GetApp(appId, AppType.PointOfSale);
+            if (app == null)
+                return NotFound();
+            var settings = app.GetSettings<PointOfSaleSettings>();
+            var currency = _AppsHelper.GetCurrencyData(settings.Currency, false);
+            double step = currency == null ? 1 : Math.Pow(10, -(currency.Divisibility));
+
+            return View(new ViewPointOfSaleViewModel()
+            {
+                Title = settings.Title,
+                Step = step.ToString(CultureInfo.InvariantCulture),
+                ShowCustomAmount = settings.ShowCustomAmount,
+                CurrencySymbol = currency.Symbol,
+                Items = _AppsHelper.Parse(settings.Template, settings.Currency)
+            });
+        }
+
+        [HttpPost]
+        [Route("/apps/{appId}/pos")]
+        [IgnoreAntiforgeryToken]
+        [EnableCors(CorsPolicies.All)]
+        public async Task<IActionResult> ViewPointOfSale(string appId,
+                                                        decimal amount,
+                                                        string email,
+                                                        string orderId,
+                                                        string notificationUrl,
+                                                        string redirectUrl,
+                                                        string choiceKey)
+        {
+            var app = await _AppsHelper.GetApp(appId, AppType.PointOfSale);
+            if (string.IsNullOrEmpty(choiceKey) && amount <= 0)
+            {
+                return RedirectToAction(nameof(ViewPointOfSale), new { appId = appId });
+            }
+            if (app == null)
+                return NotFound();
+            var settings = app.GetSettings<PointOfSaleSettings>();
+            if (string.IsNullOrEmpty(choiceKey) && !settings.ShowCustomAmount)
+            {
+                return RedirectToAction(nameof(ViewPointOfSale), new { appId = appId });
+            }
+            string title = null;
+            var price = 0.0m;
+            if (!string.IsNullOrEmpty(choiceKey))
+            {
+                var choices = _AppsHelper.Parse(settings.Template, settings.Currency);
+                var choice = choices.FirstOrDefault(c => c.Id == choiceKey);
+                if (choice == null)
+                    return NotFound();
+                title = choice.Title;
+                price = choice.Price.Value;
+            }
+            else
+            {
+                if (!settings.ShowCustomAmount)
+                    return NotFound();
+                price = amount;
+                title = settings.Title;
+            }
+            var store = await _AppsHelper.GetStore(app);
+            store.AdditionalClaims.Add(new Claim(Policies.CanCreateInvoice.Key, store.Id));
+            var invoice = await _InvoiceController.CreateInvoiceCore(new NBitpayClient.Invoice()
+            {
+                ItemCode = choiceKey ?? string.Empty,
+                ItemDesc = title,
+                Currency = settings.Currency,
+                Price = price,
+                BuyerEmail = email,
+                OrderId = orderId,
+                NotificationURL = notificationUrl,
+                RedirectURL = redirectUrl,
+                FullNotifications = true
+            }, store, HttpContext.Request.GetAbsoluteRoot());
+            return Redirect(invoice.Data.Url);
+        }
+    }
+
+
+    public class AppsHelper
+    {
+        ApplicationDbContextFactory _ContextFactory;
+        CurrencyNameTable _Currencies;
+
+        public AppsHelper(ApplicationDbContextFactory contextFactory, CurrencyNameTable currencies)
+        {
+            _ContextFactory = contextFactory;
+            _Currencies = currencies;
+
+        }
+
+        public async Task<AppData> GetApp(string appId, AppType appType)
+        {
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                return await ctx.Apps
+                                .Where(us => us.Id == appId &&
+                                             us.AppType == appType.ToString())
+                                .FirstOrDefaultAsync();
+            }
+        }
+
+        public async Task<StoreData> GetStore(AppData app)
+        {
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                return await ctx.Stores.FirstOrDefaultAsync(s => s.Id == app.StoreDataId);
+            }
+        }
+
+
+        public ViewPointOfSaleViewModel.Item[] Parse(string template, string currency)
+        {
+            if (string.IsNullOrWhiteSpace(template))
+                return Array.Empty<ViewPointOfSaleViewModel.Item>();
+            var input = new StringReader(template);
+            YamlStream stream = new YamlStream();
+            stream.Load(input);
+            var root = (YamlMappingNode)stream.Documents[0].RootNode;
+            return root
+                .Children
+                .Select(kv => new PosHolder { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlMappingNode })
+                .Where(kv => kv.Value != null)
+                .Select(c => new ViewPointOfSaleViewModel.Item()
+                {
+                    Description = c.GetDetailString("description"),
+                    Id = c.Key,
+                    Image = c.GetDetailString("image"),
+                    Title = c.GetDetailString("title") ?? c.Key,
+                    Price = c.GetDetail("price")
+                             .Select(cc => new ViewPointOfSaleViewModel.Item.ItemPrice()
+                             {
+                                 Value = decimal.Parse(cc.Value.Value, CultureInfo.InvariantCulture),
+                                 Formatted = FormatCurrency(cc.Value.Value, currency)
+                             }).Single(),
+                    Custom = c.GetDetailString("custom") == "true"
+                })
+                .ToArray();
+        }
+
+        private class PosHolder
+        {
+            public string Key { get; set; }
+            public YamlMappingNode Value { get; set; }
+
+            public IEnumerable<PosScalar> GetDetail(string field)
+            {
+                var res = Value.Children
+                                 .Where(kv => kv.Value != null)
+                                 .Select(kv => new PosScalar { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlScalarNode })
+                                 .Where(cc => cc.Key == field);
+                return res;
+            }
+
+            public string GetDetailString(string field)
+            {
+                return GetDetail(field).FirstOrDefault()?.Value?.Value;
+            }
+        }
+        private class PosScalar
+        {
+            public string Key { get; set; }
+            public YamlScalarNode Value { get; set; }
+        }
+
+        public string FormatCurrency(string price, string currency)
+        {
+            return decimal.Parse(price, CultureInfo.InvariantCulture).ToString("C", _Currencies.GetCurrencyProvider(currency));
+        }
+
+        public CurrencyData GetCurrencyData(string currency, bool useFallback)
+        {
+            return _Currencies.GetCurrencyData(currency, useFallback);
+        }
+        public async Task<AppData> GetAppDataIfOwner(string userId, string appId, AppType? type = null)
+        {
+            if (userId == null || appId == null)
+                return null;
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                var app = await ctx.UserStore
+                                .Where(us => us.ApplicationUserId == userId && us.Role == StoreRoles.Owner)
+                                .SelectMany(us => us.StoreData.Apps.Where(a => a.Id == appId))
+                   .FirstOrDefaultAsync();
+                if (app == null)
+                    return null;
+                if (type != null && type.Value.ToString() != app.AppType)
+                    return null;
+                return app;
+            }
+        }
+    }
+}
--- a/BTCPayServer/Controllers/ChangellyController.cs
+++ b/BTCPayServer/Controllers/ChangellyController.cs
@ -0,0 +1,119 @@
+using System;
+using System.Threading.Tasks;
+using BTCPayServer.Models;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Rating;
+using BTCPayServer.Services.Rates;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers
+{
+    [Route("[controller]/{storeId}")]
+    public class ChangellyController : Controller
+    {
+        private readonly ChangellyClientProvider _changellyClientProvider;
+        private readonly BTCPayNetworkProvider _btcPayNetworkProvider;
+        private readonly RateFetcher _RateProviderFactory;
+
+        public ChangellyController(ChangellyClientProvider changellyClientProvider,
+            BTCPayNetworkProvider btcPayNetworkProvider,
+            RateFetcher rateProviderFactory)
+        {
+            _RateProviderFactory = rateProviderFactory ?? throw new ArgumentNullException(nameof(rateProviderFactory));
+
+            _changellyClientProvider = changellyClientProvider;
+            _btcPayNetworkProvider = btcPayNetworkProvider;
+        }
+
+        [HttpGet]
+        [Route("currencies")]
+        public async Task<IActionResult> GetCurrencyList(string storeId)
+        {
+            try
+            {
+                
+                var client = await TryGetChangellyClient(storeId);
+                
+                return Ok(await client.GetCurrenciesFull());
+            }
+            catch (Exception e)
+            {
+                return BadRequest(new BitpayErrorModel()
+                {
+                    Error = e.Message
+                });
+            }
+        }
+
+        [HttpGet]
+        [Route("calculate")]
+        public async Task<IActionResult> CalculateAmount(string storeId, string fromCurrency, string toCurrency,
+            decimal toCurrencyAmount)
+        {
+            try
+            {
+                var client = await TryGetChangellyClient(storeId);
+
+                if (fromCurrency.Equals("usd", StringComparison.InvariantCultureIgnoreCase)
+                    || fromCurrency.Equals("eur", StringComparison.InvariantCultureIgnoreCase))
+                {
+                    return await HandleCalculateFiatAmount(fromCurrency, toCurrency, toCurrencyAmount);
+                }
+                
+                var callCounter = 0;
+                var baseRate = await client.GetExchangeAmount(fromCurrency, toCurrency, 1);
+                var currentAmount = ChangellyCalculationHelper.ComputeBaseAmount(baseRate, toCurrencyAmount);
+                while (true)
+                {
+                    if (callCounter > 10)
+                    {
+                        BadRequest();
+                    }
+
+                    var computedAmount = await client.GetExchangeAmount(fromCurrency, toCurrency, currentAmount);
+                    callCounter++;
+                    if (computedAmount < toCurrencyAmount)
+                    {
+                        currentAmount =
+                            ChangellyCalculationHelper.ComputeCorrectAmount(currentAmount, computedAmount,
+                                toCurrencyAmount);
+                    }
+                    else
+                    {
+                        return Ok(currentAmount);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                return BadRequest(new BitpayErrorModel()
+                {
+                    Error = e.Message
+                });
+            }
+        }
+
+        private async Task<Changelly> TryGetChangellyClient(string storeId)
+        {
+            var store = IsTest? null: HttpContext.GetStoreData();
+            storeId = storeId ?? store?.Id;
+
+            return await _changellyClientProvider.TryGetChangellyClient(storeId, store);
+        }
+
+        private async Task<IActionResult> HandleCalculateFiatAmount(string fromCurrency, string toCurrency,
+            decimal toCurrencyAmount)
+        {
+            var store = HttpContext.GetStoreData();
+            var rules = store.GetStoreBlob().GetRateRules(_btcPayNetworkProvider);
+            var rate = await _RateProviderFactory.FetchRate(new CurrencyPair(toCurrency, fromCurrency), rules);
+            if (rate.BidAsk == null) return BadRequest();
+            var flatRate = rate.BidAsk.Center;
+            return Ok(flatRate * toCurrencyAmount);
+        }
+
+        public bool IsTest { get; set; } = false;
+    }
+    
+    
+}
--- a/BTCPayServer/Controllers/HomeController.cs
+++ b/BTCPayServer/Controllers/HomeController.cs
@ -5,6 +5,7 @@ using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using BTCPayServer.Models;
+using NBitcoin.DataEncoders;

 namespace BTCPayServer.Controllers
 {
--- a/BTCPayServer/Controllers/InvoiceController.API.cs
+++ b/BTCPayServer/Controllers/InvoiceController.API.cs
@ -1,41 +1,32 @@
-using BTCPayServer.Authentication;
-using Microsoft.Extensions.Logging;
-using BTCPayServer.Filters;
-using BTCPayServer.Logging;
-using BTCPayServer.Models;
-using Microsoft.AspNetCore.Mvc;
-using NBitpayClient;
-using System;
-using System.Collections.Generic;
+using System;
 using System.Linq;
 using System.Threading.Tasks;
-using BTCPayServer.Data;
+using BTCPayServer.Filters;
+using BTCPayServer.Models;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Cors;
-using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Mvc;
+using NBitpayClient;

 namespace BTCPayServer.Controllers
 {
    [EnableCors("BitpayAPI")]
    [BitpayAPIConstraint]
+    [Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = Policies.BitpayAuthentication)]
    public class InvoiceControllerAPI : Controller
    {
        private InvoiceController _InvoiceController;
        private InvoiceRepository _InvoiceRepository;
-        private TokenRepository _TokenRepository;
-        private StoreRepository _StoreRepository;
        private BTCPayNetworkProvider _NetworkProvider;

        public InvoiceControllerAPI(InvoiceController invoiceController,
                                    InvoiceRepository invoceRepository,
-                                    TokenRepository tokenRepository,
-                                    StoreRepository storeRepository,
                                    BTCPayNetworkProvider networkProvider)
        {
            this._InvoiceController = invoiceController;
            this._InvoiceRepository = invoceRepository;
-            this._TokenRepository = tokenRepository;
-            this._StoreRepository = storeRepository;
            this._NetworkProvider = networkProvider;
        }

@ -44,21 +35,17 @@ namespace BTCPayServer.Controllers
        [MediaTypeConstraint("application/json")]
        public async Task<DataWrapper<InvoiceResponse>> CreateInvoice([FromBody] Invoice invoice)
        {
-            var bitToken = await CheckTokenPermissionAsync(Facade.Merchant, invoice.Token);
-            var store = await FindStore(bitToken);
-            return await _InvoiceController.CreateInvoiceCore(invoice, store, HttpContext.Request.GetAbsoluteRoot());
+            return await _InvoiceController.CreateInvoiceCore(invoice, HttpContext.GetStoreData(), HttpContext.Request.GetAbsoluteRoot());
        }

        [HttpGet]
        [Route("invoices/{id}")]
+        [AllowAnonymous]
        public async Task<DataWrapper<InvoiceResponse>> GetInvoice(string id, string token)
        {
-            var bitToken = await CheckTokenPermissionAsync(Facade.Merchant, token);
-            var store = await FindStore(bitToken);
-            var invoice = await _InvoiceRepository.GetInvoice(store.Id, id);
+            var invoice = await _InvoiceRepository.GetInvoice(null, id);
            if (invoice == null)
                throw new BitpayHttpException(404, "Object not found");
-
            var resp = invoice.EntityToDTO(_NetworkProvider);
            return new DataWrapper<InvoiceResponse>(resp);
        }
@ -77,8 +64,7 @@ namespace BTCPayServer.Controllers
        {
            if (dateEnd != null)
                dateEnd = dateEnd.Value + TimeSpan.FromDays(1); //Should include the end day
-            var bitToken = await CheckTokenPermissionAsync(Facade.Merchant, token);
-            var store = await FindStore(bitToken);
+            
            var query = new InvoiceQuery()
            {
                Count = limit,
@ -88,54 +74,13 @@ namespace BTCPayServer.Controllers
                OrderId = orderId,
                ItemCode = itemCode,
                Status = status == null ? null : new[] { status },
-                StoreId = new[] { store.Id }
+                StoreId = new[] { this.HttpContext.GetStoreData().Id }
            };

-
            var entities = (await _InvoiceRepository.GetInvoices(query))
                            .Select((o) => o.EntityToDTO(_NetworkProvider)).ToArray();

            return DataWrapper.Create(entities);
        }
-
-        private async Task<BitTokenEntity> CheckTokenPermissionAsync(Facade facade, string expectedToken)
-        {
-            if (facade == null)
-                throw new ArgumentNullException(nameof(facade));
-
-            var actualTokens = (await _TokenRepository.GetTokens(this.GetBitIdentity().SIN)).ToArray();
-            actualTokens = actualTokens.SelectMany(t => GetCompatibleTokens(t)).ToArray();
-
-            var actualToken = actualTokens.FirstOrDefault(a => a.Value.Equals(expectedToken, StringComparison.Ordinal));
-            if (expectedToken == null || actualToken == null)
-            {
-                Logs.PayServer.LogDebug($"No token found for facade {facade} for SIN {this.GetBitIdentity().SIN}");
-                throw new BitpayHttpException(401, $"This endpoint does not support the `{actualTokens.Select(a => a.Facade).Concat(new[] { "user" }).FirstOrDefault()}` facade");
-            }
-            return actualToken;
-        }
-
-        private IEnumerable<BitTokenEntity> GetCompatibleTokens(BitTokenEntity token)
-        {
-            if (token.Facade == Facade.Merchant.ToString())
-            {
-                yield return token.Clone(Facade.User);
-                yield return token.Clone(Facade.PointOfSale);
-            }
-            if (token.Facade == Facade.PointOfSale.ToString())
-            {
-                yield return token.Clone(Facade.User);
-            }
-            yield return token;
-        }
-
-        private async Task<StoreData> FindStore(BitTokenEntity bitToken)
-        {
-            var store = await _StoreRepository.FindStore(bitToken.StoreId);
-            if (store == null)
-                throw new BitpayHttpException(401, "Unknown store");
-            return store;
-        }
-
    }
 }
--- a/BTCPayServer/Controllers/InvoiceController.PaymentProtocol.cs
+++ b/BTCPayServer/Controllers/InvoiceController.PaymentProtocol.cs
@ -1,16 +1,14 @@
-using BTCPayServer.Filters;
-using Microsoft.Extensions.Logging;
-using BTCPayServer.Logging;
-using Microsoft.AspNetCore.Mvc;
-using NBitcoin;
-using NBitcoin.Payment;
-using System;
-using System.Collections.Generic;
+using System;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
-using BTCPayServer.Services.Invoices;
+using BTCPayServer.Filters;
+using BTCPayServer.Logging;
 using BTCPayServer.Payments;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using NBitcoin;
+using NBitcoin.Payment;

 namespace BTCPayServer.Controllers
 {
@ -78,10 +76,42 @@ namespace BTCPayServer.Controllers
            var wallet = _WalletProvider.GetWallet(network);
            if (wallet == null)
                return NotFound();
-            var payment = PaymentMessage.Load(Request.Body);
+            var payment = PaymentMessage.Load(Request.Body, network.NBitcoinNetwork);
            var unused = wallet.BroadcastTransactionsAsync(payment.Transactions);
            await _InvoiceRepository.AddRefundsAsync(invoiceId, payment.RefundTo.Select(p => new TxOut(p.Amount, p.Script)).ToArray(), network.NBitcoinNetwork);
            return new PaymentAckActionResult(payment.CreateACK(invoiceId + " is currently processing, thanks for your purchase..."));
        }
    }
+
+
+    public class PaymentRequestActionResult : IActionResult
+    {
+        PaymentRequest req;
+        public PaymentRequestActionResult(PaymentRequest req)
+        {
+            this.req = req;
+        }
+        public Task ExecuteResultAsync(ActionContext context)
+        {
+            context.HttpContext.Response.Headers["Content-Transfer-Encoding"] = "binary";
+            context.HttpContext.Response.ContentType = "application/bitcoin-paymentrequest";
+            req.WriteTo(context.HttpContext.Response.Body);
+            return Task.CompletedTask;
+        }
+    }
+    public class PaymentAckActionResult : IActionResult
+    {
+        PaymentACK req;
+        public PaymentAckActionResult(PaymentACK req)
+        {
+            this.req = req;
+        }
+        public Task ExecuteResultAsync(ActionContext context)
+        {
+            context.HttpContext.Response.Headers["Content-Transfer-Encoding"] = "binary";
+            context.HttpContext.Response.ContentType = "application/bitcoin-paymentack";
+            req.WriteTo(context.HttpContext.Response.Body);
+            return Task.CompletedTask;
+        }
+    }
 }
--- a/BTCPayServer/Controllers/InvoiceController.UI.cs
+++ b/BTCPayServer/Controllers/InvoiceController.UI.cs
@ -1,27 +1,26 @@
-using BTCPayServer.Data;
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Net.WebSockets;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Events;
 using BTCPayServer.Filters;
 using BTCPayServer.Models.InvoicingModels;
+using BTCPayServer.Payments;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
+using BTCPayServer.Services.Rates;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Rendering;
 using NBitcoin;
 using NBitpayClient;
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.Linq;
-using System.Security.Claims;
-using System.Text;
-using System.Threading.Tasks;
-using BTCPayServer.Services.Rates;
-using System.Net.WebSockets;
-using System.Threading;
-using BTCPayServer.Events;
 using NBXplorer;
-using BTCPayServer.Payments;
-using BTCPayServer.Payments.Lightning;

 namespace BTCPayServer.Controllers
 {
@ -33,7 +32,6 @@ namespace BTCPayServer.Controllers
        {
            var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery()
            {
-                UserId = GetUserId(),
                InvoiceId = invoiceId,
                IncludeAddresses = true,
                IncludeEvents = true
@ -50,14 +48,18 @@ namespace BTCPayServer.Controllers
                StoreLink = Url.Action(nameof(StoresController.UpdateStore), "Stores", new { storeId = store.Id }),
                Id = invoice.Id,
                Status = invoice.Status,
-                TransactionSpeed = invoice.SpeedPolicy == SpeedPolicy.HighSpeed ? "high" : invoice.SpeedPolicy == SpeedPolicy.MediumSpeed ? "medium" : "low",
+                TransactionSpeed = invoice.SpeedPolicy == SpeedPolicy.HighSpeed ? "high" :
+                                   invoice.SpeedPolicy == SpeedPolicy.MediumSpeed ? "medium" :
+                                   invoice.SpeedPolicy == SpeedPolicy.LowMediumSpeed ? "low-medium" :
+                                   "low",
                RefundEmail = invoice.RefundMail,
                CreatedDate = invoice.InvoiceTime,
                ExpirationDate = invoice.ExpirationTime,
                MonitoringDate = invoice.MonitoringExpiration,
                OrderId = invoice.OrderId,
                BuyerInformation = invoice.BuyerInformation,
-                Fiat = FormatCurrency((decimal)dto.Price, dto.Currency),
+                Fiat = _CurrencyNameTable.DisplayFormatCurrency((decimal)dto.Price, dto.Currency),
+                NotificationEmail = invoice.NotificationEmail,
                NotificationUrl = invoice.NotificationURL,
                RedirectUrl = invoice.RedirectURL,
                ProductInformation = invoice.ProductInformation,
@ -74,13 +76,14 @@ namespace BTCPayServer.Controllers
                cryptoPayment.PaymentMethod = ToString(paymentMethodId);
                cryptoPayment.Due = accounting.Due.ToString() + $" {paymentMethodId.CryptoCode}";
                cryptoPayment.Paid = accounting.CryptoPaid.ToString() + $" {paymentMethodId.CryptoCode}";
+                cryptoPayment.Overpaid = (accounting.DueUncapped > Money.Zero ? Money.Zero : -accounting.DueUncapped).ToString() + $" {paymentMethodId.CryptoCode}";

                var onchainMethod = data.GetPaymentMethodDetails() as Payments.Bitcoin.BitcoinLikeOnChainPaymentMethod;
                if (onchainMethod != null)
                {
                    cryptoPayment.Address = onchainMethod.DepositAddress;
                }
-                cryptoPayment.Rate = FormatCurrency(data);
+                cryptoPayment.Rate = ExchangeRate(data);
                cryptoPayment.PaymentUrl = cryptoInfo.PaymentUrls.BIP21;
                model.CryptoPayments.Add(cryptoPayment);
            }
@ -170,7 +173,9 @@ namespace BTCPayServer.Controllers
        [Route("invoice")]
        [AcceptMediaTypeConstraint("application/bitcoin-paymentrequest", false)]
        [XFrameOptionsAttribute(null)]
-        public async Task<IActionResult> Checkout(string invoiceId, string id = null, string paymentMethodId = null)
+        [ReferrerPolicyAttribute("origin")]
+        public async Task<IActionResult> Checkout(string invoiceId, string id = null, string paymentMethodId = null,
+            [FromQuery]string view = null)
        {
            //Keep compatibility with Bitpay
            invoiceId = invoiceId ?? id;
@ -181,6 +186,22 @@ namespace BTCPayServer.Controllers
            if (model == null)
                return NotFound();

+            if (view == "modal")
+                model.IsModal = true;
+
+            _CSP.Add(new ConsentSecurityPolicy("script-src", "'unsafe-eval'")); // Needed by Vue
+            if (!string.IsNullOrEmpty(model.CustomCSSLink) &&
+                Uri.TryCreate(model.CustomCSSLink, UriKind.Absolute, out var uri))
+            {
+                _CSP.Clear();
+            }
+
+            if (!string.IsNullOrEmpty(model.CustomLogoLink) &&
+                Uri.TryCreate(model.CustomLogoLink, UriKind.Absolute, out uri))
+            {
+                _CSP.Clear();
+            }
+
            return View(nameof(Checkout), model);
        }

@ -193,21 +214,31 @@ namespace BTCPayServer.Controllers
            bool isDefaultCrypto = false;
            if (paymentMethodIdStr == null)
            {
-                paymentMethodIdStr = store.GetDefaultCrypto();
+                paymentMethodIdStr = store.GetDefaultCrypto(_NetworkProvider);
                isDefaultCrypto = true;
            }
-
            var paymentMethodId = PaymentMethodId.Parse(paymentMethodIdStr);
            var network = _NetworkProvider.GetNetwork(paymentMethodId.CryptoCode);
+            if (network == null && isDefaultCrypto)
+            {
+                network = _NetworkProvider.GetAll().FirstOrDefault();
+                paymentMethodId = new PaymentMethodId(network.CryptoCode, PaymentTypes.BTCLike);
+                paymentMethodIdStr = paymentMethodId.ToString();
+            }
            if (invoice == null || network == null)
                return null;
            if (!invoice.Support(paymentMethodId))
            {
                if (!isDefaultCrypto)
                    return null;
-                var paymentMethodTemp = invoice.GetPaymentMethods(_NetworkProvider).First();
+                var paymentMethodTemp = invoice.GetPaymentMethods(_NetworkProvider)
+                                               .Where(c => paymentMethodId.CryptoCode == c.GetId().CryptoCode)
+                                               .FirstOrDefault();
+                if (paymentMethodTemp == null)
+                    paymentMethodTemp = invoice.GetPaymentMethods(_NetworkProvider).First();
                network = paymentMethodTemp.Network;
                paymentMethodId = paymentMethodTemp.GetId();
+                paymentMethodIdStr = paymentMethodId.ToString();
            }

            var paymentMethod = invoice.GetPaymentMethod(paymentMethodId, _NetworkProvider);
@ -217,27 +248,43 @@ namespace BTCPayServer.Controllers
            var storeBlob = store.GetStoreBlob();
            var currency = invoice.ProductInformation.Currency;
            var accounting = paymentMethod.Calculate();
+
+            ChangellySettings changelly = (storeBlob.ChangellySettings != null && storeBlob.ChangellySettings.Enabled &&
+                                           storeBlob.ChangellySettings.IsConfigured())
+                ? storeBlob.ChangellySettings
+                : null;
+
+
+            var changellyAmountDue = changelly != null
+                ? (accounting.Due.ToDecimal(MoneyUnit.BTC) *
+                   (1m + (changelly.AmountMarkupPercentage / 100m)))
+                : (decimal?)null;
+
            var model = new PaymentModel()
            {
                CryptoCode = network.CryptoCode,
                PaymentMethodId = paymentMethodId.ToString(),
+                PaymentMethodName = GetDisplayName(paymentMethodId, network),
+                CryptoImage = GetImage(paymentMethodId, network),
                IsLightning = paymentMethodId.PaymentType == PaymentTypes.LightningLike,
                ServerUrl = HttpContext.Request.GetAbsoluteRoot(),
                OrderId = invoice.OrderId,
                InvoiceId = invoice.Id,
-                DefaultLang = storeBlob.DefaultLang ?? "en-US",
+                DefaultLang = storeBlob.DefaultLang ?? "en",
+                HtmlTitle = storeBlob.HtmlTitle ?? "BTCPay Invoice",
                CustomCSSLink = storeBlob.CustomCSS?.AbsoluteUri,
                CustomLogoLink = storeBlob.CustomLogo?.AbsoluteUri,
                BtcAddress = paymentMethodDetails.GetPaymentDestination(),
-                OrderAmount = (accounting.TotalDue - accounting.NetworkFee).ToString(),
                BtcDue = accounting.Due.ToString(),
+                OrderAmount = (accounting.TotalDue - accounting.NetworkFee).ToString(),
+                OrderAmountFiat = OrderAmountFromInvoice(network.CryptoCode, invoice.ProductInformation),
                CustomerEmail = invoice.RefundMail,
                RequiresRefundEmail = storeBlob.RequiresRefundEmail,
                ExpirationSeconds = Math.Max(0, (int)(invoice.ExpirationTime - DateTimeOffset.UtcNow).TotalSeconds),
                MaxTimeSeconds = (int)(invoice.ExpirationTime - invoice.InvoiceTime).TotalSeconds,
                MaxTimeMinutes = (int)(invoice.ExpirationTime - invoice.InvoiceTime).TotalMinutes,
                ItemDesc = invoice.ProductInformation.ItemDesc,
-                Rate = FormatCurrency(paymentMethod),
+                Rate = ExchangeRate(paymentMethod),
                MerchantRefLink = invoice.RedirectURL ?? "/",
                StoreName = store.StoreName,
                InvoiceBitcoinUrl = paymentMethodId.PaymentType == PaymentTypes.BTCLike ? cryptoInfo.PaymentUrls.BIP21 :
@ -250,19 +297,25 @@ namespace BTCPayServer.Controllers
                TxCount = accounting.TxRequired,
                BtcPaid = accounting.Paid.ToString(),
                Status = invoice.Status,
-                CryptoImage = "/" + GetImage(paymentMethodId, network),
                NetworkFee = paymentMethodDetails.GetTxFee(),
                IsMultiCurrency = invoice.GetPayments().Select(p => p.GetPaymentMethodId()).Concat(new[] { paymentMethod.GetId() }).Distinct().Count() > 1,
-                AllowCoinConversion = storeBlob.AllowCoinConversion,
+                ChangellyEnabled = changelly != null,
+                ChangellyMerchantId = changelly?.ChangellyMerchantId,
+                ChangellyAmountDue = changellyAmountDue,
+                StoreId = store.Id,
                AvailableCryptos = invoice.GetPaymentMethods(_NetworkProvider)
                                          .Where(i => i.Network != null)
                                          .Select(kv => new PaymentModel.AvailableCrypto()
                                          {
                                              PaymentMethodId = kv.GetId().ToString(),
-                                              CryptoImage = "/" + GetImage(kv.GetId(), kv.Network),
+                                              CryptoCode = kv.GetId().CryptoCode,
+                                              PaymentMethodName = GetDisplayName(kv.GetId(), kv.Network),
+                                              IsLightning = kv.GetId().PaymentType == PaymentTypes.LightningLike,
+                                              CryptoImage = GetImage(kv.GetId(), kv.Network),
                                              Link = Url.Action(nameof(Checkout), new { invoiceId = invoiceId, paymentMethodId = kv.GetId().ToString() })
                                          }).Where(c => c.CryptoImage != "/")
-                .ToList()
+                                          .OrderByDescending(a => a.CryptoCode == "BTC").ThenBy(a => a.PaymentMethodName).ThenBy(a => a.IsLightning ? 1 : 0)
+                                          .ToList()
            };

            var expiration = TimeSpan.FromSeconds(model.ExpirationSeconds);
@ -270,19 +323,31 @@ namespace BTCPayServer.Controllers
            return model;
        }

-        private string GetImage(PaymentMethodId paymentMethodId, BTCPayNetwork network)
+        private string GetDisplayName(PaymentMethodId paymentMethodId, BTCPayNetwork network)
        {
-            return (paymentMethodId.PaymentType == PaymentTypes.BTCLike ? Url.Content(network.CryptoImagePath) : Url.Content(network.LightningImagePath));
+            return paymentMethodId.PaymentType == PaymentTypes.BTCLike ?
+                network.DisplayName : network.DisplayName + " (Lightning)";
        }

-        private string FormatCurrency(PaymentMethod paymentMethod)
+        private string GetImage(PaymentMethodId paymentMethodId, BTCPayNetwork network)
+        {
+            var res = paymentMethodId.PaymentType == PaymentTypes.BTCLike ?
+                Url.Content(network.CryptoImagePath) : Url.Content(network.LightningImagePath);
+            return "/" + res;
+        }
+
+        private string OrderAmountFromInvoice(string cryptoCode, ProductInformation productInformation)
+        {
+            // if invoice source currency is the same as currently display currency, no need for "order amount from invoice"
+            if (cryptoCode == productInformation.Currency)
+                return null;
+
+            return _CurrencyNameTable.DisplayFormatCurrency(productInformation.Price, productInformation.Currency);
+        }
+        private string ExchangeRate(PaymentMethod paymentMethod)
        {
            string currency = paymentMethod.ParentEntity.ProductInformation.Currency;
-            return FormatCurrency(paymentMethod.Rate, currency);
-        }
-        public string FormatCurrency(decimal price, string currency)
-        {
-            return price.ToString("C", _CurrencyNameTable.GetCurrencyProvider(currency)) + $" ({currency})";
+            return _CurrencyNameTable.DisplayFormatCurrency(paymentMethod.Rate, currency);
        }

        [HttpGet]
@ -311,7 +376,7 @@ namespace BTCPayServer.Controllers
            {
                leases.Add(_EventAggregator.Subscribe<Events.InvoiceDataChangedEvent>(async o => await NotifySocket(webSocket, o.InvoiceId, invoiceId)));
                leases.Add(_EventAggregator.Subscribe<Events.InvoiceNewAddressEvent>(async o => await NotifySocket(webSocket, o.InvoiceId, invoiceId)));
-                leases.Add(_EventAggregator.Subscribe<Events.InvoiceEvent>(async o => await NotifySocket(webSocket, o.InvoiceId, invoiceId)));
+                leases.Add(_EventAggregator.Subscribe<Events.InvoiceEvent>(async o => await NotifySocket(webSocket, o.Invoice.Id, invoiceId)));
                while (true)
                {
                    var message = await webSocket.ReceiveAsync(DummyBuffer, default(CancellationToken));
@ -355,46 +420,62 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("invoices")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public async Task<IActionResult> ListInvoices(string searchTerm = null, int skip = 0, int count = 50)
        {
-            var model = new InvoicesModel();
-            var filterString = new SearchString(searchTerm);
-            foreach (var invoice in await _InvoiceRepository.GetInvoices(new InvoiceQuery()
+            var model = new InvoicesModel
            {
-                TextSearch = filterString.TextSearch,
-                Count = count,
+                SearchTerm = searchTerm,
                Skip = skip,
-                UserId = GetUserId(),
-                Status = filterString.Filters.ContainsKey("status") ? filterString.Filters["status"].ToArray() : null,
-                StoreId = filterString.Filters.ContainsKey("storeid") ? filterString.Filters["storeid"].ToArray() : null
-            }))
+                Count = count,
+                StatusMessage = StatusMessage
+            };
+
+            var list = await ListInvoicesProcess(searchTerm, skip, count);
+            foreach (var invoice in list)
            {
-                model.SearchTerm = searchTerm;
                model.Invoices.Add(new InvoiceModel()
                {
-                    Status = invoice.Status,
-                    Date = (DateTimeOffset.UtcNow - invoice.InvoiceTime).Prettify() + " ago",
+                    Status = invoice.Status + (invoice.ExceptionStatus == null ? string.Empty : $" ({invoice.ExceptionStatus})"),
+                    ShowCheckout = invoice.Status == "new",
+                    Date = invoice.InvoiceTime,
                    InvoiceId = invoice.Id,
                    OrderId = invoice.OrderId ?? string.Empty,
                    RedirectUrl = invoice.RedirectURL ?? string.Empty,
                    AmountCurrency = $"{invoice.ProductInformation.Price.ToString(CultureInfo.InvariantCulture)} {invoice.ProductInformation.Currency}"
                });
            }
-            model.Skip = skip;
-            model.Count = count;
-            model.StatusMessage = StatusMessage;
            return View(model);
        }

+        private async Task<InvoiceEntity[]> ListInvoicesProcess(string searchTerm = null, int skip = 0, int count = 50)
+        {
+            var filterString = new SearchString(searchTerm);
+            var list = await _InvoiceRepository.GetInvoices(new InvoiceQuery()
+            {
+                TextSearch = filterString.TextSearch,
+                Count = count,
+                Skip = skip,
+                UserId = GetUserId(),
+                Unusual = !filterString.Filters.ContainsKey("unusual") ? null
+                          : !bool.TryParse(filterString.Filters["unusual"].First(), out var r) ? (bool?)null
+                          : r,
+                Status = filterString.Filters.ContainsKey("status") ? filterString.Filters["status"].ToArray() : null,
+                ExceptionStatus = filterString.Filters.ContainsKey("exceptionstatus") ? filterString.Filters["exceptionstatus"].ToArray() : null,
+                StoreId = filterString.Filters.ContainsKey("storeid") ? filterString.Filters["storeid"].ToArray() : null
+            });
+
+            return list;
+        }
+
        [HttpGet]
        [Route("invoices/create")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public async Task<IActionResult> CreateInvoice()
        {
-            var stores = await GetStores(GetUserId());
+            var stores = new SelectList(await _StoreRepository.GetStoresByUserId(GetUserId()), nameof(StoreData.Id), nameof(StoreData.StoreName), null);
            if (stores.Count() == 0)
            {
                StatusMessage = "Error: You need to create at least one store before creating a transaction";
@ -405,18 +486,23 @@ namespace BTCPayServer.Controllers

        [HttpPost]
        [Route("invoices/create")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public async Task<IActionResult> CreateInvoice(CreateInvoiceModel model)
        {
-            model.Stores = await GetStores(GetUserId(), model.StoreId);
+            var stores = await _StoreRepository.GetStoresByUserId(GetUserId());
+            model.Stores = new SelectList(stores, nameof(StoreData.Id), nameof(StoreData.StoreName), model.StoreId);
+            var store = stores.FirstOrDefault(s => s.Id == model.StoreId);
+            if (store == null)
+            {
+                ModelState.AddModelError(nameof(model.StoreId), "Store not found");
+            }
            if (!ModelState.IsValid)
            {
                return View(model);
            }
-            var store = await _StoreRepository.FindStore(model.StoreId, GetUserId());
            StatusMessage = null;
-            if (store.Role != StoreRoles.Owner)
+            if (!store.HasClaim(Policies.CanCreateInvoice.Key))
            {
                ModelState.AddModelError(nameof(model.StoreId), "You need to be owner of this store to create an invoice");
                return View(model);
@ -445,6 +531,7 @@ namespace BTCPayServer.Controllers
                    PosData = model.PosData,
                    OrderId = model.OrderId,
                    //RedirectURL = redirect + "redirect",
+                    NotificationEmail = model.NotificationEmail,
                    NotificationURL = model.NotificationUrl,
                    ItemDesc = model.ItemDesc,
                    FullNotifications = true,
@ -454,20 +541,15 @@ namespace BTCPayServer.Controllers
                StatusMessage = $"Invoice {result.Data.Id} just created!";
                return RedirectToAction(nameof(ListInvoices));
            }
-            catch (RateUnavailableException)
+            catch (BitpayHttpException ex)
            {
-                ModelState.TryAddModelError(nameof(model.Currency), "Unsupported currency");
+                ModelState.TryAddModelError(nameof(model.Currency), $"Error: {ex.Message}");
                return View(model);
            }
        }

-        private async Task<SelectList> GetStores(string userId, string storeId = null)
-        {
-            return new SelectList(await _StoreRepository.GetStoresByUserId(userId), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
-        }
-
        [HttpPost]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public IActionResult SearchInvoice(InvoicesModel invoices)
        {
@ -481,12 +563,15 @@ namespace BTCPayServer.Controllers

        [HttpPost]
        [Route("invoices/invalidatepaid")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public async Task<IActionResult> InvalidatePaidInvoice(string invoiceId)
        {
+            var invoice = await _InvoiceRepository.GetInvoice(null, invoiceId);
+            if (invoice == null)
+                return NotFound();
            await _InvoiceRepository.UpdatePaidInvoiceToInvalid(invoiceId);
-            _EventAggregator.Publish(new InvoiceEvent(invoiceId, 1008, "invoice_markedInvalid"));
+            _EventAggregator.Publish(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1008, "invoice_markedInvalid"));
            return RedirectToAction(nameof(ListInvoices));
        }

--- a/BTCPayServer/Controllers/InvoiceController.cs
+++ b/BTCPayServer/Controllers/InvoiceController.cs
@ -1,52 +1,33 @@
-using BTCPayServer.Authentication;
-using System.Reflection;
-using System.Linq;
-using Microsoft.Extensions.Logging;
-using BTCPayServer.Logging;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-using NBitpayClient;
-using System;
+using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
-using BTCPayServer.Models;
-using Newtonsoft.Json;
-using System.Globalization;
-using NBitcoin;
-using NBitcoin.DataEncoders;
-using BTCPayServer.Filters;
-using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
-using System.Net;
-using Microsoft.AspNetCore.Identity;
-using Newtonsoft.Json.Linq;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
-using NBitcoin.Payment;
 using BTCPayServer.Data;
-using BTCPayServer.Models.InvoicingModels;
-using System.Security.Claims;
-using BTCPayServer.Services;
-using System.ComponentModel.DataAnnotations;
-using System.Text.RegularExpressions;
-using BTCPayServer.Services.Stores;
+using BTCPayServer.Logging;
+using BTCPayServer.Models;
+using BTCPayServer.Payments;
+using BTCPayServer.Rating;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
 using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
-using BTCPayServer.Validations;
-
-using Microsoft.EntityFrameworkCore;
-using Microsoft.AspNetCore.Mvc.Routing;
-using NBXplorer.DerivationStrategy;
-using NBXplorer;
-using BTCPayServer.HostedServices;
-using BTCPayServer.Payments;
+using BTCPayServer.Validation;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using NBitcoin;
+using NBitpayClient;
+using Newtonsoft.Json;

 namespace BTCPayServer.Controllers
 {
    public partial class InvoiceController : Controller
    {
        InvoiceRepository _InvoiceRepository;
-        IRateProviderFactory _RateProviders;
+        ContentSecurityPolicies _CSP;
+        RateFetcher _RateProvider;
        StoreRepository _StoreRepository;
        UserManager<ApplicationUser> _UserManager;
        private CurrencyNameTable _CurrencyNameTable;
@ -59,26 +40,32 @@ namespace BTCPayServer.Controllers
            InvoiceRepository invoiceRepository,
            CurrencyNameTable currencyNameTable,
            UserManager<ApplicationUser> userManager,
-            IRateProviderFactory rateProviders,
+            RateFetcher rateProvider,
            StoreRepository storeRepository,
            EventAggregator eventAggregator,
            BTCPayWalletProvider walletProvider,
+            ContentSecurityPolicies csp,
            BTCPayNetworkProvider networkProvider)
        {
            _ServiceProvider = serviceProvider;
            _CurrencyNameTable = currencyNameTable ?? throw new ArgumentNullException(nameof(currencyNameTable));
            _StoreRepository = storeRepository ?? throw new ArgumentNullException(nameof(storeRepository));
            _InvoiceRepository = invoiceRepository ?? throw new ArgumentNullException(nameof(invoiceRepository));
-            _RateProviders = rateProviders ?? throw new ArgumentNullException(nameof(rateProviders));
+            _RateProvider = rateProvider ?? throw new ArgumentNullException(nameof(rateProvider));
            _UserManager = userManager;
            _EventAggregator = eventAggregator;
            _NetworkProvider = networkProvider;
            _WalletProvider = walletProvider;
+            _CSP = csp;
        }


        internal async Task<DataWrapper<InvoiceResponse>> CreateInvoiceCore(Invoice invoice, StoreData store, string serverUrl)
        {
+            if (!store.HasClaim(Policies.CanCreateInvoice.Key))
+                throw new UnauthorizedAccessException();
+            InvoiceLogs logs = new InvoiceLogs();
+            logs.Write("Creation of invoice starting");
            var entity = new InvoiceEntity
            {
                InvoiceTime = DateTimeOffset.UtcNow
@ -96,7 +83,9 @@ namespace BTCPayServer.Controllers
            entity.FullNotifications = invoice.FullNotifications || invoice.ExtendedNotifications;
            entity.ExtendedNotifications = invoice.ExtendedNotifications;
            entity.NotificationURL = notificationUri?.AbsoluteUri;
+            entity.NotificationEmail = invoice.NotificationEmail;
            entity.BuyerInformation = Map<Invoice, BuyerInformation>(invoice);
+            entity.PaymentTolerance = storeBlob.PaymentTolerance;
            //Another way of passing buyer info to support
            FillBuyerInfo(invoice.Buyer, entity.BuyerInformation);
            if (entity?.BuyerInformation?.BuyerEmail != null)
@ -107,11 +96,33 @@ namespace BTCPayServer.Controllers
            }
            entity.ProductInformation = Map<Invoice, ProductInformation>(invoice);
            entity.RedirectURL = invoice.RedirectURL ?? store.StoreWebsite;
+            if (!Uri.IsWellFormedUriString(entity.RedirectURL, UriKind.Absolute))
+                entity.RedirectURL = null;
+
            entity.Status = "new";
            entity.SpeedPolicy = ParseSpeedPolicy(invoice.TransactionSpeed, store.SpeedPolicy);

+            HashSet<CurrencyPair> currencyPairsToFetch = new HashSet<CurrencyPair>();
+            var rules = storeBlob.GetRateRules(_NetworkProvider);
+            var excludeFilter = storeBlob.GetExcludedPaymentMethods(); // Here we can compose filters from other origin with PaymentFilter.Any()
+            foreach (var network in store.GetSupportedPaymentMethods(_NetworkProvider)
+                                                .Where(s => !excludeFilter.Match(s.PaymentId))
+                                                .Select(c => _NetworkProvider.GetNetwork(c.PaymentId.CryptoCode))
+                                                .Where(c => c != null))
+            {
+                currencyPairsToFetch.Add(new CurrencyPair(network.CryptoCode, invoice.Currency));
+                if (storeBlob.LightningMaxValue != null)
+                    currencyPairsToFetch.Add(new CurrencyPair(network.CryptoCode, storeBlob.LightningMaxValue.Currency));
+                if (storeBlob.OnChainMinValue != null)
+                    currencyPairsToFetch.Add(new CurrencyPair(network.CryptoCode, storeBlob.OnChainMinValue.Currency));
+            }

+            var rateRules = storeBlob.GetRateRules(_NetworkProvider);
+            var fetchingByCurrencyPair = _RateProvider.FetchRates(currencyPairsToFetch, rateRules);
+
+            var fetchingAll = WhenAllFetched(logs, fetchingByCurrencyPair);
            var supportedPaymentMethods = store.GetSupportedPaymentMethods(_NetworkProvider)
+                                               .Where(s => !excludeFilter.Match(s.PaymentId))
                                               .Select(c =>
                                                (Handler: (IPaymentMethodHandler)_ServiceProvider.GetService(typeof(IPaymentMethodHandler<>).MakeGenericType(c.GetType())),
                                                SupportedPaymentMethod: c,
@ -119,136 +130,134 @@ namespace BTCPayServer.Controllers
                                                .Where(c => c.Network != null)
                                                .Select(o =>
                                                    (SupportedPaymentMethod: o.SupportedPaymentMethod,
-                                                    PaymentMethod: CreatePaymentMethodAsync(o.Handler, o.SupportedPaymentMethod, o.Network, entity, store)))
+                                                    PaymentMethod: CreatePaymentMethodAsync(fetchingByCurrencyPair, o.Handler, o.SupportedPaymentMethod, o.Network, entity, store, logs)))
                                                .ToList();
-
-            List<string> paymentMethodErrors = new List<string>();
            List<ISupportedPaymentMethod> supported = new List<ISupportedPaymentMethod>();
            var paymentMethods = new PaymentMethodDictionary();
            foreach (var o in supportedPaymentMethods)
            {
-                try
-                {
-                    var paymentMethod = await o.PaymentMethod;
-                    if (paymentMethod == null)
-                        throw new PaymentMethodUnavailableException("Payment method unavailable (The handler returned null)");
-                    supported.Add(o.SupportedPaymentMethod);
-                    paymentMethods.Add(paymentMethod);
-                }
-                catch (PaymentMethodUnavailableException ex)
-                {
-                    paymentMethodErrors.Add($"{o.SupportedPaymentMethod.PaymentId.CryptoCode} ({o.SupportedPaymentMethod.PaymentId.PaymentType}): Payment method unavailable ({ex.Message})");
-                }
-                catch (Exception ex)
-                {
-                    paymentMethodErrors.Add($"{o.SupportedPaymentMethod.PaymentId.CryptoCode} ({o.SupportedPaymentMethod.PaymentId.PaymentType}): Unexpected exception ({ex.ToString()})");
-                }
+                var paymentMethod = await o.PaymentMethod;
+                if (paymentMethod == null)
+                    continue;
+                supported.Add(o.SupportedPaymentMethod);
+                paymentMethods.Add(paymentMethod);
            }

            if (supported.Count == 0)
            {
                StringBuilder errors = new StringBuilder();
                errors.AppendLine("No payment method available for this store");
-                foreach (var error in paymentMethodErrors)
+                foreach (var error in logs.ToList())
                {
-                    errors.AppendLine(error);
+                    errors.AppendLine(error.ToString());
                }
                throw new BitpayHttpException(400, errors.ToString());
            }

            entity.SetSupportedPaymentMethods(supported);
            entity.SetPaymentMethods(paymentMethods);
-#pragma warning disable CS0618
-            // Legacy Bitpay clients expect information for BTC information, even if the store do not support it
-            var legacyBTCisSet = paymentMethods.Any(p => p.GetId().IsBTCOnChain);
-            if (!legacyBTCisSet && _NetworkProvider.BTC != null)
-            {
-                var btc = _NetworkProvider.BTC;
-                var feeProvider = ((IFeeProviderFactory)_ServiceProvider.GetService(typeof(IFeeProviderFactory))).CreateFeeProvider(btc);
-                var rateProvider = _RateProviders.GetRateProvider(btc, storeBlob.GetRateRules());
-                if (feeProvider != null && rateProvider != null)
-                {
-                    var gettingFee = feeProvider.GetFeeRateAsync();
-                    var gettingRate = rateProvider.GetRateAsync(invoice.Currency);
-                    entity.TxFee = GetTxFee(storeBlob, await gettingFee);
-                    entity.Rate = await gettingRate;
-                }
-#pragma warning restore CS0618
-            }
            entity.PosData = invoice.PosData;
-            entity = await _InvoiceRepository.CreateInvoiceAsync(store.Id, entity, paymentMethodErrors, _NetworkProvider);
-
-            _EventAggregator.Publish(new Events.InvoiceEvent(entity, 1001, "invoice_created"));
+            entity = await _InvoiceRepository.CreateInvoiceAsync(store.Id, entity, logs, _NetworkProvider);
+            await fetchingAll;
+            _EventAggregator.Publish(new Events.InvoiceEvent(entity.EntityToDTO(_NetworkProvider), 1001, "invoice_created"));
            var resp = entity.EntityToDTO(_NetworkProvider);
            return new DataWrapper<InvoiceResponse>(resp) { Facade = "pos/invoice" };
        }

-        private async Task<PaymentMethod> CreatePaymentMethodAsync(IPaymentMethodHandler handler, ISupportedPaymentMethod supportedPaymentMethod, BTCPayNetwork network, InvoiceEntity entity, StoreData store)
+        private Task WhenAllFetched(InvoiceLogs logs, Dictionary<CurrencyPair, Task<RateResult>> fetchingByCurrencyPair)
        {
-            var storeBlob = store.GetStoreBlob();
-            var rate = await _RateProviders.GetRateProvider(network, storeBlob.GetRateRules()).GetRateAsync(entity.ProductInformation.Currency);
-            PaymentMethod paymentMethod = new PaymentMethod();
-            paymentMethod.ParentEntity = entity;
-            paymentMethod.Network = network;
-            paymentMethod.SetId(supportedPaymentMethod.PaymentId);
-            paymentMethod.Rate = rate;
-            var paymentDetails = await handler.CreatePaymentMethodDetails(supportedPaymentMethod, paymentMethod, store, network);
-            if (storeBlob.NetworkFeeDisabled)
-                paymentDetails.SetNoTxFee();
-            paymentMethod.SetPaymentMethodDetails(paymentDetails);
-
-            Func<Money, Money, bool> compare = null;
-            CurrencyValue limitValue = null;
-            string errorMessage = null;
-            if (supportedPaymentMethod.PaymentId.PaymentType == PaymentTypes.LightningLike &&
-               storeBlob.LightningMaxValue != null)
+            return Task.WhenAll(fetchingByCurrencyPair.Select(async pair =>
            {
-                compare = (a, b) => a > b;
-                limitValue = storeBlob.LightningMaxValue;
-                errorMessage = "The amount of the invoice is too high to be paid with lightning";
-            }
-            else if (supportedPaymentMethod.PaymentId.PaymentType == PaymentTypes.BTCLike &&
-               storeBlob.OnChainMinValue != null)
-            {
-                compare = (a, b) => a < b;
-                limitValue = storeBlob.OnChainMinValue;
-                errorMessage = "The amount of the invoice is too low to be paid on chain";
-            }
-
-            if (compare != null)
-            {
-                var limitValueRate = 0.0m;
-                if (limitValue.Currency == entity.ProductInformation.Currency)
-                    limitValueRate = paymentMethod.Rate;
-                else
-                    limitValueRate = await _RateProviders.GetRateProvider(network, storeBlob.GetRateRules()).GetRateAsync(limitValue.Currency);
-
-                var limitValueCrypto = Money.Coins(limitValue.Value / limitValueRate);
-                if (compare(paymentMethod.Calculate().Due, limitValueCrypto))
+                var rateResult = await pair.Value;
+                logs.Write($"{pair.Key}: The rating rule is {rateResult.Rule}");
+                logs.Write($"{pair.Key}: The evaluated rating rule is {rateResult.EvaluatedRule}");
+                if (rateResult.Errors.Count != 0)
                {
-                    throw new PaymentMethodUnavailableException(errorMessage);
+                    var allRateRuleErrors = string.Join(", ", rateResult.Errors.ToArray());
+                    logs.Write($"{pair.Key}: Rate rule error ({allRateRuleErrors})");
                }
-            }
-            ///////////////
-
-
-#pragma warning disable CS0618
-            if (paymentMethod.GetId().IsBTCOnChain)
-            {
-                entity.TxFee = paymentMethod.TxFee;
-                entity.Rate = paymentMethod.Rate;
-                entity.DepositAddress = paymentMethod.DepositAddress;
-            }
-#pragma warning restore CS0618
-            return paymentMethod;
+                foreach (var ex in rateResult.ExchangeExceptions)
+                {
+                    logs.Write($"{pair.Key}: Exception reaching exchange {ex.ExchangeName} ({ex.Exception.Message})");
+                }
+            }).ToArray());
        }

-#pragma warning disable CS0618
-        private static Money GetTxFee(StoreBlob storeBlob, FeeRate feeRate)
+        private async Task<PaymentMethod> CreatePaymentMethodAsync(Dictionary<CurrencyPair, Task<RateResult>> fetchingByCurrencyPair, IPaymentMethodHandler handler, ISupportedPaymentMethod supportedPaymentMethod, BTCPayNetwork network, InvoiceEntity entity, StoreData store, InvoiceLogs logs)
        {
-            return storeBlob.NetworkFeeDisabled ? Money.Zero : feeRate.GetFee(100);
-        }
+            try
+            {
+                var storeBlob = store.GetStoreBlob();
+                var preparePayment = handler.PreparePayment(supportedPaymentMethod, store, network);
+                var rate = await fetchingByCurrencyPair[new CurrencyPair(network.CryptoCode, entity.ProductInformation.Currency)];
+                if (rate.BidAsk == null)
+                {
+                    return null;
+                }
+                PaymentMethod paymentMethod = new PaymentMethod();
+                paymentMethod.ParentEntity = entity;
+                paymentMethod.Network = network;
+                paymentMethod.SetId(supportedPaymentMethod.PaymentId);
+                paymentMethod.Rate = rate.BidAsk.Bid;
+                var paymentDetails = await handler.CreatePaymentMethodDetails(supportedPaymentMethod, paymentMethod, store, network, preparePayment);
+                if (storeBlob.NetworkFeeDisabled)
+                    paymentDetails.SetNoTxFee();
+                paymentMethod.SetPaymentMethodDetails(paymentDetails);
+
+                Func<Money, Money, bool> compare = null;
+                CurrencyValue limitValue = null;
+                string errorMessage = null;
+                if (supportedPaymentMethod.PaymentId.PaymentType == PaymentTypes.LightningLike &&
+                   storeBlob.LightningMaxValue != null)
+                {
+                    compare = (a, b) => a > b;
+                    limitValue = storeBlob.LightningMaxValue;
+                    errorMessage = "The amount of the invoice is too high to be paid with lightning";
+                }
+                else if (supportedPaymentMethod.PaymentId.PaymentType == PaymentTypes.BTCLike &&
+                   storeBlob.OnChainMinValue != null)
+                {
+                    compare = (a, b) => a < b;
+                    limitValue = storeBlob.OnChainMinValue;
+                    errorMessage = "The amount of the invoice is too low to be paid on chain";
+                }
+
+                if (compare != null)
+                {
+                    var limitValueRate = await fetchingByCurrencyPair[new CurrencyPair(network.CryptoCode, limitValue.Currency)];
+                    if (limitValueRate.BidAsk != null)
+                    {
+                        var limitValueCrypto = Money.Coins(limitValue.Value / limitValueRate.BidAsk.Bid);
+                        if (compare(paymentMethod.Calculate().Due, limitValueCrypto))
+                        {
+                            logs.Write($"{supportedPaymentMethod.PaymentId.CryptoCode}: {errorMessage}");
+                            return null;
+                        }
+                    }
+                }
+                ///////////////
+
+
+#pragma warning disable CS0618
+                if (paymentMethod.GetId().IsBTCOnChain)
+                {
+                    entity.TxFee = paymentMethod.TxFee;
+                    entity.Rate = paymentMethod.Rate;
+                    entity.DepositAddress = paymentMethod.DepositAddress;
+                }
 #pragma warning restore CS0618
+                return paymentMethod;
+            }
+            catch (PaymentMethodUnavailableException ex)
+            {
+                logs.Write($"{supportedPaymentMethod.PaymentId.CryptoCode}: Payment method unavailable ({ex.Message})");
+            }
+            catch (Exception ex)
+            {
+                logs.Write($"{supportedPaymentMethod.PaymentId.CryptoCode}: Unexpected exception ({ex.ToString()})");
+            }
+            return null;
+        }

        private SpeedPolicy ParseSpeedPolicy(string transactionSpeed, SpeedPolicy defaultPolicy)
        {
@ -256,6 +265,7 @@ namespace BTCPayServer.Controllers
                return defaultPolicy;
            var mappings = new Dictionary<string, SpeedPolicy>();
            mappings.Add("low", SpeedPolicy.LowSpeed);
+            mappings.Add("low-medium", SpeedPolicy.LowMediumSpeed);
            mappings.Add("medium", SpeedPolicy.MediumSpeed);
            mappings.Add("high", SpeedPolicy.HighSpeed);
            if (!mappings.TryGetValue(transactionSpeed, out SpeedPolicy policy))
--- a/BTCPayServer/Controllers/ManageController.cs
+++ b/BTCPayServer/Controllers/ManageController.cs
@ -21,10 +21,11 @@ using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
 using BTCPayServer.Services.Mails;
 using System.Globalization;
+using BTCPayServer.Security;

 namespace BTCPayServer.Controllers
 {
-    [Authorize]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [Route("[controller]/[action]")]
    public class ManageController : Controller
    {
@ -442,7 +443,7 @@ namespace BTCPayServer.Controllers

            if (!is2faTokenValid)
            {
-                ModelState.AddModelError("model.Code", "Verification code is invalid.");
+                ModelState.AddModelError(nameof(model.Code), "Verification code is invalid.");
                return View(model);
            }

--- a/BTCPayServer/Controllers/PaymentRequestActionResult.cs
+++ b/BTCPayServer/Controllers/PaymentRequestActionResult.cs
@ -1,40 +0,0 @@
-using Microsoft.AspNetCore.Mvc;
-using NBitcoin.Payment;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-
-namespace BTCPayServer.Controllers
-{
-    public class PaymentRequestActionResult : IActionResult
-    {
-        PaymentRequest req;
-        public PaymentRequestActionResult(PaymentRequest req)
-        {
-            this.req = req;
-        }
-        public Task ExecuteResultAsync(ActionContext context)
-        {
-            context.HttpContext.Response.Headers["Content-Transfer-Encoding"] = "binary";
-            context.HttpContext.Response.ContentType = "application/bitcoin-paymentrequest";
-            req.WriteTo(context.HttpContext.Response.Body);
-            return Task.CompletedTask;
-        }
-    }
-    public class PaymentAckActionResult : IActionResult
-    {
-        PaymentACK req;
-        public PaymentAckActionResult(PaymentACK req)
-        {
-            this.req = req;
-        }
-        public Task ExecuteResultAsync(ActionContext context)
-        {
-            context.HttpContext.Response.Headers["Content-Transfer-Encoding"] = "binary";
-            context.HttpContext.Response.ContentType = "application/bitcoin-paymentack";
-            req.WriteTo(context.HttpContext.Response.Body);
-            return Task.CompletedTask;
-        }
-    }
-}
--- a/BTCPayServer/Controllers/PublicController.cs
+++ b/BTCPayServer/Controllers/PublicController.cs
@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Filters;
+using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers
+{
+    public class PublicController : Controller
+    {
+        public PublicController(InvoiceController invoiceController,
+            StoreRepository storeRepository)
+        {
+            _InvoiceController = invoiceController;
+            _StoreRepository = storeRepository;
+        }
+
+        private InvoiceController _InvoiceController;
+        private StoreRepository _StoreRepository;
+
+        [HttpPost]
+        [Route("api/v1/invoices")]
+        [MediaTypeAcceptConstraintAttribute("text/html")]
+        [IgnoreAntiforgeryToken]
+        [EnableCors(CorsPolicies.All)]
+        public async Task<IActionResult> PayButtonHandle([FromForm]PayButtonViewModel model)
+        {
+            var store = await _StoreRepository.FindStore(model.StoreId);
+            if (store == null)
+                ModelState.AddModelError("Store", "Invalid store");
+            else
+            {
+                var storeBlob = store.GetStoreBlob();
+                if (!storeBlob.AnyoneCanInvoice)
+                    ModelState.AddModelError("Store", "Store has not enabled Pay Button");
+            }
+            
+            if (model == null || model.Price <= 0)
+                ModelState.AddModelError("Price", "Price must be greater than 0");
+
+            if (!ModelState.IsValid)
+                return View();
+
+            var invoice = await _InvoiceController.CreateInvoiceCore(new NBitpayClient.Invoice()
+            {
+                Price = model.Price,
+                Currency = model.Currency,
+                ItemDesc = model.CheckoutDesc,
+                OrderId = model.OrderId,
+                NotificationEmail = model.NotifyEmail,
+                NotificationURL = model.ServerIpn,
+                RedirectURL = model.BrowserRedirect,
+                FullNotifications = true
+            }, store, HttpContext.Request.GetAbsoluteRoot());
+            return Redirect(invoice.Data.Url);
+        }
+    }
+}
--- a/BTCPayServer/Controllers/RateController.cs
+++ b/BTCPayServer/Controllers/RateController.cs
@ -8,69 +8,229 @@ using System.Threading.Tasks;
 using BTCPayServer.Filters;
 using BTCPayServer.Services.Rates;
 using BTCPayServer.Services.Stores;
+using BTCPayServer.Rating;
+using Newtonsoft.Json;
+using Microsoft.AspNetCore.Authorization;
+using BTCPayServer.Authentication;

 namespace BTCPayServer.Controllers
 {
+    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
+    [AllowAnonymous]
    public class RateController : Controller
    {
-        IRateProviderFactory _RateProviderFactory;
+        RateFetcher _RateProviderFactory;
        BTCPayNetworkProvider _NetworkProvider;
        CurrencyNameTable _CurrencyNameTable;
        StoreRepository _StoreRepo;
+
+        public TokenRepository TokenRepository { get; }
+
        public RateController(
-            IRateProviderFactory rateProviderFactory, 
+            RateFetcher rateProviderFactory,
            BTCPayNetworkProvider networkProvider,
+            TokenRepository tokenRepository,
            StoreRepository storeRepo,
            CurrencyNameTable currencyNameTable)
        {
            _RateProviderFactory = rateProviderFactory ?? throw new ArgumentNullException(nameof(rateProviderFactory));
            _NetworkProvider = networkProvider;
+            TokenRepository = tokenRepository;
            _StoreRepo = storeRepo;
            _CurrencyNameTable = currencyNameTable ?? throw new ArgumentNullException(nameof(currencyNameTable));
        }

+        [Route("rates/{baseCurrency}")]
+        [HttpGet]
+        [BitpayAPIConstraint]
+        public async Task<IActionResult> GetBaseCurrencyRates(string baseCurrency, string storeId)
+        {
+            storeId = await GetStoreId(storeId);
+            var store = this.HttpContext.GetStoreData();
+            if (store == null || store.Id != storeId)
+                store = await _StoreRepo.FindStore(storeId);
+            if (store == null)
+            {
+                var err = Json(new BitpayErrorsModel() { Error = "Store not found" });
+                err.StatusCode = 404;
+                return err;
+            }
+            var supportedMethods = store.GetSupportedPaymentMethods(_NetworkProvider);
+
+            var currencyCodes = supportedMethods.Where(method => !string.IsNullOrEmpty(method.PaymentId.CryptoCode))
+                .Select(method => method.PaymentId.CryptoCode).Distinct();
+
+            var currencypairs = BuildCurrencyPairs(currencyCodes, baseCurrency);
+            
+            var result = await GetRates2(currencypairs, store.Id);
+            var rates = (result as JsonResult)?.Value as Rate[];
+            if (rates == null)
+                return result;
+            return Json(new DataWrapper<Rate[]>(rates));
+        }
+
+
+        [Route("rates/{baseCurrency}/{currency}")]
+        [HttpGet]
+        [BitpayAPIConstraint]
+        public async Task<IActionResult> GetCurrencyPairRate(string baseCurrency, string currency, string storeId)
+        {
+            storeId = await GetStoreId(storeId);
+            var result = await GetRates2($"{baseCurrency}_{currency}", storeId);
+            var rates = (result as JsonResult)?.Value as Rate[];
+            if (rates == null)
+                return result;
+            return Json(new DataWrapper<Rate>(rates.First()));
+        }
+
        [Route("rates")]
        [HttpGet]
        [BitpayAPIConstraint]
-        public async Task<IActionResult> GetRates(string cryptoCode = null, string storeId = null)
+        public async Task<IActionResult> GetRates(string currencyPairs, string storeId)
        {
-            var result = await GetRates2(cryptoCode, storeId);
-            var rates = (result as JsonResult)?.Value as NBitpayClient.Rate[];
-            if(rates == null)
+            storeId = await GetStoreId(storeId);
+            var result = await GetRates2(currencyPairs, storeId);
+            var rates = (result as JsonResult)?.Value as Rate[];
+            if (rates == null)
                return result;
-            return Json(new DataWrapper<NBitpayClient.Rate[]>(rates)); 
+            return Json(new DataWrapper<Rate[]>(rates));
+        }
+
+        private async Task<string> GetStoreId(string storeId)
+        {
+            if (storeId != null && this.HttpContext.GetStoreData()?.Id == storeId)
+                return storeId;
+            if(storeId == null)
+            {
+                var tokens = await this.TokenRepository.GetTokens(this.User.GetSIN());
+                storeId = tokens.Select(s => s.StoreId).Where(s => s != null).FirstOrDefault();
+            }
+            if (storeId == null)
+                return null;
+            var store = await _StoreRepo.FindStore(storeId);
+            if (store == null)
+                return null;
+            this.HttpContext.SetStoreData(store);
+            return storeId;
        }

        [Route("api/rates")]
        [HttpGet]
-        public async Task<IActionResult> GetRates2(string cryptoCode = null, string storeId = null)
+        public async Task<IActionResult> GetRates2(string currencyPairs, string storeId)
        {
-            cryptoCode = cryptoCode ?? "BTC";
-            var network = _NetworkProvider.GetNetwork(cryptoCode);
-            if (network == null)
-                return NotFound();
-
-            RateRules rules = null;
-            if (storeId != null)
+            storeId = await GetStoreId(storeId);
+            if (storeId == null)
            {
-                var store = await _StoreRepo.FindStore(storeId);
-                if (store == null)
-                    return NotFound();
-                rules = store.GetStoreBlob().GetRateRules();
+                var result = Json(new BitpayErrorsModel() { Error = "You need to specify storeId (in your store settings)" });
+                result.StatusCode = 400;
+                return result;
+            }
+            var store = this.HttpContext.GetStoreData();
+            if (store == null || store.Id != storeId)
+                store = await _StoreRepo.FindStore(storeId);
+            if (store == null)
+            {
+                var result = Json(new BitpayErrorsModel() { Error = "Store not found" });
+                result.StatusCode = 404;
+                return result;
            }

-            var rateProvider = _RateProviderFactory.GetRateProvider(network, rules);
-            if (rateProvider == null)
-                return NotFound();
+            if (currencyPairs == null)
+            {
+                var supportedMethods = store.GetSupportedPaymentMethods(_NetworkProvider);
+                var currencyCodes = supportedMethods.Select(method => method.PaymentId.CryptoCode).Distinct();
+                var defaultCrypto = store.GetDefaultCrypto(_NetworkProvider);

-            var allRates = (await rateProvider.GetRatesAsync());
-            return Json(allRates.Select(r =>
-                            new NBitpayClient.Rate()
+                currencyPairs = BuildCurrencyPairs(currencyCodes, defaultCrypto);
+
+                if (string.IsNullOrEmpty(currencyPairs))
+                {
+                    var result = Json(new BitpayErrorsModel() { Error = "You need to specify currencyPairs (eg. BTC_USD,LTC_CAD)" });
+                    result.StatusCode = 400;
+                    return result;
+                }
+            }
+
+
+            var rules = store.GetStoreBlob().GetRateRules(_NetworkProvider);
+
+            HashSet<CurrencyPair> pairs = new HashSet<CurrencyPair>();
+            foreach (var currency in currencyPairs.Split(','))
+            {
+                if (!CurrencyPair.TryParse(currency, out var pair))
+                {
+                    var result = Json(new BitpayErrorsModel() { Error = $"Currency pair {currency} uncorrectly formatted" });
+                    result.StatusCode = 400;
+                    return result;
+                }
+                pairs.Add(pair);
+            }
+
+            var fetching = _RateProviderFactory.FetchRates(pairs, rules);
+            await Task.WhenAll(fetching.Select(f => f.Value).ToArray());
+            return Json(pairs
+                            .Select(r => (Pair: r, Value: fetching[r].GetAwaiter().GetResult().BidAsk?.Bid))
+                            .Where(r => r.Value.HasValue)
+                            .Select(r =>
+                            new Rate()
                            {
-                                Code = r.Currency,
-                                Name = _CurrencyNameTable.GetCurrencyData(r.Currency)?.Name,
-                                Value = r.Value
+                                CryptoCode = r.Pair.Left,
+                                Code = r.Pair.Right,
+                                CurrencyPair = r.Pair.ToString(),
+                                Name = _CurrencyNameTable.GetCurrencyData(r.Pair.Right, true).Name,
+                                Value = r.Value.Value
                            }).Where(n => n.Name != null).ToArray());
        }
+
+        private static string BuildCurrencyPairs(IEnumerable<string> currencyCodes, string baseCrypto)
+        {
+            StringBuilder currencyPairsBuilder = new StringBuilder();
+            bool first = true;
+            foreach (var currencyCode in currencyCodes)
+            {
+                if(!first)
+                    currencyPairsBuilder.Append(",");
+                first = false;
+                currencyPairsBuilder.Append($"{baseCrypto}_{currencyCode}");
+            }
+            return currencyPairsBuilder.ToString();
+        }
+
+        public class Rate
+        {
+
+            [JsonProperty(PropertyName = "name")]
+            public string Name
+            {
+                get;
+                set;
+            }
+            [JsonProperty(PropertyName = "cryptoCode")]
+            public string CryptoCode
+            {
+                get;
+                set;
+            }
+
+            [JsonProperty(PropertyName = "currencyPair")]
+            public string CurrencyPair
+            {
+                get;
+                set;
+            }
+
+            [JsonProperty(PropertyName = "code")]
+            public string Code
+            {
+                get;
+                set;
+            }
+            [JsonProperty(PropertyName = "rate")]
+            public decimal Value
+            {
+                get;
+                set;
+            }
+        }
    }
 }
--- a/BTCPayServer/Controllers/ServerController.cs
+++ b/BTCPayServer/Controllers/ServerController.cs
@ -1,41 +1,61 @@
-using BTCPayServer.HostedServices;
+using BTCPayServer.Configuration;
+using Microsoft.Extensions.Logging;
+using BTCPayServer.HostedServices;
 using BTCPayServer.Models;
 using BTCPayServer.Models.ServerViewModels;
+using BTCPayServer.Payments.Lightning;
 using BTCPayServer.Services;
 using BTCPayServer.Services.Mails;
 using BTCPayServer.Services.Rates;
-using BTCPayServer.Validations;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Validation;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using NBitcoin;
+using NBitcoin.DataEncoders;
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Net.Mail;
 using System.Threading.Tasks;
+using Renci.SshNet;
+using BTCPayServer.Logging;
+using BTCPayServer.Lightning;
+using BTCPayServer.Configuration.External;

 namespace BTCPayServer.Controllers
 {
-    [Authorize(Roles = Roles.ServerAdmin)]
+    [Authorize(Policy = BTCPayServer.Security.Policies.CanModifyServerSettings.Key)]
    public class ServerController : Controller
    {
        private UserManager<ApplicationUser> _UserManager;
        SettingsRepository _SettingsRepository;
-        private IRateProviderFactory _RateProviderFactory;
-        private CssThemeManager _CssThemeManager;
+        private readonly NBXplorerDashboard _dashBoard;
+        private RateFetcher _RateProviderFactory;
+        private StoreRepository _StoreRepository;
+        LightningConfigurationProvider _LnConfigProvider;
+        BTCPayServerOptions _Options;

        public ServerController(UserManager<ApplicationUser> userManager,
-            IRateProviderFactory rateProviderFactory,
-            SettingsRepository settingsRepository, 
-	    CssThemeManager cssThemeManager)
+            Configuration.BTCPayServerOptions options,
+            RateFetcher rateProviderFactory,
+            SettingsRepository settingsRepository,
+            NBXplorerDashboard dashBoard,
+            LightningConfigurationProvider lnConfigProvider,
+            Services.Stores.StoreRepository storeRepository)
        {
+            _Options = options;
            _UserManager = userManager;
            _SettingsRepository = settingsRepository;
+            _dashBoard = dashBoard;
            _RateProviderFactory = rateProviderFactory;
-            _CssThemeManager = cssThemeManager;
+            _StoreRepository = storeRepository;
+            _LnConfigProvider = lnConfigProvider;
        }

        [Route("server/rates")]
@ -77,7 +97,7 @@ namespace BTCPayServer.Controllers
            try
            {
                var service = GetCoinaverageService(vm, true);
-                if(service != null)
+                if (service != null)
                    await service.TestAuthAsync();
            }
            catch
@ -102,7 +122,7 @@ namespace BTCPayServer.Controllers
            };
            if (!withAuth || settings.GetCoinAverageSignature() != null)
            {
-                return new CoinAverageRateProvider("BTC")
+                return new CoinAverageRateProvider()
                { Authenticator = settings };
            }
            return null;
@ -137,6 +157,180 @@ namespace BTCPayServer.Controllers
            return View(userVM);
        }

+        [Route("server/maintenance")]
+        public IActionResult Maintenance()
+        {
+            MaintenanceViewModel vm = new MaintenanceViewModel();
+            vm.UserName = "btcpayserver";
+            vm.DNSDomain = this.Request.Host.Host;
+            vm.SetConfiguredSSH(_Options.SSHSettings);
+            if (IPAddress.TryParse(vm.DNSDomain, out var unused))
+                vm.DNSDomain = null;
+            return View(vm);
+        }
+        
+        [Route("server/maintenance")]
+        [HttpPost]
+        public async Task<IActionResult> Maintenance(MaintenanceViewModel vm, string command)
+        {
+            if (!ModelState.IsValid)
+                return View(vm);
+            vm.SetConfiguredSSH(_Options.SSHSettings);
+            if (command == "changedomain")
+            {
+                if (string.IsNullOrWhiteSpace(vm.DNSDomain))
+                {
+                    ModelState.AddModelError(nameof(vm.DNSDomain), $"Required field");
+                    return View(vm);
+                }
+                vm.DNSDomain = vm.DNSDomain.Trim().ToLowerInvariant();
+                if (vm.DNSDomain.Equals(this.Request.Host.Host, StringComparison.OrdinalIgnoreCase))
+                    return View(vm);
+                if (IPAddress.TryParse(vm.DNSDomain, out var unused))
+                {
+                    ModelState.AddModelError(nameof(vm.DNSDomain), $"This should be a domain name");
+                    return View(vm);
+                }
+                if (vm.DNSDomain.Equals(this.Request.Host.Host, StringComparison.InvariantCultureIgnoreCase))
+                {
+                    ModelState.AddModelError(nameof(vm.DNSDomain), $"The server is already set to use this domain");
+                    return View(vm);
+                }
+                var builder = new UriBuilder();
+                using (var client = new HttpClient(new HttpClientHandler()
+                {
+                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
+                }))
+                {
+                    try
+                    {
+                        builder.Scheme = this.Request.Scheme;
+                        builder.Host = vm.DNSDomain;
+                        var addresses1 = Dns.GetHostAddressesAsync(this.Request.Host.Host);
+                        var addresses2 = Dns.GetHostAddressesAsync(vm.DNSDomain);
+                        await Task.WhenAll(addresses1, addresses2);
+
+                        var addressesSet = addresses1.GetAwaiter().GetResult().Select(c => c.ToString()).ToHashSet();
+                        var hasCommonAddress = addresses2.GetAwaiter().GetResult().Select(c => c.ToString()).Any(s => addressesSet.Contains(s));
+                        if (!hasCommonAddress)
+                        {
+                            ModelState.AddModelError(nameof(vm.DNSDomain), $"Invalid host ({vm.DNSDomain} is not pointing to this BTCPay instance)");
+                            return View(vm);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        var messages = new List<object>();
+                        messages.Add(ex.Message);
+                        if (ex.InnerException != null)
+                            messages.Add(ex.InnerException.Message);
+                        ModelState.AddModelError(nameof(vm.DNSDomain), $"Invalid domain ({string.Join(", ", messages.ToArray())})");
+                        return View(vm);
+                    }
+                }
+
+                var error = RunSSH(vm, $"changedomain.sh {vm.DNSDomain}");
+                if (error != null)
+                    return error;
+
+                builder.Path = null;
+                builder.Query = null;
+                StatusMessage = $"Domain name changing... the server will restart, please use \"{builder.Uri.AbsoluteUri}\"";
+            }
+            else if (command == "update")
+            {
+                var error = RunSSH(vm, $"btcpay-update.sh");
+                if (error != null)
+                    return error;
+                StatusMessage = $"The server might restart soon if an update is available...";
+            }
+            else
+            {
+                return NotFound();
+            }
+            return RedirectToAction(nameof(Maintenance));
+        }
+
+        public static string RunId = Encoders.Hex.EncodeData(NBitcoin.RandomUtils.GetBytes(32));
+        [HttpGet]
+        [Route("runid")]
+        [AllowAnonymous]
+        public IActionResult SeeRunId(string expected = null)
+        {
+            if (expected == RunId)
+                return Ok();
+            return BadRequest();
+        }
+
+        private IActionResult RunSSH(MaintenanceViewModel vm, string ssh)
+        {
+            ssh = $"sudo bash -c '. /etc/profile.d/btcpay-env.sh && nohup {ssh} > /dev/null 2>&1 & disown'";
+            var sshClient = _Options.SSHSettings == null ? vm.CreateSSHClient(this.Request.Host.Host)
+                                                         : new SshClient(_Options.SSHSettings.CreateConnectionInfo());
+
+            if (_Options.TrustedFingerprints.Count != 0)
+            {
+                sshClient.HostKeyReceived += (object sender, Renci.SshNet.Common.HostKeyEventArgs e) =>
+                {
+                    if (_Options.TrustedFingerprints.Count == 0)
+                    {
+                        Logs.Configuration.LogWarning($"SSH host fingerprint for {e.HostKeyName} is untrusted, start BTCPay with -sshtrustedfingerprints \"{Encoders.Hex.EncodeData(e.FingerPrint)}\"");
+                        e.CanTrust = true; // Not a typo, we want the connection to succeed with a warning
+                    }
+                    else
+                    {
+                        e.CanTrust = _Options.IsTrustedFingerprint(e.FingerPrint, e.HostKey);
+                        if (!e.CanTrust)
+                            Logs.Configuration.LogError($"SSH host fingerprint for {e.HostKeyName} is untrusted, start BTCPay with -sshtrustedfingerprints \"{Encoders.Hex.EncodeData(e.FingerPrint)}\"");
+                    }
+                };
+            }
+            else
+            {
+
+            }
+
+            try
+            {
+                sshClient.Connect();
+            }
+            catch (Renci.SshNet.Common.SshAuthenticationException)
+            {
+                ModelState.AddModelError(nameof(vm.Password), "Invalid credentials");
+                sshClient.Dispose();
+                return View(vm);
+            }
+            catch (Exception ex)
+            {
+                var message = ex.Message;
+                if (ex is AggregateException aggrEx && aggrEx.InnerException?.Message != null)
+                {
+                    message = aggrEx.InnerException.Message;
+                }
+                ModelState.AddModelError(nameof(vm.UserName), $"Connection problem ({message})");
+                sshClient.Dispose();
+                return View(vm);
+            }
+
+            var sshCommand = sshClient.CreateCommand(ssh);
+            sshCommand.CommandTimeout = TimeSpan.FromMinutes(1.0);
+            sshCommand.BeginExecute(ar =>
+            {
+                try
+                {
+                    Logs.PayServer.LogInformation("Running SSH command: " + ssh);
+                    var result = sshCommand.EndExecute(ar);
+                    Logs.PayServer.LogInformation("SSH command executed: " + result);
+                }
+                catch (Exception ex)
+                {
+                    Logs.PayServer.LogWarning("Error while executing SSH command: " + ex.Message);
+                }
+                sshClient.Dispose();
+            });
+            return null;
+        }
+
        private static bool IsAdmin(IList<string> roles)
        {
            return roles.Contains(Roles.ServerAdmin, StringComparer.Ordinal);
@ -191,6 +385,7 @@ namespace BTCPayServer.Controllers
            if (user == null)
                return NotFound();
            await _UserManager.DeleteAsync(user);
+            await _StoreRepository.CleanUnreachableStores();
            StatusMessage = "User deleted";
            return RedirectToAction(nameof(ListUsers));
        }
@ -223,6 +418,170 @@ namespace BTCPayServer.Controllers
            return View(settings);
        }

+        [Route("server/services")]
+        public IActionResult Services()
+        {
+            var result = new ServicesViewModel();
+            foreach (var cryptoCode in _Options.ExternalServicesByCryptoCode.Keys)
+            {
+                int i = 0;
+                foreach (var grpcService in _Options.ExternalServicesByCryptoCode.GetServices<ExternalLnd>(cryptoCode))
+                {
+                    result.LNDServices.Add(new ServicesViewModel.LNDServiceViewModel()
+                    {
+                        Crypto = cryptoCode,
+                        Type = grpcService.Type,
+                        Index = i++,
+                    });
+                }
+            }
+            result.HasSSH = _Options.SSHSettings != null;
+            return View(result);
+        }
+
+        [Route("server/services/lnd-grpc/{cryptoCode}/{index}")]
+        public IActionResult LndGrpcServices(string cryptoCode, int index, uint? nonce)
+        {
+            if (!_dashBoard.IsFullySynched(cryptoCode, out var unusud))
+            {
+                StatusMessage = $"Error: {cryptoCode} is not fully synched";
+                return RedirectToAction(nameof(Services));
+            }
+            var external = GetExternalLndConnectionString(cryptoCode, index);
+            if (external == null)
+                return NotFound();
+            var model = new LndGrpcServicesViewModel();
+
+            model.Host = $"{external.BaseUri.DnsSafeHost}:{external.BaseUri.Port}";
+            model.SSL = external.BaseUri.Scheme == "https";
+            if (external.CertificateThumbprint != null)
+            {
+                model.CertificateThumbprint = Encoders.Hex.EncodeData(external.CertificateThumbprint);
+            }
+            if (external.Macaroon != null)
+            {
+                model.Macaroon = Encoders.Hex.EncodeData(external.Macaroon);
+            }
+
+            if (nonce != null)
+            {
+                var configKey = GetConfigKey("lnd-grpc", cryptoCode, index, nonce.Value);
+                var lnConfig = _LnConfigProvider.GetConfig(configKey);
+                if (lnConfig != null)
+                {
+                    model.QRCodeLink = $"{this.Request.GetAbsoluteRoot().WithTrailingSlash()}lnd-config/{configKey}/lnd.config";
+                    model.QRCode = $"config={model.QRCodeLink}";
+                }
+            }
+
+            return View(model);
+        }
+
+        private static uint GetConfigKey(string type, string cryptoCode, int index, uint nonce)
+        {
+            return (uint)HashCode.Combine(type, cryptoCode, index, nonce);
+        }
+
+        [Route("lnd-config/{configKey}/lnd.config")]
+        [AllowAnonymous]
+        public IActionResult GetLNDConfig(uint configKey)
+        {
+            var conf = _LnConfigProvider.GetConfig(configKey);
+            if (conf == null)
+                return NotFound();
+            return Json(conf);
+        }
+
+        [Route("server/services/lnd-grpc/{cryptoCode}/{index}")]
+        [HttpPost]
+        public IActionResult LndGrpcServicesPost(string cryptoCode, int index)
+        {
+            var external = GetExternalLndConnectionString(cryptoCode, index);
+            if (external == null)
+                return NotFound();
+            LightningConfigurations confs = new LightningConfigurations();
+            LightningConfiguration conf = new LightningConfiguration();
+            conf.Type = "grpc";
+            conf.ChainType = _Options.NetworkType.ToString();
+            conf.CryptoCode = cryptoCode;
+            conf.Host = external.BaseUri.DnsSafeHost;
+            conf.Port = external.BaseUri.Port;
+            conf.SSL = external.BaseUri.Scheme == "https";
+            conf.Macaroon = external.Macaroon == null ? null : Encoders.Hex.EncodeData(external.Macaroon);
+            conf.CertificateThumbprint = external.CertificateThumbprint == null ? null : Encoders.Hex.EncodeData(external.CertificateThumbprint);
+            confs.Configurations.Add(conf);
+
+            var nonce = RandomUtils.GetUInt32();
+            var configKey = GetConfigKey("lnd-grpc", cryptoCode, index, nonce);
+            _LnConfigProvider.KeepConfig(configKey, confs);
+            return RedirectToAction(nameof(LndGrpcServices), new { cryptoCode = cryptoCode, nonce = nonce });
+        }
+
+        private LightningConnectionString GetExternalLndConnectionString(string cryptoCode, int index)
+        {
+            var connectionString = _Options.ExternalServicesByCryptoCode.GetServices<ExternalLnd>(cryptoCode).Skip(index).Select(c => c.ConnectionString).FirstOrDefault();
+            if (connectionString == null)
+                return null;
+            connectionString = connectionString.Clone();
+            if (connectionString.MacaroonFilePath != null)
+            {
+                try
+                {
+                    connectionString.Macaroon = System.IO.File.ReadAllBytes(connectionString.MacaroonFilePath);
+                    connectionString.MacaroonFilePath = null;
+                }
+                catch
+                {
+                    Logs.Configuration.LogWarning($"{cryptoCode}: The macaroon file path of the external LND grpc config was not found ({connectionString.MacaroonFilePath})");
+                    return null;
+                }
+            }
+            return connectionString;
+        }
+
+        [Route("server/services/lnd-rest/{cryptoCode}/{index}")]
+        public IActionResult LndRestServices(string cryptoCode, int index, uint? nonce)
+        {
+            if (!_dashBoard.IsFullySynched(cryptoCode, out var unusud))
+            {
+                StatusMessage = $"Error: {cryptoCode} is not fully synched";
+                return RedirectToAction(nameof(Services));
+            }
+            var external = GetExternalLndConnectionString(cryptoCode, index);
+            if (external == null)
+                return NotFound();
+            var model = new LndRestServicesViewModel();
+
+            model.BaseApiUrl = external.BaseUri.ToString();
+            if (external.CertificateThumbprint != null)
+                model.CertificateThumbprint = Encoders.Hex.EncodeData(external.CertificateThumbprint);
+            if (external.Macaroon != null)
+                model.Macaroon = Encoders.Hex.EncodeData(external.Macaroon);
+
+            return View(model);
+        }
+
+        [Route("server/services/ssh")]
+        public IActionResult SSHService(bool downloadKeyFile = false)
+        {
+            var settings = _Options.SSHSettings;
+            if (settings == null)
+                return NotFound();
+            if (downloadKeyFile)
+            {
+                if (!System.IO.File.Exists(settings.KeyFile))
+                    return NotFound();
+                return File(System.IO.File.ReadAllBytes(settings.KeyFile), "application/octet-stream", "id_rsa");
+            }
+            SSHServiceViewModel vm = new SSHServiceViewModel();
+            string port = settings.Port == 22 ? "" : $" -p {settings.Port}";
+            vm.CommandLine = $"ssh {settings.Username}@{settings.Server}{port}";
+            vm.Password = settings.Password;
+            vm.KeyFilePassword = settings.KeyFilePassword;
+            vm.HasKeyFile = !string.IsNullOrEmpty(settings.KeyFile);
+            return View(vm);
+        }
+
        [Route("server/theme")]
        public async Task<IActionResult> Theme()
        {
@ -234,9 +593,6 @@ namespace BTCPayServer.Controllers
        public async Task<IActionResult> Theme(ThemeSettings settings)
        {
            await _SettingsRepository.UpdateSetting(settings);
-            // TODO: remove controller/class-level property and have only reference to 
-            // CssThemeManager here in this method
-            _CssThemeManager.Update(settings);
            TempData["StatusMessage"] = "Theme settings updated successfully";
            return View(settings);
        }
@ -247,10 +603,13 @@ namespace BTCPayServer.Controllers
        {
            if (command == "Test")
            {
-                if (!ModelState.IsValid)
-                    return View(model);
                try
                {
+                    if (!model.Settings.IsComplete())
+                    {
+                        model.StatusMessage = "Error: Required fields missing";
+                        return View(model);
+                    }
                    var client = model.Settings.CreateSmtpClient();
                    await client.SendMailAsync(model.Settings.From, model.TestEmail, "BTCPay test", "BTCPay test");
                    model.StatusMessage = "Email sent to " + model.TestEmail + ", please, verify you received it";
@ -261,15 +620,73 @@ namespace BTCPayServer.Controllers
                }
                return View(model);
            }
-            else
+            else // if(command == "Save")
            {
-                ModelState.Remove(nameof(model.TestEmail));
-                if (!ModelState.IsValid)
-                    return View(model);
                await _SettingsRepository.UpdateSetting(model.Settings);
                model.StatusMessage = "Email settings saved";
                return View(model);
            }
        }
+
+        [Route("server/logs/{file?}")]
+        public async Task<IActionResult> LogsView(string file = null, int offset = 0)
+        {
+            if (offset < 0)
+            {
+                offset = 0;
+            }
+
+            var vm = new LogsViewModel();
+
+            if (string.IsNullOrEmpty(_Options.LogFile))
+            {
+                vm.StatusMessage = "Error: File Logging Option not specified. " +
+                                   "You need to set debuglog and optionally " +
+                                   "debugloglevel in the configuration or through runtime arguments";
+            }
+            else
+            {
+                var di = Directory.GetParent(_Options.LogFile);
+                if (di == null)
+                {
+                    vm.StatusMessage = "Error: Could not load log files";
+                }
+
+                var fileNameWithoutExtension = Path.GetFileNameWithoutExtension(_Options.LogFile);
+                var fileExtension = Path.GetExtension(_Options.LogFile) ?? string.Empty;
+                var logFiles = di.GetFiles($"{fileNameWithoutExtension}*{fileExtension}");
+                vm.LogFileCount = logFiles.Length;
+                vm.LogFiles = logFiles
+                    .OrderBy(info => info.LastWriteTime)
+                    .Skip(offset)
+                    .Take(5)
+                    .ToList();
+                vm.LogFileOffset = offset;
+
+                if (string.IsNullOrEmpty(file)) return View("Logs", vm);
+                vm.Log = "";
+                var path = Path.Combine(di.FullName, file);
+                try
+                {
+                    using (var fileStream = new FileStream(
+                        path,
+                        FileMode.Open,
+                        FileAccess.Read,
+                        FileShare.ReadWrite))
+                    {
+                        using (var reader = new StreamReader(fileStream))
+                        {
+                            vm.Log = await reader.ReadToEndAsync();
+                        }
+                    }
+                }
+                catch
+                {
+                    return NotFound();
+                }
+            }
+
+            return View("Logs", vm);
+        }
    }
 }
--- a/BTCPayServer/Controllers/StoresController.BTCLike.cs
+++ b/BTCPayServer/Controllers/StoresController.BTCLike.cs
@ -10,6 +10,7 @@ using BTCPayServer.Data;
 using BTCPayServer.Models.StoreViewModels;
 using BTCPayServer.Payments;
 using BTCPayServer.Services;
+using LedgerWallet;
 using Microsoft.AspNetCore.Mvc;
 using NBitcoin;
 using NBXplorer.DerivationStrategy;
@ -21,9 +22,9 @@ namespace BTCPayServer.Controllers
    {
        [HttpGet]
        [Route("{storeId}/derivations/{cryptoCode}")]
-        public async Task<IActionResult> AddDerivationScheme(string storeId, string cryptoCode)
+        public IActionResult AddDerivationScheme(string storeId, string cryptoCode)
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
            var network = cryptoCode == null ? null : _ExplorerProvider.GetNetwork(cryptoCode);
@ -33,16 +34,70 @@ namespace BTCPayServer.Controllers
            }

            DerivationSchemeViewModel vm = new DerivationSchemeViewModel();
-            vm.ServerUrl = GetStoreUrl(storeId);
            vm.CryptoCode = cryptoCode;
            vm.RootKeyPath = network.GetRootKeyPath();
            SetExistingValues(store, vm);
            return View(vm);
        }

+        [HttpGet]
+        [Route("{storeId}/derivations/{cryptoCode}/ledger/ws")]
+        public async Task<IActionResult> AddDerivationSchemeLedger(
+            string storeId,
+            string cryptoCode,
+            string command,
+            int account = 0)
+        {
+            if (!HttpContext.WebSockets.IsWebSocketRequest)
+                return NotFound();
+
+            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
+            var hw = new HardwareWalletService(webSocket);
+            object result = null;
+            var network = _NetworkProvider.GetNetwork(cryptoCode);
+
+            using (var normalOperationTimeout = new CancellationTokenSource())
+            {
+                normalOperationTimeout.CancelAfter(TimeSpan.FromMinutes(30));
+                try
+                {
+                    if (command == "test")
+                    {
+                        result = await hw.Test(normalOperationTimeout.Token);
+                    }
+                    if (command == "getxpub")
+                    {
+                        var getxpubResult = await hw.GetExtPubKey(network, account, normalOperationTimeout.Token);
+                        result = getxpubResult;
+                    }
+                }
+                catch (OperationCanceledException)
+                { result = new LedgerTestResult() { Success = false, Error = "Timeout" }; }
+                catch (Exception ex)
+                { result = new LedgerTestResult() { Success = false, Error = ex.Message }; }
+                finally { hw.Dispose(); }
+                try
+                {
+                    if (result != null)
+                    {
+                        UTF8Encoding UTF8NOBOM = new UTF8Encoding(false);
+                        var bytes = UTF8NOBOM.GetBytes(JsonConvert.SerializeObject(result, MvcJsonOptions.Value.SerializerSettings));
+                        await webSocket.SendAsync(new ArraySegment<byte>(bytes), WebSocketMessageType.Text, true, new CancellationTokenSource(2000).Token);
+                    }
+                }
+                catch { }
+                finally
+                {
+                    await webSocket.CloseSocket();
+                }
+            }
+            return new EmptyResult();
+        }
+
        private void SetExistingValues(StoreData store, DerivationSchemeViewModel vm)
        {
            vm.DerivationScheme = GetExistingDerivationStrategy(vm.CryptoCode, store)?.DerivationStrategyBase.ToString();
+            vm.Enabled = !store.GetStoreBlob().IsExcluded(new PaymentMethodId(vm.CryptoCode, PaymentTypes.BTCLike));
        }

        private DerivationStrategy GetExistingDerivationStrategy(string cryptoCode, StoreData store)
@ -58,9 +113,8 @@ namespace BTCPayServer.Controllers
        [Route("{storeId}/derivations/{cryptoCode}")]
        public async Task<IActionResult> AddDerivationScheme(string storeId, DerivationSchemeViewModel vm, string cryptoCode)
        {
-            vm.ServerUrl = GetStoreUrl(storeId);
            vm.CryptoCode = cryptoCode;
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();

@ -77,6 +131,11 @@ namespace BTCPayServer.Controllers
            }

            PaymentMethodId paymentMethodId = new PaymentMethodId(network.CryptoCode, PaymentTypes.BTCLike);
+            var exisingStrategy = store.GetSupportedPaymentMethods(_NetworkProvider)
+                                       .Where(c => c.PaymentId == paymentMethodId)
+                                       .OfType<DerivationStrategy>()
+                                       .Select(c => c.DerivationStrategyBase.ToString())
+                                       .FirstOrDefault();
            DerivationStrategy strategy = null;
            try
            {
@ -92,11 +151,40 @@ namespace BTCPayServer.Controllers
                vm.Confirmation = false;
                return View(vm);
            }
+            var storeBlob = store.GetStoreBlob();
+            var wasExcluded = storeBlob.GetExcludedPaymentMethods().Match(paymentMethodId);
+            var willBeExcluded = !vm.Enabled;

-            if (!vm.Confirmation && strategy != null)
-                return ShowAddresses(vm, strategy);
+            var showAddress = // Show addresses if:
+                              // - If the user is testing the hint address in confirmation screen
+                              (vm.Confirmation && !string.IsNullOrWhiteSpace(vm.HintAddress)) ||
+                              // - The user is setting a new derivation scheme
+                              (!vm.Confirmation && strategy != null && exisingStrategy != strategy.DerivationStrategyBase.ToString()) ||
+                              // - The user is clicking on continue without changing anything   
+                              (!vm.Confirmation && willBeExcluded == wasExcluded);

-            if (vm.Confirmation && !string.IsNullOrWhiteSpace(vm.HintAddress))
+            showAddress = showAddress && strategy != null;
+            if (!showAddress)
+            {
+                try
+                {
+                    if (strategy != null)
+                        await wallet.TrackAsync(strategy.DerivationStrategyBase);
+                    store.SetSupportedPaymentMethod(paymentMethodId, strategy);
+                    storeBlob.SetExcluded(paymentMethodId, willBeExcluded);
+                    store.SetStoreBlob(storeBlob);
+                }
+                catch
+                {
+                    ModelState.AddModelError(nameof(vm.DerivationScheme), "Invalid Derivation Scheme");
+                    return View(vm);
+                }
+
+                await _Repo.UpdateStore(store);
+                StatusMessage = $"Derivation scheme for {network.CryptoCode} has been modified.";
+                return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
+            }
+            else if (!string.IsNullOrEmpty(vm.HintAddress))
            {
                BitcoinAddress address = null;
                try
@ -122,26 +210,8 @@ namespace BTCPayServer.Controllers
                vm.StatusMessage = "Address successfully found, please verify that the rest is correct and click on \"Confirm\"";
                ModelState.Remove(nameof(vm.HintAddress));
                ModelState.Remove(nameof(vm.DerivationScheme));
-                return ShowAddresses(vm, strategy);
-            }
-            else
-            {
-                try
-                {
-                    if (strategy != null)
-                        await wallet.TrackAsync(strategy.DerivationStrategyBase);
-                    store.SetSupportedPaymentMethod(paymentMethodId, strategy);
-                }
-                catch
-                {
-                    ModelState.AddModelError(nameof(vm.DerivationScheme), "Invalid Derivation Scheme");
-                    return View(vm);
-                }
-
-                await _Repo.UpdateStore(store);
-                StatusMessage = $"Derivation scheme for {network.CryptoCode} has been modified.";
-                return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
            }
+            return ShowAddresses(vm, strategy);
        }

        private IActionResult ShowAddresses(DerivationSchemeViewModel vm, DerivationStrategy strategy)
@ -160,199 +230,5 @@ namespace BTCPayServer.Controllers
            vm.Confirmation = true;
            return View(vm);
        }
-
-
-        public class GetInfoResult
-        {
-            public int RecommendedSatoshiPerByte { get; set; }
-            public double Balance { get; set; }
-        }
-
-        public class SendToAddressResult
-        {
-            public string TransactionId { get; set; }
-        }
-
-        [HttpGet]
-        [Route("{storeId}/ws/ledger")]
-        public async Task<IActionResult> LedgerConnection(
-            string storeId,
-            string command,
-            // getinfo
-            string cryptoCode = null,
-            // getxpub
-            int account = 0,
-            // sendtoaddress
-            string destination = null, string amount = null, string feeRate = null, string substractFees = null
-            )
-        {
-            if (!HttpContext.WebSockets.IsWebSocketRequest)
-                return NotFound();
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-
-            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
-
-            var hw = new HardwareWalletService(webSocket);
-            object result = null;
-            try
-            {
-                BTCPayNetwork network = null;
-                if (cryptoCode != null)
-                {
-                    network = _NetworkProvider.GetNetwork(cryptoCode);
-                    if (network == null)
-                        throw new FormatException("Invalid value for crypto code");
-                }
-
-                BitcoinAddress destinationAddress = null;
-                if (destination != null)
-                {
-                    try
-                    {
-                        destinationAddress = BitcoinAddress.Create(destination, network.NBitcoinNetwork);
-                    }
-                    catch { }
-                    if (destinationAddress == null)
-                        throw new FormatException("Invalid value for destination");
-                }
-
-                FeeRate feeRateValue = null;
-                if (feeRate != null)
-                {
-                    try
-                    {
-                        feeRateValue = new FeeRate(Money.Satoshis(int.Parse(feeRate, CultureInfo.InvariantCulture)), 1);
-                    }
-                    catch { }
-                    if (feeRateValue == null || feeRateValue.FeePerK <= Money.Zero)
-                        throw new FormatException("Invalid value for fee rate");
-                }
-
-                Money amountBTC = null;
-                if (amount != null)
-                {
-                    try
-                    {
-                        amountBTC = Money.Parse(amount);
-                    }
-                    catch { }
-                    if (amountBTC == null || amountBTC <= Money.Zero)
-                        throw new FormatException("Invalid value for amount");
-                }
-
-                bool subsctractFeesValue = false;
-                if (substractFees != null)
-                {
-                    try
-                    {
-                        subsctractFeesValue = bool.Parse(substractFees);
-                    }
-                    catch { throw new FormatException("Invalid value for subtract fees"); }
-                }
-                if (command == "test")
-                {
-                    result = await hw.Test();
-                }
-                if (command == "getxpub")
-                {
-                    var getxpubResult = await hw.GetExtPubKey(network, account);
-                    result = getxpubResult;
-                }
-                if (command == "getinfo")
-                {
-                    var strategy = GetDirectDerivationStrategy(store, network);
-                    var strategyBase = GetDerivationStrategy(store, network);
-                    if (strategy == null || !await hw.SupportDerivation(network, strategy))
-                    {
-                        throw new Exception($"This store is not configured to use this ledger");
-                    }
-
-                    var feeProvider = _FeeRateProvider.CreateFeeProvider(network);
-                    var recommendedFees = feeProvider.GetFeeRateAsync();
-                    var balance = _WalletProvider.GetWallet(network).GetBalance(strategyBase);
-                    result = new GetInfoResult() { Balance = (double)(await balance).ToDecimal(MoneyUnit.BTC), RecommendedSatoshiPerByte = (int)(await recommendedFees).GetFee(1).Satoshi };
-                }
-
-                if (command == "sendtoaddress")
-                {
-                    if (!_Dashboard.IsFullySynched(network.CryptoCode, out var summary))
-                        throw new Exception($"{network.CryptoCode}: not started or fully synched");
-                    var strategy = GetDirectDerivationStrategy(store, network);
-                    var strategyBase = GetDerivationStrategy(store, network);
-                    var wallet = _WalletProvider.GetWallet(network);
-                    var change = wallet.GetChangeAddressAsync(strategyBase);
-
-                    var unspentCoins = await wallet.GetUnspentCoins(strategyBase);
-                    var changeAddress = await change;
-                    var transaction = await hw.SendToAddress(strategy, unspentCoins, network,
-                                            new[] { (destinationAddress as IDestination, amountBTC, subsctractFeesValue) },
-                                            feeRateValue,
-                                            changeAddress.Item1,
-                                            changeAddress.Item2, summary.Status.BitcoinStatus.MinRelayTxFee);
-                    try
-                    {
-                        var broadcastResult = await wallet.BroadcastTransactionsAsync(new List<Transaction>() { transaction });
-                        if (!broadcastResult[0].Success)
-                        {
-                            throw new Exception($"RPC Error while broadcasting: {broadcastResult[0].RPCCode} {broadcastResult[0].RPCCodeMessage} {broadcastResult[0].RPCMessage}");
-                        }
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("Error while broadcasting: " + ex.Message);
-                    }
-                    wallet.InvalidateCache(strategyBase);
-                    result = new SendToAddressResult() { TransactionId = transaction.GetHash().ToString() };
-                }
-            }
-            catch (OperationCanceledException)
-            { result = new LedgerTestResult() { Success = false, Error = "Timeout" }; }
-            catch (Exception ex)
-            { result = new LedgerTestResult() { Success = false, Error = ex.Message }; }
-
-            try
-            {
-                if (result != null)
-                {
-                    UTF8Encoding UTF8NOBOM = new UTF8Encoding(false);
-                    var bytes = UTF8NOBOM.GetBytes(JsonConvert.SerializeObject(result, _MvcJsonOptions.SerializerSettings));
-                    await webSocket.SendAsync(new ArraySegment<byte>(bytes), WebSocketMessageType.Text, true, new CancellationTokenSource(2000).Token);
-                }
-            }
-            catch { }
-            finally
-            {
-                await webSocket.CloseSocket();
-            }
-
-            return new EmptyResult();
-        }
-
-        private DirectDerivationStrategy GetDirectDerivationStrategy(StoreData store, BTCPayNetwork network)
-        {
-            var strategy = GetDerivationStrategy(store, network);
-            var directStrategy = strategy as DirectDerivationStrategy;
-            if (directStrategy == null)
-                directStrategy = (strategy as P2SHDerivationStrategy).Inner as DirectDerivationStrategy;
-            if (!directStrategy.Segwit)
-                return null;
-            return directStrategy;
-        }
-
-        private DerivationStrategyBase GetDerivationStrategy(StoreData store, BTCPayNetwork network)
-        {
-            var strategy = store
-                            .GetSupportedPaymentMethods(_NetworkProvider)
-                            .OfType<DerivationStrategy>()
-                            .FirstOrDefault(s => s.Network.NBitcoinNetwork == network.NBitcoinNetwork);
-            if (strategy == null)
-            {
-                throw new Exception($"Derivation strategy for {network.CryptoCode} is not set");
-            }
-
-            return strategy.DerivationStrategyBase;
-        }
    }
 }
--- a/BTCPayServer/Controllers/StoresController.Changelly.cs
+++ b/BTCPayServer/Controllers/StoresController.Changelly.cs
@ -0,0 +1,96 @@
+using System;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Payments.Changelly;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers
+{
+    public partial class StoresController
+    {
+        [HttpGet]
+        [Route("{storeId}/changelly")]
+        public IActionResult UpdateChangellySettings(string storeId)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            UpdateChangellySettingsViewModel vm = new UpdateChangellySettingsViewModel();
+            SetExistingValues(store, vm);
+            return View(vm);
+        }
+
+        private void SetExistingValues(StoreData store, UpdateChangellySettingsViewModel vm)
+        {
+
+            var existing = store.GetStoreBlob().ChangellySettings;
+            if (existing == null) return;
+            vm.ApiKey = existing.ApiKey;
+            vm.ApiSecret = existing.ApiSecret;
+            vm.ApiUrl = existing.ApiUrl;
+            vm.ChangellyMerchantId = existing.ChangellyMerchantId;
+            vm.Enabled = existing.Enabled;
+            vm.AmountMarkupPercentage = existing.AmountMarkupPercentage;
+            vm.ShowFiat = existing.ShowFiat;
+
+        }
+
+        [HttpPost]
+        [Route("{storeId}/changelly")]
+        public async Task<IActionResult> UpdateChangellySettings(string storeId, UpdateChangellySettingsViewModel vm,
+            string command)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            if (vm.Enabled)
+            {
+                if (!ModelState.IsValid)
+                {
+                    return View(vm);
+                }
+            }
+
+            var changellySettings = new ChangellySettings()
+            {
+                ApiKey = vm.ApiKey,
+                ApiSecret = vm.ApiSecret,
+                ApiUrl = vm.ApiUrl,
+                ChangellyMerchantId = vm.ChangellyMerchantId,
+                Enabled = vm.Enabled,
+                AmountMarkupPercentage = vm.AmountMarkupPercentage,
+                ShowFiat = vm.ShowFiat
+            };
+            
+            switch (command)
+            {
+                case "save":
+                    var storeBlob = store.GetStoreBlob();
+                    storeBlob.ChangellySettings = changellySettings;
+                    store.SetStoreBlob(storeBlob);
+                    await _Repo.UpdateStore(store);
+                    StatusMessage = "Changelly settings modified";
+                    _changellyClientProvider.InvalidateClient(storeId);
+                    return RedirectToAction(nameof(UpdateStore), new {
+                        storeId});
+                case "test":
+                    try
+                    {
+                        var client = new Changelly(_httpClientFactory, changellySettings.ApiKey, changellySettings.ApiSecret,
+                            changellySettings.ApiUrl);
+                        var result = await client.GetCurrenciesFull();
+                        vm.StatusMessage = "Test Successful";
+                        return View(vm);
+                    }
+                    catch (Exception ex)
+                    {
+                        vm.StatusMessage = $"Error: {ex.Message}";
+                        return View(vm);
+                    }
+                default:
+                    return View(vm);
+            }
+        }
+    }
+}
--- a/BTCPayServer/Controllers/StoresController.LightningLike.cs
+++ b/BTCPayServer/Controllers/StoresController.LightningLike.cs
@ -5,12 +5,12 @@ using System.Linq;
 using System.Threading.Tasks;
 using BTCPayServer.Models.StoreViewModels;
 using BTCPayServer.Payments;
-using BTCPayServer.Payments.Lightning.CLightning;
 using Microsoft.AspNetCore.Mvc;
 using BTCPayServer.Payments.Lightning;
 using System.Net;
 using BTCPayServer.Data;
 using System.Threading;
+using BTCPayServer.Lightning;

 namespace BTCPayServer.Controllers
 {
@ -19,23 +19,25 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("{storeId}/lightning/{cryptoCode}")]
-        public async Task<IActionResult> AddLightningNode(string storeId, string cryptoCode)
+        public IActionResult AddLightningNode(string storeId, string cryptoCode)
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
-            LightningNodeViewModel vm = new LightningNodeViewModel();
-            vm.CryptoCode = cryptoCode;
-            vm.InternalLightningNode = GetInternalLighningNode(cryptoCode)?.ToUri(true)?.AbsoluteUri;
+            LightningNodeViewModel vm = new LightningNodeViewModel
+            {
+                CryptoCode = cryptoCode,
+                InternalLightningNode = GetInternalLighningNode(cryptoCode)?.ToString()
+            };
            SetExistingValues(store, vm);
            return View(vm);
        }

        private void SetExistingValues(StoreData store, LightningNodeViewModel vm)
        {
-            vm.Url = GetExistingLightningSupportedPaymentMethod(vm.CryptoCode, store)?.GetLightningUrl()?.ToString();
+            vm.ConnectionString = GetExistingLightningSupportedPaymentMethod(vm.CryptoCode, store)?.GetLightningUrl()?.ToString();
+            vm.Enabled = !store.GetStoreBlob().IsExcluded(new PaymentMethodId(vm.CryptoCode, PaymentTypes.LightningLike));
        }
-
        private LightningSupportedPaymentMethod GetExistingLightningSupportedPaymentMethod(string cryptoCode, StoreData store)
        {
            var id = new PaymentMethodId(cryptoCode, PaymentTypes.LightningLike);
@ -59,13 +61,13 @@ namespace BTCPayServer.Controllers
        public async Task<IActionResult> AddLightningNode(string storeId, LightningNodeViewModel vm, string command, string cryptoCode)
        {
            vm.CryptoCode = cryptoCode;
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
            var network = vm.CryptoCode == null ? null : _ExplorerProvider.GetNetwork(vm.CryptoCode);

            var internalLightning = GetInternalLighningNode(network.CryptoCode);
-            vm.InternalLightningNode = internalLightning?.ToUri(true)?.AbsoluteUri;
+            vm.InternalLightningNode = internalLightning?.ToString();
            if (network == null)
            {
                ModelState.AddModelError(nameof(vm.CryptoCode), "Invalid network");
@ -74,33 +76,57 @@ namespace BTCPayServer.Controllers

            PaymentMethodId paymentMethodId = new PaymentMethodId(network.CryptoCode, PaymentTypes.LightningLike);
            Payments.Lightning.LightningSupportedPaymentMethod paymentMethod = null;
-            if (!string.IsNullOrEmpty(vm.Url))
+            if (!string.IsNullOrEmpty(vm.ConnectionString))
            {
-                if (!LightningConnectionString.TryParse(vm.Url, out var connectionString, out var error))
+                if (!LightningConnectionString.TryParse(vm.ConnectionString, false, out var connectionString, out var error))
                {
-                    ModelState.AddModelError(nameof(vm.Url), $"Invalid URL ({error})");
+                    ModelState.AddModelError(nameof(vm.ConnectionString), $"Invalid URL ({error})");
                    return View(vm);
                }

-                var internalDomain = internalLightning?.ToUri(false)?.DnsSafeHost;
-                bool isLocal = (internalDomain == "127.0.0.1" || internalDomain == "localhost");
+                if(connectionString.ConnectionType == LightningConnectionType.LndGRPC)
+                {
+                    ModelState.AddModelError(nameof(vm.ConnectionString), $"BTCPay does not support gRPC connections");
+                    return View(vm);
+                }
+
+                var internalDomain = internalLightning?.BaseUri?.DnsSafeHost;

                bool isInternalNode = connectionString.ConnectionType == LightningConnectionType.CLightning ||
                                      connectionString.BaseUri.DnsSafeHost == internalDomain ||
-                                      isLocal;
+                                      (internalDomain == "127.0.0.1" || internalDomain == "localhost");

-                if (connectionString.BaseUri.Scheme == "http" && !isLocal)
+                if (connectionString.BaseUri.Scheme == "http")
                {
-                    if (!isInternalNode || (isInternalNode && !CanUseInternalLightning()))
+                    if (!isInternalNode)
                    {
-                        ModelState.AddModelError(nameof(vm.Url), "The url must be HTTPS");
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "The url must be HTTPS");
+                        return View(vm);
+                    }
+                }
+
+                if(connectionString.MacaroonFilePath != null)
+                {
+                    if(!CanUseInternalLightning())
+                    {
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "You are not authorized to use macaroonfilepath");
+                        return View(vm);
+                    }
+                    if(!System.IO.File.Exists(connectionString.MacaroonFilePath))
+                    {
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "The macaroonfilepath file does not exist");
+                        return View(vm);
+                    }
+                    if(!System.IO.Path.IsPathRooted(connectionString.MacaroonFilePath))
+                    {
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "The macaroonfilepath should be fully rooted");
                        return View(vm);
                    }
                }

                if (isInternalNode && !CanUseInternalLightning())
                {
-                    ModelState.AddModelError(nameof(vm.Url), "Unauthorized url");
+                    ModelState.AddModelError(nameof(vm.ConnectionString), "Unauthorized url");
                    return View(vm);
                }

@ -110,39 +136,42 @@ namespace BTCPayServer.Controllers
                };
                paymentMethod.SetLightningUrl(connectionString);
            }
-            if (command == "save")
+
+            switch (command)
            {
-                store.SetSupportedPaymentMethod(paymentMethodId, paymentMethod);
-                await _Repo.UpdateStore(store);
-                StatusMessage = $"Lightning node modified ({network.CryptoCode})";
-                return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
-            }
-            else // if(command == "test")
-            {
-                if (paymentMethod == null)
-                {
-                    ModelState.AddModelError(nameof(vm.Url), "Missing url parameter");
+                case "save":
+                    var storeBlob = store.GetStoreBlob();
+                    storeBlob.SetExcluded(paymentMethodId, !vm.Enabled);
+                    store.SetStoreBlob(storeBlob);
+                    store.SetSupportedPaymentMethod(paymentMethodId, paymentMethod);
+                    await _Repo.UpdateStore(store);
+                    StatusMessage = $"Lightning node modified ({network.CryptoCode})";
+                    return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
+                case "test" when paymentMethod == null:
+                    ModelState.AddModelError(nameof(vm.ConnectionString), "Missing url parameter");
                    return View(vm);
-                }
-                var handler = (LightningLikePaymentHandler)_ServiceProvider.GetRequiredService<IPaymentMethodHandler<Payments.Lightning.LightningSupportedPaymentMethod>>();
-                try
-                {
-                    var info = await handler.Test(paymentMethod, network);
-                    if (!vm.SkipPortTest)
+                case "test":
+                    var handler = (LightningLikePaymentHandler)_ServiceProvider.GetRequiredService<IPaymentMethodHandler<Payments.Lightning.LightningSupportedPaymentMethod>>();
+                    try
                    {
-                        using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(20)))
+                        var info = await handler.Test(paymentMethod, network);
+                        if (!vm.SkipPortTest)
                        {
-                            await handler.TestConnection(info, cts.Token);
+                            using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(20)))
+                            {
+                                await handler.TestConnection(info, cts.Token);
+                            }
                        }
+                        vm.StatusMessage = $"Connection to the lightning node succeeded ({info})";
+                    }
+                    catch (Exception ex)
+                    {
+                        vm.StatusMessage = $"Error: {ex.Message}";
+                        return View(vm);
                    }
-                    vm.StatusMessage = $"Connection to the lightning node succeed ({info})";
-                }
-                catch (Exception ex)
-                {
-                    vm.StatusMessage = $"Error: {ex.Message}";
                    return View(vm);
-                }
-                return View(vm);
+                default:
+                    return View(vm);
            }
        }

--- a/BTCPayServer/Controllers/StoresController.cs
+++ b/BTCPayServer/Controllers/StoresController.cs
@ -1,14 +1,24 @@
-using BTCPayServer.Authentication;
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using BTCPayServer.Authentication;
 using BTCPayServer.Configuration;
 using BTCPayServer.Data;
-using BTCPayServer.HostedServices;
 using BTCPayServer.Models;
+using BTCPayServer.Models.AppViewModels;
 using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Rating;
+using BTCPayServer.Security;
 using BTCPayServer.Services;
 using BTCPayServer.Services.Rates;
 using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
@ -16,66 +26,58 @@ using Microsoft.AspNetCore.Mvc.Rendering;
 using Microsoft.Extensions.Options;
 using NBitcoin;
 using NBitcoin.DataEncoders;
-using NBXplorer.DerivationStrategy;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net.Http;
-using System.Threading;
-using System.Threading.Tasks;

 namespace BTCPayServer.Controllers
 {
    [Route("stores")]
-    [Authorize(AuthenticationSchemes = "Identity.Application")]
-    [Authorize(Policy = StorePolicies.OwnStore)]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+    [Authorize(Policy = Policies.CanModifyStoreSettings.Key)]
    [AutoValidateAntiforgeryToken]
    public partial class StoresController : Controller
    {
+        RateFetcher _RateFactory;
        public string CreatedStoreId { get; set; }
        public StoresController(
-            NBXplorerDashboard dashboard,
            IServiceProvider serviceProvider,
            BTCPayServerOptions btcpayServerOptions,
            BTCPayServerEnvironment btcpayEnv,
-            IOptions<MvcJsonOptions> mvcJsonOptions,
            StoreRepository repo,
            TokenRepository tokenRepo,
            UserManager<ApplicationUser> userManager,
            AccessTokenController tokenController,
            BTCPayWalletProvider walletProvider,
            BTCPayNetworkProvider networkProvider,
+            RateFetcher rateFactory,
            ExplorerClientProvider explorerProvider,
            IFeeProviderFactory feeRateProvider,
            LanguageService langService,
-            IHostingEnvironment env,
-            CoinAverageSettings coinAverage)
+            ChangellyClientProvider changellyClientProvider,
+            IOptions<MvcJsonOptions> mvcJsonOptions,
+            IHostingEnvironment env, IHttpClientFactory httpClientFactory)
        {
-            _Dashboard = dashboard;
+            _RateFactory = rateFactory;
            _Repo = repo;
            _TokenRepository = tokenRepo;
            _UserManager = userManager;
            _LangService = langService;
+            _changellyClientProvider = changellyClientProvider;
+            MvcJsonOptions = mvcJsonOptions;
            _TokenController = tokenController;
            _WalletProvider = walletProvider;
            _Env = env;
+            _httpClientFactory = httpClientFactory;
            _NetworkProvider = networkProvider;
            _ExplorerProvider = explorerProvider;
-            _MvcJsonOptions = mvcJsonOptions.Value;
            _FeeRateProvider = feeRateProvider;
            _ServiceProvider = serviceProvider;
            _BtcpayServerOptions = btcpayServerOptions;
            _BTCPayEnv = btcpayEnv;
-            _CoinAverage = coinAverage;
        }
-        CoinAverageSettings _CoinAverage;
-        NBXplorerDashboard _Dashboard;
        BTCPayServerOptions _BtcpayServerOptions;
        BTCPayServerEnvironment _BTCPayEnv;
        IServiceProvider _ServiceProvider;
        BTCPayNetworkProvider _NetworkProvider;
        private ExplorerClientProvider _ExplorerProvider;
-        private MvcJsonOptions _MvcJsonOptions;
        private IFeeProviderFactory _FeeRateProvider;
        BTCPayWalletProvider _WalletProvider;
        AccessTokenController _TokenController;
@ -83,7 +85,9 @@ namespace BTCPayServer.Controllers
        TokenRepository _TokenRepository;
        UserManager<ApplicationUser> _UserManager;
        private LanguageService _LangService;
+        private readonly ChangellyClientProvider _changellyClientProvider;
        IHostingEnvironment _Env;
+        private IHttpClientFactory _httpClientFactory;

        [TempData]
        public string StatusMessage
@ -91,37 +95,19 @@ namespace BTCPayServer.Controllers
            get; set;
        }

-        [HttpGet]
-        [Route("{storeId}/wallet/{cryptoCode}")]
-        public async Task<IActionResult> Wallet(string storeId, string cryptoCode)
-        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            WalletModel model = new WalletModel();
-            model.ServerUrl = GetStoreUrl(storeId);
-            model.CryptoCurrency = cryptoCode;
-            return View(model);
-        }
-
-        private string GetStoreUrl(string storeId)
-        {
-            return HttpContext.Request.GetAbsoluteRoot() + "/stores/" + storeId + "/";
-        }
-
        [HttpGet]
        [Route("{storeId}/users")]
-        public async Task<IActionResult> StoreUsers(string storeId)
+        public async Task<IActionResult> StoreUsers()
        {
            StoreUsersViewModel vm = new StoreUsersViewModel();
-            await FillUsers(storeId, vm);
+            await FillUsers(vm);
            return View(vm);
        }

-        private async Task FillUsers(string storeId, StoreUsersViewModel vm)
+        private async Task FillUsers(StoreUsersViewModel vm)
        {
-            var users = await _Repo.GetStoreUsers(storeId);
-            vm.StoreId = storeId;
+            var users = await _Repo.GetStoreUsers(StoreData.Id);
+            vm.StoreId = StoreData.Id;
            vm.Users = users.Select(u => new StoreUsersViewModel.StoreUserViewModel()
            {
                Email = u.Email,
@ -130,11 +116,20 @@ namespace BTCPayServer.Controllers
            }).ToList();
        }

+        public StoreData StoreData
+        {
+            get
+            {
+                return this.HttpContext.GetStoreData();
+            }
+        }
+
+
        [HttpPost]
        [Route("{storeId}/users")]
-        public async Task<IActionResult> StoreUsers(string storeId, StoreUsersViewModel vm)
+        public async Task<IActionResult> StoreUsers(StoreUsersViewModel vm)
        {
-            await FillUsers(storeId, vm);
+            await FillUsers(vm);
            if (!ModelState.IsValid)
            {
                return View(vm);
@ -150,7 +145,7 @@ namespace BTCPayServer.Controllers
                ModelState.AddModelError(nameof(vm.Role), "Invalid role");
                return View(vm);
            }
-            if (!await _Repo.AddStoreUser(storeId, user.Id, vm.Role))
+            if (!await _Repo.AddStoreUser(StoreData.Id, user.Id, vm.Role))
            {
                ModelState.AddModelError(nameof(vm.Email), "The user already has access to this store");
                return View(vm);
@ -161,19 +156,16 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("{storeId}/users/{userId}/delete")]
-        public async Task<IActionResult> DeleteStoreUser(string storeId, string userId)
+        public async Task<IActionResult> DeleteStoreUser(string userId)
        {
            StoreUsersViewModel vm = new StoreUsersViewModel();
-            var store = await _Repo.FindStore(storeId, userId);
-            if (store == null)
-                return NotFound();
            var user = await _UserManager.FindByIdAsync(userId);
            if (user == null)
                return NotFound();
            return View("Confirm", new ConfirmModel()
            {
                Title = $"Remove store user",
-                Description = $"Are you sure to remove access to remove {store.Role} access to {user.Email}?",
+                Description = $"Are you sure to remove access to remove access to {user.Email}?",
                Action = "Delete"
            });
        }
@ -188,28 +180,164 @@ namespace BTCPayServer.Controllers
        }

        [HttpGet]
-        [Route("{storeId}/checkout")]
-        public async Task<IActionResult> CheckoutExperience(string storeId)
+        [Route("{storeId}/rates")]
+        public IActionResult Rates()
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            var storeBlob = store.GetStoreBlob();
+            var storeBlob = StoreData.GetStoreBlob();
+            var vm = new RatesViewModel();
+            vm.SetExchangeRates(GetSupportedExchanges(), storeBlob.PreferredExchange ?? CoinAverageRateProvider.CoinAverageName);
+            vm.Spread = (double)(storeBlob.Spread * 100m);
+            vm.Script = storeBlob.GetRateRules(_NetworkProvider).ToString();
+            vm.DefaultScript = storeBlob.GetDefaultRateRules(_NetworkProvider).ToString();
+            vm.AvailableExchanges = GetSupportedExchanges();
+            vm.ShowScripting = storeBlob.RateScripting;
+            return View(vm);
+        }
+
+        [HttpPost]
+        [Route("{storeId}/rates")]
+        public async Task<IActionResult> Rates(RatesViewModel model, string command = null)
+        {
+            model.SetExchangeRates(GetSupportedExchanges(), model.PreferredExchange);
+            if (!ModelState.IsValid)
+            {
+                return View(model);
+            }
+            if (model.PreferredExchange != null)
+                model.PreferredExchange = model.PreferredExchange.Trim().ToLowerInvariant();
+
+            var blob = StoreData.GetStoreBlob();
+            model.DefaultScript = blob.GetDefaultRateRules(_NetworkProvider).ToString();
+            model.AvailableExchanges = GetSupportedExchanges();
+
+            blob.PreferredExchange = model.PreferredExchange;
+            blob.Spread = (decimal)model.Spread / 100.0m;
+
+            if (!model.ShowScripting)
+            {
+                if (!GetSupportedExchanges().Select(c => c.Name).Contains(blob.PreferredExchange, StringComparer.OrdinalIgnoreCase))
+                {
+                    ModelState.AddModelError(nameof(model.PreferredExchange), $"Unsupported exchange ({model.RateSource})");
+                    return View(model);
+                }
+            }
+            RateRules rules = null;
+            if (model.ShowScripting)
+            {
+                if (!RateRules.TryParse(model.Script, out rules, out var errors))
+                {
+                    errors = errors ?? new List<RateRulesErrors>();
+                    var errorString = String.Join(", ", errors.ToArray());
+                    ModelState.AddModelError(nameof(model.Script), $"Parsing error ({errorString})");
+                    return View(model);
+                }
+                else
+                {
+                    blob.RateScript = rules.ToString();
+                    ModelState.Remove(nameof(model.Script));
+                    model.Script = blob.RateScript;
+                }
+            }
+            rules = blob.GetRateRules(_NetworkProvider);
+
+            if (command == "Test")
+            {
+                if (string.IsNullOrWhiteSpace(model.ScriptTest))
+                {
+                    ModelState.AddModelError(nameof(model.ScriptTest), "Fill out currency pair to test for (like BTC_USD,BTC_CAD)");
+                    return View(model);
+                }
+                var splitted = model.ScriptTest.Split(',', StringSplitOptions.RemoveEmptyEntries);
+
+                var pairs = new List<CurrencyPair>();
+                foreach (var pair in splitted)
+                {
+                    if (!CurrencyPair.TryParse(pair, out var currencyPair))
+                    {
+                        ModelState.AddModelError(nameof(model.ScriptTest), $"Invalid currency pair '{pair}' (it should be formatted like BTC_USD,BTC_CAD)");
+                        return View(model);
+                    }
+                    pairs.Add(currencyPair);
+                }
+
+                var fetchs = _RateFactory.FetchRates(pairs.ToHashSet(), rules);
+                var testResults = new List<RatesViewModel.TestResultViewModel>();
+                foreach (var fetch in fetchs)
+                {
+                    var testResult = await (fetch.Value);
+                    testResults.Add(new RatesViewModel.TestResultViewModel()
+                    {
+                        CurrencyPair = fetch.Key.ToString(),
+                        Error = testResult.Errors.Count != 0,
+                        Rule = testResult.Errors.Count == 0 ? testResult.Rule + " = " + testResult.BidAsk.Bid.ToString(CultureInfo.InvariantCulture)
+                                                            : testResult.EvaluatedRule
+                    });
+                }
+                model.TestRateRules = testResults;
+                return View(model);
+            }
+            else // command == Save
+            {
+                if (StoreData.SetStoreBlob(blob))
+                {
+                    await _Repo.UpdateStore(StoreData);
+                    StatusMessage = "Rate settings updated";
+                }
+                return RedirectToAction(nameof(Rates), new
+                {
+                    storeId = StoreData.Id
+                });
+            }
+        }
+
+        [HttpGet]
+        [Route("{storeId}/rates/confirm")]
+        public IActionResult ShowRateRules(bool scripting)
+        {
+            return View("Confirm", new ConfirmModel()
+            {
+                Action = "Continue",
+                Title = "Rate rule scripting",
+                Description = scripting ?
+                                "This action will modify your current rate sources. Are you sure to turn on rate rules scripting? (Advanced users)"
+                                : "This action will delete your rate script. Are you sure to turn off rate rules scripting?",
+                ButtonClass = "btn-primary"
+            });
+        }
+
+        [HttpPost]
+        [Route("{storeId}/rates/confirm")]
+        public async Task<IActionResult> ShowRateRulesPost(bool scripting)
+        {
+            var blob = StoreData.GetStoreBlob();
+            blob.RateScripting = scripting;
+            blob.RateScript = blob.GetDefaultRateRules(_NetworkProvider).ToString();
+            StoreData.SetStoreBlob(blob);
+            await _Repo.UpdateStore(StoreData);
+            StatusMessage = "Rate rules scripting activated";
+            return RedirectToAction(nameof(Rates), new { storeId = StoreData.Id });
+        }
+
+        [HttpGet]
+        [Route("{storeId}/checkout")]
+        public IActionResult CheckoutExperience()
+        {
+            var storeBlob = StoreData.GetStoreBlob();
            var vm = new CheckoutExperienceViewModel();
-            vm.SetCryptoCurrencies(_ExplorerProvider, store.GetDefaultCrypto());
+            vm.SetCryptoCurrencies(_ExplorerProvider, StoreData.GetDefaultCrypto(_NetworkProvider));
            vm.SetLanguages(_LangService, storeBlob.DefaultLang);
            vm.LightningMaxValue = storeBlob.LightningMaxValue?.ToString() ?? "";
            vm.OnChainMinValue = storeBlob.OnChainMinValue?.ToString() ?? "";
-            vm.AllowCoinConversion = storeBlob.AllowCoinConversion;
            vm.RequiresRefundEmail = storeBlob.RequiresRefundEmail;
            vm.CustomCSS = storeBlob.CustomCSS?.AbsoluteUri;
            vm.CustomLogo = storeBlob.CustomLogo?.AbsoluteUri;
+            vm.HtmlTitle = storeBlob.HtmlTitle;
            return View(vm);
        }

        [HttpPost]
        [Route("{storeId}/checkout")]
-        public async Task<IActionResult> CheckoutExperience(string storeId, CheckoutExperienceViewModel model)
+        public async Task<IActionResult> CheckoutExperience(CheckoutExperienceViewModel model)
        {
            CurrencyValue lightningMaxValue = null;
            if (!string.IsNullOrWhiteSpace(model.LightningMaxValue))
@ -228,16 +356,12 @@ namespace BTCPayServer.Controllers
                    ModelState.AddModelError(nameof(model.OnChainMinValue), "Invalid on chain min value");
                }
            }
-
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
            bool needUpdate = false;
-            var blob = store.GetStoreBlob();
-            if (store.GetDefaultCrypto() != model.DefaultCryptoCurrency)
+            var blob = StoreData.GetStoreBlob();
+            if (StoreData.GetDefaultCrypto(_NetworkProvider) != model.DefaultCryptoCurrency)
            {
                needUpdate = true;
-                store.SetDefaultCrypto(model.DefaultCryptoCurrency);
+                StoreData.SetDefaultCrypto(model.DefaultCryptoCurrency);
            }
            model.SetCryptoCurrencies(_ExplorerProvider, model.DefaultCryptoCurrency);
            model.SetLanguages(_LangService, model.DefaultLang);
@ -247,55 +371,57 @@ namespace BTCPayServer.Controllers
                return View(model);
            }
            blob.DefaultLang = model.DefaultLang;
-            blob.AllowCoinConversion = model.AllowCoinConversion;
            blob.RequiresRefundEmail = model.RequiresRefundEmail;
            blob.LightningMaxValue = lightningMaxValue;
            blob.OnChainMinValue = onchainMinValue;
            blob.CustomLogo = string.IsNullOrWhiteSpace(model.CustomLogo) ? null : new Uri(model.CustomLogo, UriKind.Absolute);
            blob.CustomCSS = string.IsNullOrWhiteSpace(model.CustomCSS) ? null : new Uri(model.CustomCSS, UriKind.Absolute);
-            if (store.SetStoreBlob(blob))
+            blob.HtmlTitle = string.IsNullOrWhiteSpace(model.HtmlTitle) ? null : model.HtmlTitle;
+            if (StoreData.SetStoreBlob(blob))
            {
                needUpdate = true;
            }
            if (needUpdate)
            {
-                await _Repo.UpdateStore(store);
+                await _Repo.UpdateStore(StoreData);
                StatusMessage = "Store successfully updated";
            }

            return RedirectToAction(nameof(CheckoutExperience), new
            {
-                storeId = storeId
+                storeId = StoreData.Id
            });
        }

        [HttpGet]
        [Route("{storeId}")]
-        public async Task<IActionResult> UpdateStore(string storeId)
+        public IActionResult UpdateStore()
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();

            var storeBlob = store.GetStoreBlob();
            var vm = new StoreViewModel();
-            vm.SetExchangeRates(GetSupportedExchanges(), storeBlob.PreferredExchange.IsCoinAverage() ? "coinaverage" : storeBlob.PreferredExchange);
            vm.Id = store.Id;
            vm.StoreName = store.StoreName;
            vm.StoreWebsite = store.StoreWebsite;
            vm.NetworkFee = !storeBlob.NetworkFeeDisabled;
+            vm.AnyoneCanCreateInvoice = storeBlob.AnyoneCanInvoice;
            vm.SpeedPolicy = store.SpeedPolicy;
-            AddPaymentMethods(store, vm);
+            vm.CanDelete = _Repo.CanDeleteStores();
+            AddPaymentMethods(store, storeBlob, vm);
            vm.MonitoringExpiration = storeBlob.MonitoringExpiration;
            vm.InvoiceExpiration = storeBlob.InvoiceExpiration;
-            vm.RateMultiplier = (double)storeBlob.GetRateMultiplier();
            vm.LightningDescriptionTemplate = storeBlob.LightningDescriptionTemplate;
+            vm.PaymentTolerance = storeBlob.PaymentTolerance;
            return View(vm);
        }


-        private void AddPaymentMethods(StoreData store, StoreViewModel vm)
+        private void AddPaymentMethods(StoreData store, StoreBlob storeBlob, StoreViewModel vm)
        {
+            var excludeFilters = storeBlob.GetExcludedPaymentMethods();
            var derivationByCryptoCode =
                store
                .GetSupportedPaymentMethods(_NetworkProvider)
@ -307,7 +433,9 @@ namespace BTCPayServer.Controllers
                vm.DerivationSchemes.Add(new StoreViewModel.DerivationScheme()
                {
                    Crypto = network.CryptoCode,
-                    Value = strategy?.DerivationStrategyBase?.ToString() ?? string.Empty
+                    Value = strategy?.DerivationStrategyBase?.ToString() ?? string.Empty,
+                    WalletId = new WalletId(store.Id, network.CryptoCode),
+                    Enabled = !excludeFilters.Match(new Payments.PaymentMethodId(network.CryptoCode, Payments.PaymentTypes.BTCLike))
                });
            }

@ -319,88 +447,100 @@ namespace BTCPayServer.Controllers
            foreach (var network in _NetworkProvider.GetAll())
            {
                var lightning = lightningByCryptoCode.TryGet(network.CryptoCode);
+                var paymentId = new Payments.PaymentMethodId(network.CryptoCode, Payments.PaymentTypes.LightningLike);
                vm.LightningNodes.Add(new StoreViewModel.LightningNode()
                {
                    CryptoCode = network.CryptoCode,
-                    Address = lightning?.GetLightningUrl()?.BaseUri.AbsoluteUri ?? string.Empty
+                    Address = lightning?.GetLightningUrl()?.BaseUri.AbsoluteUri ?? string.Empty,
+                    Enabled = !excludeFilters.Match(paymentId)
                });
            }
+
+
+            var changellyEnabled = storeBlob.ChangellySettings != null && storeBlob.ChangellySettings.Enabled;
+            vm.ThirdPartyPaymentMethods.Add(new StoreViewModel.ThirdPartyPaymentMethod()
+            {
+                Enabled = changellyEnabled,
+                Action = nameof(UpdateChangellySettings),
+                Provider = "Changelly"
+            });
        }

        [HttpPost]
        [Route("{storeId}")]
-        public async Task<IActionResult> UpdateStore(string storeId, StoreViewModel model)
+        public async Task<IActionResult> UpdateStore(StoreViewModel model, string command = null)
        {
-            model.SetExchangeRates(GetSupportedExchanges(), model.PreferredExchange);
-            if (!ModelState.IsValid)
-            {
-                return View(model);
-            }
-            if (model.PreferredExchange != null)
-                model.PreferredExchange = model.PreferredExchange.Trim().ToLowerInvariant();
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            AddPaymentMethods(store, model);
-
            bool needUpdate = false;
-            if (store.SpeedPolicy != model.SpeedPolicy)
+            if (StoreData.SpeedPolicy != model.SpeedPolicy)
            {
                needUpdate = true;
-                store.SpeedPolicy = model.SpeedPolicy;
+                StoreData.SpeedPolicy = model.SpeedPolicy;
            }
-            if (store.StoreName != model.StoreName)
+            if (StoreData.StoreName != model.StoreName)
            {
                needUpdate = true;
-                store.StoreName = model.StoreName;
+                StoreData.StoreName = model.StoreName;
            }
-            if (store.StoreWebsite != model.StoreWebsite)
+            if (StoreData.StoreWebsite != model.StoreWebsite)
            {
                needUpdate = true;
-                store.StoreWebsite = model.StoreWebsite;
+                StoreData.StoreWebsite = model.StoreWebsite;
            }

-            var blob = store.GetStoreBlob();
+            var blob = StoreData.GetStoreBlob();
+            blob.AnyoneCanInvoice = model.AnyoneCanCreateInvoice;
            blob.NetworkFeeDisabled = !model.NetworkFee;
            blob.MonitoringExpiration = model.MonitoringExpiration;
            blob.InvoiceExpiration = model.InvoiceExpiration;
            blob.LightningDescriptionTemplate = model.LightningDescriptionTemplate ?? string.Empty;
+            blob.PaymentTolerance = model.PaymentTolerance;

-            bool newExchange = blob.PreferredExchange != model.PreferredExchange;
-            blob.PreferredExchange = model.PreferredExchange;
-
-            blob.SetRateMultiplier(model.RateMultiplier);
-
-            if (store.SetStoreBlob(blob))
+            if (StoreData.SetStoreBlob(blob))
            {
                needUpdate = true;
            }

-            if (!blob.PreferredExchange.IsCoinAverage() && newExchange)
-            {
-
-                if (!GetSupportedExchanges().Select(c => c.Name).Contains(blob.PreferredExchange, StringComparer.OrdinalIgnoreCase))
-                {
-                    ModelState.AddModelError(nameof(model.PreferredExchange), $"Unsupported exchange ({model.RateSource})");
-                    return View(model);
-                }
-            }
-
            if (needUpdate)
            {
-                await _Repo.UpdateStore(store);
+                await _Repo.UpdateStore(StoreData);
                StatusMessage = "Store successfully updated";
            }

            return RedirectToAction(nameof(UpdateStore), new
            {
-                storeId = storeId
+                storeId = StoreData.Id
+            });
+
+        }
+
+        [HttpGet]
+        [Route("{storeId}/delete")]
+        public IActionResult DeleteStore(string storeId)
+        {
+            return View("Confirm", new ConfirmModel()
+            {
+                Action = "Delete this store",
+                Title = "Delete this store",
+                Description = "This action is irreversible and will remove all information related to this store. (Invoices, Apps etc...)",
+                ButtonClass = "btn-danger"
            });
        }

-        private (String DisplayName, String Name)[] GetSupportedExchanges()
+        [HttpPost]
+        [Route("{storeId}/delete")]
+        public async Task<IActionResult> DeleteStorePost(string storeId)
        {
-            return new[] { ("Coin Average", "coinaverage") }.Concat(_CoinAverage.AvailableExchanges).ToArray();
+            await _Repo.DeleteStore(StoreData.Id);
+            StatusMessage = "Success: Store successfully deleted";
+            return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+        }
+
+        private CoinAverageExchange[] GetSupportedExchanges()
+        {
+            return _RateFactory.RateProviderFactory.GetSupportedExchanges()
+                    .Select(c => c.Value)
+                    .OrderBy(s => s.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray();
        }

        private DerivationStrategy ParseDerivationStrategy(string derivationScheme, Script hint, BTCPayNetwork network)
@ -412,10 +552,10 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("{storeId}/Tokens")]
-        public async Task<IActionResult> ListTokens(string storeId)
+        public async Task<IActionResult> ListTokens()
        {
            var model = new TokensViewModel();
-            var tokens = await _TokenRepository.GetTokensByStoreIdAsync(storeId);
+            var tokens = await _TokenRepository.GetTokensByStoreIdAsync(StoreData.Id);
            model.StatusMessage = StatusMessage;
            model.Tokens = tokens.Select(t => new TokenViewModel()
            {
@ -424,30 +564,82 @@ namespace BTCPayServer.Controllers
                SIN = t.SIN,
                Id = t.Value
            }).ToArray();
+
+            model.ApiKey = (await _TokenRepository.GetLegacyAPIKeys(StoreData.Id)).FirstOrDefault();
+            if (model.ApiKey == null)
+                model.EncodedApiKey = "*API Key*";
+            else
+                model.EncodedApiKey = Encoders.Base64.EncodeData(Encoders.ASCII.DecodeData(model.ApiKey));
            return View(model);
        }

+        [HttpGet]
+        [Route("{storeId}/tokens/{tokenId}/revoke")]
+        public async Task<IActionResult> RevokeToken(string tokenId)
+        {
+            var token = await _TokenRepository.GetToken(tokenId);
+            if (token == null || token.StoreId != StoreData.Id)
+                return NotFound();
+            return View("Confirm", new ConfirmModel()
+            {
+                Action = "Revoke the token",
+                Title = "Revoke the token",
+                Description = $"The access token with the label \"{token.Label}\" will be revoked, do you wish to continue?",
+                ButtonClass = "btn-danger"
+            });
+        }
+        [HttpPost]
+        [Route("{storeId}/tokens/{tokenId}/revoke")]
+        public async Task<IActionResult> RevokeTokenConfirm(string tokenId)
+        {
+            var token = await _TokenRepository.GetToken(tokenId);
+            if (token == null ||
+                token.StoreId != StoreData.Id ||
+               !await _TokenRepository.DeleteToken(tokenId))
+                StatusMessage = "Failure to revoke this token";
+            else
+                StatusMessage = "Token revoked";
+            return RedirectToAction(nameof(ListTokens));
+        }
+
+        [HttpGet]
+        [Route("{storeId}/tokens/{tokenId}")]
+        public async Task<IActionResult> ShowToken(string tokenId)
+        {
+            var token = await _TokenRepository.GetToken(tokenId);
+            if (token == null || token.StoreId != StoreData.Id)
+                return NotFound();
+            return View(token);
+        }
+
        [HttpPost]
        [Route("/api-tokens")]
        [Route("{storeId}/Tokens/Create")]
-        public async Task<IActionResult> CreateToken(string storeId, CreateTokenViewModel model)
+        [AllowAnonymous]
+        public async Task<IActionResult> CreateToken(CreateTokenViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return View(model);
            }
            model.Label = model.Label ?? String.Empty;
-            storeId = model.StoreId ?? storeId;
            var userId = GetUserId();
            if (userId == null)
-                return Unauthorized();
-            var store = await _Repo.FindStore(storeId, userId);
-            if (store == null)
-                return Unauthorized();
-            if (store.Role != StoreRoles.Owner)
+                return Challenge(Policies.CookieAuthentication);
+
+            var store = StoreData;
+            var storeId = StoreData?.Id;
+            if (storeId == null)
            {
-                StatusMessage = "Error: You need to be owner of this store to request pairing codes";
-                return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+                storeId = model.StoreId;
+                store = await _Repo.FindStore(storeId, userId);
+                if (store == null)
+                    return Challenge(Policies.CookieAuthentication);
+            }
+
+            if (!store.HasClaim(Policies.CanModifyStoreSettings.Key))
+            {
+                return Challenge(Policies.CookieAuthentication);
            }

            var tokenRequest = new TokenRequest()
@ -484,15 +676,25 @@ namespace BTCPayServer.Controllers
        }

        public string GeneratedPairingCode { get; set; }
+        public IOptions<MvcJsonOptions> MvcJsonOptions { get; }

        [HttpGet]
        [Route("/api-tokens")]
        [Route("{storeId}/Tokens/Create")]
-        public async Task<IActionResult> CreateToken(string storeId)
+        [AllowAnonymous]
+        public async Task<IActionResult> CreateToken()
        {
            var userId = GetUserId();
            if (string.IsNullOrWhiteSpace(userId))
-                return Unauthorized();
+                return Challenge(Policies.CookieAuthentication);
+            var storeId = StoreData?.Id;
+            if (StoreData != null)
+            {
+                if (!StoreData.HasClaim(Policies.CanModifyStoreSettings.Key))
+                {
+                    return Challenge(Policies.CookieAuthentication);
+                }
+            }
            var model = new CreateTokenViewModel();
            model.Facade = "merchant";
            ViewBag.HidePublicKey = storeId == null;
@ -501,32 +703,37 @@ namespace BTCPayServer.Controllers
            model.StoreId = storeId;
            if (storeId == null)
            {
-                model.Stores = new SelectList(await _Repo.GetStoresByUserId(userId), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
+                var stores = await _Repo.GetStoresByUserId(userId);
+                model.Stores = new SelectList(stores.Where(s => s.HasClaim(Policies.CanModifyStoreSettings.Key)), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
+                if (model.Stores.Count() == 0)
+                {
+                    StatusMessage = "Error: You need to be owner of at least one store before pairing";
+                    return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+                }
            }
-
            return View(model);
        }

-
        [HttpPost]
-        [Route("{storeId}/Tokens/Delete")]
-        public async Task<IActionResult> DeleteToken(string storeId, string tokenId)
+        [Route("{storeId}/tokens/apikey")]
+        public async Task<IActionResult> GenerateAPIKey()
        {
-            var token = await _TokenRepository.GetToken(tokenId);
-            if (token == null ||
-                token.StoreId != storeId ||
-               !await _TokenRepository.DeleteToken(tokenId))
-                StatusMessage = "Failure to revoke this token";
-            else
-                StatusMessage = "Token revoked";
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            await _TokenRepository.GenerateLegacyAPIKey(StoreData.Id);
+            StatusMessage = "API Key re-generated";
            return RedirectToAction(nameof(ListTokens));
        }

-
        [HttpGet]
        [Route("/api-access-request")]
+        [AllowAnonymous]
        public async Task<IActionResult> RequestPairing(string pairingCode, string selectedStore = null)
        {
+            var userId = GetUserId();
+            if (userId == null)
+                return Challenge(Policies.CookieAuthentication);
            if (pairingCode == null)
                return NotFound();
            var pairing = await _TokenRepository.GetPairingAsync(pairingCode);
@ -537,7 +744,7 @@ namespace BTCPayServer.Controllers
            }
            else
            {
-                var stores = await _Repo.GetStoresByUserId(GetUserId());
+                var stores = await _Repo.GetStoresByUserId(userId);
                return View(new PairingModel()
                {
                    Id = pairing.Id,
@ -545,7 +752,7 @@ namespace BTCPayServer.Controllers
                    Label = pairing.Label,
                    SIN = pairing.SIN ?? "Server-Initiated Pairing",
                    SelectedStore = selectedStore ?? stores.FirstOrDefault()?.Id,
-                    Stores = stores.Select(s => new PairingModel.StoreViewModel()
+                    Stores = stores.Where(u => u.HasClaim(Policies.CanModifyStoreSettings.Key)).Select(s => new PairingModel.StoreViewModel()
                    {
                        Id = s.Id,
                        Name = string.IsNullOrEmpty(s.StoreName) ? s.Id : s.StoreName
@ -556,19 +763,22 @@ namespace BTCPayServer.Controllers

        [HttpPost]
        [Route("/api-access-request")]
+        [AllowAnonymous]
        public async Task<IActionResult> Pair(string pairingCode, string selectedStore)
        {
            if (pairingCode == null)
                return NotFound();
-            var store = await _Repo.FindStore(selectedStore, GetUserId());
+            var userId = GetUserId();
+            if (userId == null)
+                return Challenge(Policies.CookieAuthentication);
+            var store = await _Repo.FindStore(selectedStore, userId);
            var pairing = await _TokenRepository.GetPairingAsync(pairingCode);
            if (store == null || pairing == null)
                return NotFound();

-            if (store.Role != StoreRoles.Owner)
+            if (!store.HasClaim(Policies.CanModifyStoreSettings.Key))
            {
-                StatusMessage = "Error: You can't approve a pairing without being owner of the store";
-                return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+                return Challenge(Policies.CookieAuthentication);
            }

            var pairingResult = await _TokenRepository.PairWithStoreAsync(pairingCode, store.Id);
@ -594,7 +804,58 @@ namespace BTCPayServer.Controllers

        private string GetUserId()
        {
+            if (User.Identity.AuthenticationType != Policies.CookieAuthentication)
+                return null;
            return _UserManager.GetUserId(User);
        }
+
+
+
+        // TODO: Need to have talk about how architect default currency implementation
+        // For now we have also hardcoded USD for Store creation and then Invoice creation
+        const string DEFAULT_CURRENCY = "USD";
+
+        [Route("{storeId}/paybutton")]
+        public IActionResult PayButton()
+        {
+            var store = StoreData;
+
+            var storeBlob = store.GetStoreBlob();
+            if (!storeBlob.AnyoneCanInvoice)
+            {
+                return View("PayButtonEnable", null);
+            }
+
+            var appUrl = HttpContext.Request.GetAbsoluteRoot().WithTrailingSlash();
+            var model = new PayButtonViewModel
+            {
+                Price = 10,
+                Currency = DEFAULT_CURRENCY,
+                ButtonSize = 2,
+                UrlRoot = appUrl,
+                PayButtonImageUrl = appUrl + "img/paybutton/pay.png",
+                StoreId = store.Id
+            };
+            return View(model);
+        }
+
+        [HttpPost]
+        [Route("{storeId}/paybutton")]
+        public async Task<IActionResult> PayButton(bool enableStore)
+        {
+            var blob = StoreData.GetStoreBlob();
+            blob.AnyoneCanInvoice = enableStore;
+            if (StoreData.SetStoreBlob(blob))
+            {
+                await _Repo.UpdateStore(StoreData);
+                StatusMessage = "Store successfully updated";
+            }
+
+            return RedirectToAction(nameof(PayButton), new
+            {
+                storeId = StoreData.Id
+            });
+
+        }
    }
 }
--- a/BTCPayServer/Controllers/UserStoresController.cs
+++ b/BTCPayServer/Controllers/UserStoresController.cs
@ -5,6 +5,7 @@ using System.Threading;
 using System.Threading.Tasks;
 using BTCPayServer.Models;
 using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
 using Microsoft.AspNetCore.Authorization;
@ -15,40 +16,23 @@ using NBXplorer.DerivationStrategy;
 namespace BTCPayServer.Controllers
 {
    [Route("stores")]
-    [Authorize(AuthenticationSchemes = "Identity.Application")]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [AutoValidateAntiforgeryToken]
    public partial class UserStoresController : Controller
    {
        private StoreRepository _Repo;
        private BTCPayNetworkProvider _NetworkProvider;
        private UserManager<ApplicationUser> _UserManager;
-        private BTCPayWalletProvider _WalletProvider;

        public UserStoresController(
            UserManager<ApplicationUser> userManager,
            BTCPayNetworkProvider networkProvider,
-            BTCPayWalletProvider walletProvider,
            StoreRepository storeRepository)
        {
            _Repo = storeRepository;
            _NetworkProvider = networkProvider;
            _UserManager = userManager;
-            _WalletProvider = walletProvider;
-        }
-        [HttpGet]
-        [Route("{storeId}/delete")]
-        public async Task<IActionResult> DeleteStore(string storeId)
-        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            return View("Confirm", new ConfirmModel()
-            {
-                Title = "Delete store " + store.StoreName,
-                Description = "This store will still be accessible to users sharing it",
-                Action = "Delete"
-            });
-        }
+        }        

        [HttpGet]
        [Route("create")]
@ -62,12 +46,27 @@ namespace BTCPayServer.Controllers
            get; set;
        }

+        [HttpGet]
+        [Route("{storeId}/me/delete")]
+        public IActionResult DeleteStore(string storeId)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            return View("Confirm", new ConfirmModel()
+            {
+                Title = "Delete store " + store.StoreName,
+                Description = "This store will still be accessible to users sharing it",
+                Action = "Delete"
+            });
+        }
+
        [HttpPost]
-        [Route("{storeId}/delete")]
+        [Route("{storeId}/me/delete")]
        public async Task<IActionResult> DeleteStorePost(string storeId)
        {
            var userId = GetUserId();
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
            await _Repo.RemoveStore(storeId, userId);
@ -83,17 +82,6 @@ namespace BTCPayServer.Controllers
        {
            StoresViewModel result = new StoresViewModel();
            var stores = await _Repo.GetStoresByUserId(GetUserId());
-
-            var balances = stores
-                                .Select(s => s.GetSupportedPaymentMethods(_NetworkProvider)
-                                              .OfType<DerivationStrategy>()
-                                              .Select(d => ((Wallet: _WalletProvider.GetWallet(d.Network),
-                                                            DerivationStrategy: d.DerivationStrategyBase)))
-                                              .Where(_ => _.Wallet != null)
-                                              .Select(async _ => (await GetBalanceString(_)) + " " + _.Wallet.Network.CryptoCode))
-                                .ToArray();
-
-            await Task.WhenAll(balances.SelectMany(_ => _));
            for (int i = 0; i < stores.Length; i++)
            {
                var store = stores[i];
@ -102,8 +90,7 @@ namespace BTCPayServer.Controllers
                    Id = store.Id,
                    Name = store.StoreName,
                    WebSite = store.StoreWebsite,
-                    IsOwner = store.Role == StoreRoles.Owner,
-                    Balances = store.Role == StoreRoles.Owner ? balances[i].Select(t => t.Result).ToArray() : Array.Empty<string>()
+                    IsOwner = store.HasClaim(Policies.CanModifyStoreSettings.Key)
                });
            }
            return View(result);
@ -120,25 +107,12 @@ namespace BTCPayServer.Controllers
            var store = await _Repo.CreateStore(GetUserId(), vm.Name);
            CreatedStoreId = store.Id;
            StatusMessage = "Store successfully created";
-            return RedirectToAction(nameof(ListStores));
-        }
-
-        private static async Task<string> GetBalanceString((BTCPayWallet Wallet, DerivationStrategyBase DerivationStrategy) _)
-        {
-            using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(10)))
+            return RedirectToAction(nameof(StoresController.UpdateStore), "Stores", new
            {
-                try
-                {
-                    return (await _.Wallet.GetBalance(_.DerivationStrategy, cts.Token)).ToString();
-                }
-                catch
-                {
-                    return "--";
-                }
-            }
+                storeId = store.Id
+            });
        }

-
        private string GetUserId()
        {
            return _UserManager.GetUserId(User);
--- a/BTCPayServer/Controllers/WalletsController.cs
+++ b/BTCPayServer/Controllers/WalletsController.cs
@ -0,0 +1,642 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Net.WebSockets;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.HostedServices;
+using BTCPayServer.ModelBinders;
+using BTCPayServer.Models;
+using BTCPayServer.Models.WalletViewModels;
+using BTCPayServer.Security;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Services.Wallets;
+using LedgerWallet;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using NBitcoin;
+using NBXplorer.DerivationStrategy;
+using NBXplorer.Models;
+using Newtonsoft.Json;
+using static BTCPayServer.Controllers.StoresController;
+
+namespace BTCPayServer.Controllers
+{
+    [Route("wallets")]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+    [AutoValidateAntiforgeryToken]
+    public partial class WalletsController : Controller
+    {
+        public StoreRepository Repository { get; }
+        public BTCPayNetworkProvider NetworkProvider { get; }
+        public ExplorerClientProvider ExplorerClientProvider { get; }
+
+        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly IOptions<MvcJsonOptions> _mvcJsonOptions;
+        private readonly NBXplorerDashboard _dashboard;
+
+        private readonly IFeeProviderFactory _feeRateProvider;
+        private readonly BTCPayWalletProvider _walletProvider;
+        public RateFetcher RateFetcher { get; }
+        [TempData]
+        public string StatusMessage { get; set; }
+
+        CurrencyNameTable _currencyTable;
+        public WalletsController(StoreRepository repo,
+                                 CurrencyNameTable currencyTable,
+                                 BTCPayNetworkProvider networkProvider,
+                                 UserManager<ApplicationUser> userManager,
+                                 IOptions<MvcJsonOptions> mvcJsonOptions,
+                                 NBXplorerDashboard dashboard,
+                                 RateFetcher rateProvider,
+                                 ExplorerClientProvider explorerProvider,
+                                 IFeeProviderFactory feeRateProvider,
+                                 BTCPayWalletProvider walletProvider)
+        {
+            _currencyTable = currencyTable;
+            Repository = repo;
+            RateFetcher = rateProvider;
+            NetworkProvider = networkProvider;
+            _userManager = userManager;
+            _mvcJsonOptions = mvcJsonOptions;
+            _dashboard = dashboard;
+            ExplorerClientProvider = explorerProvider;
+            _feeRateProvider = feeRateProvider;
+            _walletProvider = walletProvider;
+        }
+
+        public async Task<IActionResult> ListWallets()
+        {
+            var wallets = new ListWalletsViewModel();
+            var stores = await Repository.GetStoresByUserId(GetUserId());
+
+            var onChainWallets = stores
+                                .SelectMany(s => s.GetSupportedPaymentMethods(NetworkProvider)
+                                              .OfType<DerivationStrategy>()
+                                              .Select(d => ((Wallet: _walletProvider.GetWallet(d.Network),
+                                                            DerivationStrategy: d.DerivationStrategyBase,
+                                                            Network: d.Network)))
+                                              .Where(_ => _.Wallet != null)
+                                              .Select(_ => (Wallet: _.Wallet,
+                                                            Store: s,
+                                                            Balance: GetBalanceString(_.Wallet, _.DerivationStrategy),
+                                                            DerivationStrategy: _.DerivationStrategy,
+                                                            Network: _.Network)))
+                                              .ToList();
+
+            foreach (var wallet in onChainWallets)
+            {
+                ListWalletsViewModel.WalletViewModel walletVm = new ListWalletsViewModel.WalletViewModel();
+                wallets.Wallets.Add(walletVm);
+                walletVm.Balance = await wallet.Balance + " " + wallet.Wallet.Network.CryptoCode;
+                if (!wallet.Store.HasClaim(Policies.CanModifyStoreSettings.Key))
+                {
+                    walletVm.Balance = "";
+                }
+                walletVm.CryptoCode = wallet.Network.CryptoCode;
+                walletVm.StoreId = wallet.Store.Id;
+                walletVm.Id = new WalletId(wallet.Store.Id, wallet.Network.CryptoCode);
+                walletVm.StoreName = wallet.Store.StoreName;
+                walletVm.IsOwner = wallet.Store.HasClaim(Policies.CanModifyStoreSettings.Key);
+            }
+
+            return View(wallets);
+        }
+
+        [HttpGet]
+        [Route("{walletId}")]
+        public async Task<IActionResult> WalletTransactions(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId)
+        {
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+
+            var wallet = _walletProvider.GetWallet(paymentMethod.Network);
+            var transactions = await wallet.FetchTransactions(paymentMethod.DerivationStrategyBase);
+
+            var model = new ListTransactionsViewModel();
+            foreach (var tx in transactions.UnconfirmedTransactions.Transactions.Concat(transactions.ConfirmedTransactions.Transactions))
+            {
+                var vm = new ListTransactionsViewModel.TransactionViewModel();
+                model.Transactions.Add(vm);
+                vm.Id = tx.TransactionId.ToString();
+                vm.Link = string.Format(CultureInfo.InvariantCulture, paymentMethod.Network.BlockExplorerLink, vm.Id);
+                vm.Timestamp = tx.Timestamp;
+                vm.Positive = tx.BalanceChange >= Money.Zero;
+                vm.Balance = tx.BalanceChange.ToString();
+                vm.IsConfirmed = tx.Confirmations != 0;
+            }
+            model.Transactions = model.Transactions.OrderByDescending(t => t.Timestamp).ToList();
+            return View(model);
+        }
+
+
+        [HttpGet]
+        [Route("{walletId}/send")]
+        public async Task<IActionResult> WalletSend(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, string defaultDestination = null, string defaultAmount = null)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+            var network = this.NetworkProvider.GetNetwork(walletId?.CryptoCode);
+            if (network == null)
+                return NotFound();
+            var storeData = store.GetStoreBlob();
+            var rateRules = store.GetStoreBlob().GetRateRules(NetworkProvider);
+            rateRules.Spread = 0.0m;
+            var currencyPair = new Rating.CurrencyPair(paymentMethod.PaymentId.CryptoCode, GetCurrencyCode(storeData.DefaultLang) ?? "USD");
+            WalletSendModel model = new WalletSendModel()
+            {
+                Destination = defaultDestination,
+                CryptoCode = walletId.CryptoCode
+            };
+            if (double.TryParse(defaultAmount, out var amount))
+                model.Amount = (decimal)amount;
+
+            var feeProvider = _feeRateProvider.CreateFeeProvider(network);
+            var recommendedFees = feeProvider.GetFeeRateAsync();
+            var balance = _walletProvider.GetWallet(network).GetBalance(paymentMethod.DerivationStrategyBase);
+            model.CurrentBalance = (await balance).ToDecimal(MoneyUnit.BTC);
+            model.RecommendedSatoshiPerByte = (int)(await recommendedFees).GetFee(1).Satoshi;
+            model.FeeSatoshiPerByte = model.RecommendedSatoshiPerByte;
+
+            using (CancellationTokenSource cts = new CancellationTokenSource())
+            {
+                try
+                {
+                    cts.CancelAfter(TimeSpan.FromSeconds(5));
+                    var result = await RateFetcher.FetchRate(currencyPair, rateRules).WithCancellation(cts.Token);
+                    if (result.BidAsk != null)
+                    {
+                        model.Rate = result.BidAsk.Center;
+                        model.Divisibility = _currencyTable.GetNumberFormatInfo(currencyPair.Right, true).CurrencyDecimalDigits;
+                        model.Fiat = currencyPair.Right;
+                    }
+                    else
+                    {
+                        model.RateError = $"{result.EvaluatedRule} ({string.Join(", ", result.Errors.OfType<object>().ToArray())})";
+                    }
+                }
+                catch (Exception ex) { model.RateError = ex.Message; }
+            }
+            return View(model);
+        }
+
+        [HttpPost]
+        [Route("{walletId}/send")]
+        public async Task<IActionResult> WalletSend(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, WalletSendModel vm)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            if (store == null)
+                return NotFound();
+            var network = this.NetworkProvider.GetNetwork(walletId?.CryptoCode);
+            if (network == null)
+                return NotFound();
+            var destination = ParseDestination(vm.Destination, network.NBitcoinNetwork);
+            if (destination == null)
+                ModelState.AddModelError(nameof(vm.Destination), "Invalid address");
+
+            if (vm.Amount.HasValue)
+            {
+                if (vm.CurrentBalance == vm.Amount.Value && !vm.SubstractFees)
+                    ModelState.AddModelError(nameof(vm.Amount), "You are sending all your balance to the same destination, you should substract the fees");
+                if (vm.CurrentBalance < vm.Amount.Value)
+                    ModelState.AddModelError(nameof(vm.Amount), "You are sending more than what you own");
+            }
+            if (!ModelState.IsValid)
+                return View(vm);
+
+            return RedirectToAction(nameof(WalletSendLedger), new WalletSendLedgerModel()
+            {
+                Destination = vm.Destination,
+                Amount = vm.Amount.Value,
+                SubstractFees = vm.SubstractFees,
+                FeeSatoshiPerByte = vm.FeeSatoshiPerByte
+            });
+        }
+
+        [HttpGet]
+        [Route("{walletId}/send/ledger")]
+        public async Task<IActionResult> WalletSendLedger(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, WalletSendLedgerModel vm)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+            var network = this.NetworkProvider.GetNetwork(walletId?.CryptoCode);
+            if (network == null)
+                return NotFound();
+            return View(vm);
+        }
+
+        private IDestination[] ParseDestination(string destination, Network network)
+        {
+            try
+            {
+                destination = destination?.Trim();
+                return new IDestination[] { BitcoinAddress.Create(destination, network) };
+            }
+            catch
+            {
+                return null;
+            }
+        }
+
+        [HttpGet]
+        [Route("{walletId}/rescan")]
+        public async Task<IActionResult> WalletRescan(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+
+            var vm = new RescanWalletModel();
+            vm.IsFullySync = _dashboard.IsFullySynched(walletId.CryptoCode, out var unused);
+            // We need to ensure it is segwit, 
+            // because hardware wallet support need the parent transactions to sign, which NBXplorer don't have. (Nor does a pruned node)
+            vm.IsSegwit = paymentMethod.DerivationStrategyBase.IsSegwit();
+            vm.IsServerAdmin = User.Claims.Any(c => c.Type == Policies.CanModifyServerSettings.Key && c.Value == "true");
+            vm.IsSupportedByCurrency = _dashboard.Get(walletId.CryptoCode)?.Status?.BitcoinStatus?.Capabilities?.CanScanTxoutSet == true;
+            var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode);
+            var scanProgress = await explorer.GetScanUTXOSetInformationAsync(paymentMethod.DerivationStrategyBase);
+            if (scanProgress != null)
+            {
+                vm.PreviousError = scanProgress.Error;
+                if (scanProgress.Status == ScanUTXOStatus.Queued || scanProgress.Status == ScanUTXOStatus.Pending)
+                {
+                    if (scanProgress.Progress == null)
+                    {
+                        vm.Progress = 0;
+                    }
+                    else
+                    {
+                        vm.Progress = scanProgress.Progress.OverallProgress;
+                        vm.RemainingTime = TimeSpan.FromSeconds(scanProgress.Progress.RemainingSeconds).PrettyPrint();
+                    }
+                }
+                if (scanProgress.Status == ScanUTXOStatus.Complete)
+                {
+                    vm.LastSuccess = scanProgress.Progress;
+                    vm.TimeOfScan = (scanProgress.Progress.CompletedAt.Value - scanProgress.Progress.StartedAt).PrettyPrint();
+                }
+            }
+            return View(vm);
+        }
+
+        [HttpPost]
+        [Route("{walletId}/rescan")]
+        [Authorize(Policy = Policies.CanModifyServerSettings.Key)]
+        public async Task<IActionResult> WalletRescan(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, RescanWalletModel vm)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+            var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode);
+            try
+            {
+                await explorer.ScanUTXOSetAsync(paymentMethod.DerivationStrategyBase, vm.BatchSize, vm.GapLimit, vm.StartingIndex);
+            }
+            catch (NBXplorerException ex) when (ex.Error.Code == "scanutxoset-in-progress")
+            {
+
+            }
+            return RedirectToAction();
+        }
+
+        private string GetCurrencyCode(string defaultLang)
+        {
+            if (defaultLang == null)
+                return null;
+            try
+            {
+                var ri = new RegionInfo(defaultLang);
+                return ri.ISOCurrencySymbol;
+            }
+            catch (ArgumentException) { }
+            return null;
+        }
+
+        private DerivationStrategy GetPaymentMethod(WalletId walletId, StoreData store)
+        {
+            if (store == null || !store.HasClaim(Policies.CanModifyStoreSettings.Key))
+                return null;
+
+            var paymentMethod = store
+                            .GetSupportedPaymentMethods(NetworkProvider)
+                            .OfType<DerivationStrategy>()
+                            .FirstOrDefault(p => p.PaymentId.PaymentType == Payments.PaymentTypes.BTCLike && p.PaymentId.CryptoCode == walletId.CryptoCode);
+            return paymentMethod;
+        }
+
+        private static async Task<string> GetBalanceString(BTCPayWallet wallet, DerivationStrategyBase derivationStrategy)
+        {
+            using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(10)))
+            {
+                try
+                {
+                    return (await wallet.GetBalance(derivationStrategy, cts.Token)).ToString();
+                }
+                catch
+                {
+                    return "--";
+                }
+            }
+        }
+
+        private string GetUserId()
+        {
+            return _userManager.GetUserId(User);
+        }
+
+        [HttpGet]
+        [Route("{walletId}/send/ledger/success")]
+        public IActionResult WalletSendLedgerSuccess(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId,
+            string txid)
+        {
+            StatusMessage = $"Transaction broadcasted ({txid})";
+            return RedirectToAction(nameof(this.WalletTransactions), new { walletId = walletId.ToString() });
+        }
+
+        [HttpGet]
+        [Route("{walletId}/send/ledger/ws")]
+        public async Task<IActionResult> LedgerConnection(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId,
+            string command,
+            // getinfo
+            // getxpub
+            int account = 0,
+            // sendtoaddress
+            string destination = null, string amount = null, string feeRate = null, string substractFees = null
+            )
+        {
+            if (!HttpContext.WebSockets.IsWebSocketRequest)
+                return NotFound();
+
+            var cryptoCode = walletId.CryptoCode;
+            var storeBlob = (await Repository.FindStore(walletId.StoreId, GetUserId()));
+            var derivationScheme = GetPaymentMethod(walletId, storeBlob).DerivationStrategyBase;
+
+            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
+
+            using (var normalOperationTimeout = new CancellationTokenSource())
+            using (var signTimeout = new CancellationTokenSource())
+            {
+                normalOperationTimeout.CancelAfter(TimeSpan.FromMinutes(30));
+                var hw = new HardwareWalletService(webSocket);
+                object result = null;
+                try
+                {
+                    BTCPayNetwork network = null;
+                    if (cryptoCode != null)
+                    {
+                        network = NetworkProvider.GetNetwork(cryptoCode);
+                        if (network == null)
+                            throw new FormatException("Invalid value for crypto code");
+                    }
+
+                    BitcoinAddress destinationAddress = null;
+                    if (destination != null)
+                    {
+                        try
+                        {
+                            destinationAddress = BitcoinAddress.Create(destination, network.NBitcoinNetwork);
+                        }
+                        catch { }
+                        if (destinationAddress == null)
+                            throw new FormatException("Invalid value for destination");
+                    }
+
+                    FeeRate feeRateValue = null;
+                    if (feeRate != null)
+                    {
+                        try
+                        {
+                            feeRateValue = new FeeRate(Money.Satoshis(int.Parse(feeRate, CultureInfo.InvariantCulture)), 1);
+                        }
+                        catch { }
+                        if (feeRateValue == null || feeRateValue.FeePerK <= Money.Zero)
+                            throw new FormatException("Invalid value for fee rate");
+                    }
+
+                    Money amountBTC = null;
+                    if (amount != null)
+                    {
+                        try
+                        {
+                            amountBTC = Money.Parse(amount);
+                        }
+                        catch { }
+                        if (amountBTC == null || amountBTC <= Money.Zero)
+                            throw new FormatException("Invalid value for amount");
+                    }
+
+                    bool subsctractFeesValue = false;
+                    if (substractFees != null)
+                    {
+                        try
+                        {
+                            subsctractFeesValue = bool.Parse(substractFees);
+                        }
+                        catch { throw new FormatException("Invalid value for subtract fees"); }
+                    }
+                    if (command == "getinfo")
+                    {
+                        var strategy = GetDirectDerivationStrategy(derivationScheme);
+                        if (strategy == null || await hw.GetKeyPath(network, strategy, normalOperationTimeout.Token) == null)
+                        {
+                            throw new Exception($"This store is not configured to use this ledger");
+                        }
+                        result = new GetInfoResult();
+                    }
+                    if (command == "test")
+                    {
+                        result = await hw.Test(normalOperationTimeout.Token);
+                    }
+                    if (command == "sendtoaddress")
+                    {
+                        if (!_dashboard.IsFullySynched(network.CryptoCode, out var summary))
+                            throw new Exception($"{network.CryptoCode}: not started or fully synched");
+                        var strategy = GetDirectDerivationStrategy(derivationScheme);
+                        var wallet = _walletProvider.GetWallet(network);
+                        var change = wallet.GetChangeAddressAsync(derivationScheme);
+
+                        var unspentCoins = await wallet.GetUnspentCoins(derivationScheme);
+                        var changeAddress = await change;
+                        var send = new[] { (
+                        destination: destinationAddress as IDestination,
+                        amount: amountBTC,
+                        substractFees: subsctractFeesValue) };
+
+                        foreach (var element in send)
+                        {
+                            if (element.destination == null)
+                                throw new ArgumentNullException(nameof(element.destination));
+                            if (element.amount == null)
+                                throw new ArgumentNullException(nameof(element.amount));
+                            if (element.amount <= Money.Zero)
+                                throw new ArgumentOutOfRangeException(nameof(element.amount), "The amount should be above zero");
+                        }
+
+                        var foundKeyPath = await hw.GetKeyPath(network, strategy, normalOperationTimeout.Token);
+                        if (foundKeyPath == null)
+                        {
+                            throw new HardwareWalletException($"This store is not configured to use this ledger");
+                        }
+
+                        TransactionBuilder builder = network.NBitcoinNetwork.CreateTransactionBuilder();
+                        builder.StandardTransactionPolicy.MinRelayTxFee = summary.Status.BitcoinStatus.MinRelayTxFee;
+                        builder.AddCoins(unspentCoins.Select(c => c.Coin).ToArray());
+
+                        foreach (var element in send)
+                        {
+                            builder.Send(element.destination, element.amount);
+                            if (element.substractFees)
+                                builder.SubtractFees();
+                        }
+                        builder.SetChange(changeAddress.Item1);
+
+                        if (network.MinFee == null)
+                        {
+                            builder.SendEstimatedFees(feeRateValue);
+                        }
+                        else
+                        {
+                            var estimatedFee = builder.EstimateFees(feeRateValue);
+                            if (network.MinFee > estimatedFee)
+                                builder.SendFees(network.MinFee);
+                            else
+                                builder.SendEstimatedFees(feeRateValue);
+                        }
+                        var unsigned = builder.BuildTransaction(false);
+
+                        var keypaths = new Dictionary<Script, KeyPath>();
+                        foreach (var c in unspentCoins)
+                        {
+                            keypaths.TryAdd(c.Coin.ScriptPubKey, c.KeyPath);
+                        }
+
+                        var hasChange = unsigned.Outputs.Count == 2;
+                        var usedCoins = builder.FindSpentCoins(unsigned);
+
+                        Dictionary<uint256, Transaction> parentTransactions = new Dictionary<uint256, Transaction>();
+
+                        if (!strategy.Segwit)
+                        {
+                            var parentHashes = usedCoins.Select(c => c.Outpoint.Hash).ToHashSet();
+                            var explorer = ExplorerClientProvider.GetExplorerClient(network);
+                            var getTransactionAsyncs = parentHashes.Select(h => (Op: explorer.GetTransactionAsync(h), Hash: h)).ToList();
+                            foreach (var getTransactionAsync in getTransactionAsyncs)
+                            {
+                                var tx = (await getTransactionAsync.Op);
+                                if (tx == null)
+                                    throw new Exception($"Parent transaction {getTransactionAsync.Hash} not found");
+                                parentTransactions.Add(tx.Transaction.GetHash(), tx.Transaction);
+                            }
+                        }
+
+
+                        signTimeout.CancelAfter(TimeSpan.FromMinutes(5));
+                        var transaction = await hw.SignTransactionAsync(usedCoins.Select(c => new SignatureRequest
+                        {
+                            InputTransaction = parentTransactions.TryGet(c.Outpoint.Hash),
+                            InputCoin = c,
+                            KeyPath = foundKeyPath.Derive(keypaths[c.TxOut.ScriptPubKey]),
+                            PubKey = strategy.Root.Derive(keypaths[c.TxOut.ScriptPubKey]).PubKey
+                        }).ToArray(), unsigned, hasChange ? foundKeyPath.Derive(changeAddress.Item2) : null, signTimeout.Token);
+                        try
+                        {
+                            var broadcastResult = await wallet.BroadcastTransactionsAsync(new List<Transaction>() { transaction });
+                            if (!broadcastResult[0].Success)
+                            {
+                                throw new Exception($"RPC Error while broadcasting: {broadcastResult[0].RPCCode} {broadcastResult[0].RPCCodeMessage} {broadcastResult[0].RPCMessage}");
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            throw new Exception("Error while broadcasting: " + ex.Message);
+                        }
+                        wallet.InvalidateCache(derivationScheme);
+                        result = new SendToAddressResult() { TransactionId = transaction.GetHash().ToString() };
+                    }
+                }
+                catch (OperationCanceledException)
+                { result = new LedgerTestResult() { Success = false, Error = "Timeout" }; }
+                catch (Exception ex)
+                { result = new LedgerTestResult() { Success = false, Error = ex.Message }; }
+                finally { hw.Dispose(); }
+                try
+                {
+                    if (result != null)
+                    {
+                        UTF8Encoding UTF8NOBOM = new UTF8Encoding(false);
+                        var bytes = UTF8NOBOM.GetBytes(JsonConvert.SerializeObject(result, _mvcJsonOptions.Value.SerializerSettings));
+                        await webSocket.SendAsync(new ArraySegment<byte>(bytes), WebSocketMessageType.Text, true, new CancellationTokenSource(2000).Token);
+                    }
+                }
+                catch { }
+                finally
+                {
+                    await webSocket.CloseSocket();
+                }
+            }
+            return new EmptyResult();
+        }
+
+        private DirectDerivationStrategy GetDirectDerivationStrategy(DerivationStrategyBase strategy)
+        {
+            if (strategy == null)
+                throw new Exception("The derivation scheme is not provided");
+            var directStrategy = strategy as DirectDerivationStrategy;
+            if (directStrategy == null)
+                directStrategy = (strategy as P2SHDerivationStrategy).Inner as DirectDerivationStrategy;
+            return directStrategy;
+        }
+    }
+
+
+    public class GetInfoResult
+    {
+    }
+
+    public class SendToAddressResult
+    {
+        public string TransactionId { get; set; }
+    }
+}
--- a/BTCPayServer/CorsPolicies.cs
+++ b/BTCPayServer/CorsPolicies.cs
@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer
+{
+    public static class CorsPolicies
+    {
+        public const string All = "BTCPAY_ALL";
+    }
+}
--- a/BTCPayServer/CurrencyValue.cs
+++ b/BTCPayServer/CurrencyValue.cs
@ -21,7 +21,7 @@ namespace BTCPayServer
                return false;

            var currency = match.Groups.Last().Value.ToUpperInvariant();
-            var currencyData = _CurrencyTable.GetCurrencyData(currency);
+            var currencyData = _CurrencyTable.GetCurrencyData(currency, false);
            if (currencyData == null)
                return false;
            v = Math.Round(v, currencyData.Divisibility);
--- a/BTCPayServer/Data/APIKeyData.cs
+++ b/BTCPayServer/Data/APIKeyData.cs
@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer.Data
+{
+    public class APIKeyData
+    {
+        [MaxLength(50)]
+        public string Id
+        {
+            get; set;
+        }
+
+        [MaxLength(50)]
+        public string StoreId
+        {
+            get; set;
+        }
+
+        public StoreData StoreData { get; set; }
+    }
+}
--- a/BTCPayServer/Data/ApplicationDbContext.cs
+++ b/BTCPayServer/Data/ApplicationDbContext.cs
@ -86,6 +86,11 @@ namespace BTCPayServer.Data
            get; set;
        }

+        public DbSet<APIKeyData> ApiKeys
+        {
+            get; set;
+        }
+
        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
        {
            var isConfigured = optionsBuilder.Options.Extensions.OfType<RelationalOptionsExtension>().Any();
@ -97,14 +102,27 @@ namespace BTCPayServer.Data
        {
            base.OnModelCreating(builder);
            builder.Entity<InvoiceData>()
-                .HasIndex(o => o.StoreDataId);
+                .HasOne(o => o.StoreData)
+                .WithMany(a => a.Invoices).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<InvoiceData>().HasIndex(o => o.StoreDataId);
+

            builder.Entity<PaymentData>()
-                .HasIndex(o => o.InvoiceDataId);
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.Payments).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<PaymentData>()
+                   .HasIndex(o => o.InvoiceDataId);

+
+            builder.Entity<RefundAddressesData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.RefundAddresses).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<RefundAddressesData>()
                .HasIndex(o => o.InvoiceDataId);

+            builder.Entity<UserStore>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.UserStores).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<UserStore>()
                   .HasKey(t => new
                   {
@ -112,7 +130,16 @@ namespace BTCPayServer.Data
                       t.StoreDataId
                   });

+            builder.Entity<APIKeyData>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.APIKeys)
+                   .HasForeignKey(i => i.StoreId).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<APIKeyData>()
+                .HasIndex(o => o.StoreId);

+            builder.Entity<AppData>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.Apps).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<AppData>()
                    .HasOne(a => a.StoreData);

@ -126,6 +153,10 @@ namespace BTCPayServer.Data
                .WithMany(t => t.UserStores)
                .HasForeignKey(pt => pt.StoreDataId);

+
+            builder.Entity<AddressInvoiceData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.AddressInvoices).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<AddressInvoiceData>()
 #pragma warning disable CS0618
                .HasKey(o => o.Address);
@ -134,12 +165,24 @@ namespace BTCPayServer.Data
            builder.Entity<PairingCodeData>()
                .HasKey(o => o.Id);

+            builder.Entity<PendingInvoiceData>()
+                .HasOne(o => o.InvoiceData)
+                .WithMany(o => o.PendingInvoices)
+                .HasForeignKey(o => o.Id).OnDelete(DeleteBehavior.Cascade);
+
+
+            builder.Entity<PairedSINData>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.PairedSINs).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<PairedSINData>(b =>
            {
                b.HasIndex(o => o.SIN);
                b.HasIndex(o => o.StoreDataId);
            });

+            builder.Entity<HistoricalAddressInvoiceData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.HistoricalAddressInvoices).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<HistoricalAddressInvoiceData>()
                .HasKey(o => new
                {
@ -149,6 +192,10 @@ namespace BTCPayServer.Data
 #pragma warning restore CS0618
                });

+
+            builder.Entity<InvoiceEventData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.Events).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<InvoiceEventData>()
                .HasKey(o => new
                {
--- a/BTCPayServer/Data/ApplicationDbContextFactory.cs
+++ b/BTCPayServer/Data/ApplicationDbContextFactory.cs
@ -5,14 +5,19 @@ using System.Linq;
 using System.Threading.Tasks;
 using Hangfire;
 using Hangfire.MemoryStorage;
-using Hangfire.PostgreSql;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Migrations;
+using JetBrains.Annotations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Migrations.Operations;
+using Microsoft.EntityFrameworkCore.Metadata;

 namespace BTCPayServer.Data
 {
    public enum DatabaseType
    {
        Sqlite,
-        Postgres
+        Postgres,
+        MySQL,
    }
    public class ApplicationDbContextFactory
    {
@ -24,6 +29,15 @@ namespace BTCPayServer.Data
            _Type = type;
        }

+
+        public DatabaseType Type
+        {
+            get
+            {
+                return _Type;
+            }
+        }
+
        public ApplicationDbContext CreateContext()
        {
            var builder = new DbContextOptionsBuilder<ApplicationDbContext>();
@ -31,20 +45,68 @@ namespace BTCPayServer.Data
            return new ApplicationDbContext(builder.Options);
        }

+        class CustomNpgsqlMigrationsSqlGenerator : NpgsqlMigrationsSqlGenerator
+        {
+            public CustomNpgsqlMigrationsSqlGenerator(MigrationsSqlGeneratorDependencies dependencies) : base(dependencies)
+            {
+            }
+
+            protected override void Generate(NpgsqlCreateDatabaseOperation operation, IModel model, MigrationCommandListBuilder builder)
+            {
+                builder
+                     .Append("CREATE DATABASE ")
+                     .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier(operation.Name));
+
+                // POSTGRES gotcha: Indexed Text column (even if PK) are not used if we are not using C locale
+                builder
+                    .Append(" TEMPLATE ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("template0"));
+
+                builder
+                    .Append(" LC_CTYPE ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("C"));
+
+                builder
+                    .Append(" LC_COLLATE ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("C"));
+
+                builder
+                    .Append(" ENCODING ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("UTF8"));
+
+                if (operation.Tablespace != null)
+                {
+                    builder
+                        .Append(" TABLESPACE ")
+                        .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier(operation.Tablespace));
+                }
+
+                builder.AppendLine(Dependencies.SqlGenerationHelper.StatementTerminator);
+
+                EndStatement(builder, suppressTransaction: true);
+            }
+        }
+
        public void ConfigureBuilder(DbContextOptionsBuilder builder)
        {
            if (_Type == DatabaseType.Sqlite)
                builder.UseSqlite(_ConnectionString);
            else if (_Type == DatabaseType.Postgres)
-                builder.UseNpgsql(_ConnectionString);
+                builder
+                    .UseNpgsql(_ConnectionString)
+                    .ReplaceService<IMigrationsSqlGenerator, CustomNpgsqlMigrationsSqlGenerator>();
+            else if (_Type == DatabaseType.MySQL)
+                builder.UseMySql(_ConnectionString);
        }

        public void ConfigureHangfireBuilder(IGlobalConfiguration builder)
        {
-            if (_Type == DatabaseType.Sqlite)
-                builder.UseMemoryStorage(); //Sql provider does not support multiple workers
-            else if (_Type == DatabaseType.Postgres)
-                builder.UsePostgreSqlStorage(_ConnectionString);
+            builder.UseMemoryStorage();
+            //We always use memory storage because of incompatibilities with the latest postgres in 2.1
+            //if (_Type == DatabaseType.Sqlite)
+            //    builder.UseMemoryStorage(); //Sqlite provider does not support multiple workers
+            //else if (_Type == DatabaseType.Postgres)
+            //    builder.UsePostgreSqlStorage(_ConnectionString);
        }
    }
 }
--- a/BTCPayServer/Data/HistoricalAddressInvoiceData.cs
+++ b/BTCPayServer/Data/HistoricalAddressInvoiceData.cs
@ -12,6 +12,11 @@ namespace BTCPayServer.Data
            get; set;
        }

+        public InvoiceData InvoiceData
+        {
+            get; set;
+        }
+
        /// <summary>
        /// Some crypto currencies share same address prefix
        /// For not having exceptions thrown by two address on different network, we suffix by "#CRYPTOCODE" 
--- a/BTCPayServer/Data/InvoiceData.cs
+++ b/BTCPayServer/Data/InvoiceData.cs
@ -80,5 +80,6 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public List<PendingInvoiceData> PendingInvoices { get; set; }
    }
 }
--- a/BTCPayServer/Data/InvoiceEventData.cs
+++ b/BTCPayServer/Data/InvoiceEventData.cs
@ -11,6 +11,10 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public InvoiceData InvoiceData
+        {
+            get; set;
+        }
        public string UniqueId { get; internal set; }
        public DateTimeOffset Timestamp
        {
--- a/BTCPayServer/Data/PairedSINData.cs
+++ b/BTCPayServer/Data/PairedSINData.cs
@ -21,6 +21,9 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+
+        public StoreData StoreData { get; set; }
+
        public string Label
        {
            get;
--- a/BTCPayServer/Data/PendingInvoiceData.cs
+++ b/BTCPayServer/Data/PendingInvoiceData.cs
@ -11,5 +11,6 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public InvoiceData InvoiceData { get; set; }
    }
 }
--- a/BTCPayServer/Data/StoreData.cs
+++ b/BTCPayServer/Data/StoreData.cs
@ -14,6 +14,12 @@ using Newtonsoft.Json.Linq;
 using BTCPayServer.Services.Rates;
 using BTCPayServer.Payments;
 using BTCPayServer.JsonConverters;
+using System.ComponentModel.DataAnnotations;
+using BTCPayServer.Services;
+using System.Security.Claims;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Security;
+using BTCPayServer.Rating;

 namespace BTCPayServer.Data
 {
@ -29,12 +35,13 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
-
        public List<AppData> Apps
        {
            get; set;
        }

+        public List<InvoiceData> Invoices { get; set; }
+
        [Obsolete("Use GetDerivationStrategies instead")]
        public string DerivationStrategy
        {
@ -120,7 +127,7 @@ namespace BTCPayServer.Data
                }
            }

-            if(!existing && supportedPaymentMethod == null && paymentMethodId.IsBTCOnChain)
+            if (!existing && supportedPaymentMethod == null && paymentMethodId.IsBTCOnChain)
            {
                DerivationStrategy = null;
            }
@ -151,10 +158,36 @@ namespace BTCPayServer.Data
        }

        [NotMapped]
+        [Obsolete]
        public string Role
        {
            get; set;
        }
+
+        public Claim[] GetClaims()
+        {
+            List<Claim> claims = new List<Claim>();
+            claims.AddRange(AdditionalClaims);
+#pragma warning disable CS0612 // Type or member is obsolete
+            var role = Role;
+#pragma warning restore CS0612 // Type or member is obsolete
+            if (role == StoreRoles.Owner)
+            {
+                claims.Add(new Claim(Policies.CanModifyStoreSettings.Key, Id));
+            }
+
+            if(role == StoreRoles.Owner || role == StoreRoles.Guest || GetStoreBlob().AnyoneCanInvoice)
+            {
+                claims.Add(new Claim(Policies.CanCreateInvoice.Key, Id));
+            }
+            return claims.ToArray();
+        }
+
+        public bool HasClaim(string claim)
+        {
+            return GetClaims().Any(c => c.Type == claim && c.Value == Id);
+        }
+
        public byte[] StoreBlob
        {
            get;
@ -162,11 +195,16 @@ namespace BTCPayServer.Data
        }
        [Obsolete("Use GetDefaultCrypto instead")]
        public string DefaultCrypto { get; set; }
+        public List<PairedSINData> PairedSINs { get; set; }
+        public IEnumerable<APIKeyData> APIKeys { get; set; }
+
+        [NotMapped]
+        public List<Claim> AdditionalClaims { get; set; } = new List<Claim>();

 #pragma warning disable CS0618
-        public string GetDefaultCrypto()
+        public string GetDefaultCrypto(BTCPayNetworkProvider networkProvider = null)
        {
-            return DefaultCrypto ?? "BTC";
+            return DefaultCrypto ?? (networkProvider == null ? "BTC" : GetSupportedPaymentMethods(networkProvider).Select(p => p.PaymentId.CryptoCode).FirstOrDefault() ?? "BTC");
        }
        public void SetDefaultCrypto(string defaultCryptoCurrency)
        {
@ -178,7 +216,10 @@ namespace BTCPayServer.Data

        public StoreBlob GetStoreBlob()
        {
-            return StoreBlob == null ? new StoreBlob() : new Serializer(Dummy).ToObject<StoreBlob>(Encoding.UTF8.GetString(StoreBlob));
+            var result = StoreBlob == null ? new StoreBlob() : new Serializer(Dummy).ToObject<StoreBlob>(Encoding.UTF8.GetString(StoreBlob));
+            if (result.PreferredExchange == null)
+                result.PreferredExchange = CoinAverageRateProvider.CoinAverageName;
+            return result;
        }

        public bool SetStoreBlob(StoreBlob storeBlob)
@ -192,9 +233,9 @@ namespace BTCPayServer.Data
        }
    }

-    public class RateRule
+    public class RateRule_Obsolete
    {
-        public RateRule()
+        public RateRule_Obsolete()
        {
            RuleName = "Multiplier";
        }
@ -214,17 +255,13 @@ namespace BTCPayServer.Data
        {
            InvoiceExpiration = 15;
            MonitoringExpiration = 60;
+            PaymentTolerance = 0;
            RequiresRefundEmail = true;
        }
        public bool NetworkFeeDisabled
        {
            get; set;
        }
-        public bool AllowCoinConversion
-        {
-            get; set;
-        }
-
        public bool RequiresRefundEmail { get; set; }

        public string DefaultLang { get; set; }
@ -244,24 +281,10 @@ namespace BTCPayServer.Data
            set;
        }

-        public void SetRateMultiplier(double rate)
-        {
-            RateRules = new List<RateRule>();
-            RateRules.Add(new RateRule() { Multiplier = rate });
-        }
-        public decimal GetRateMultiplier()
-        {
-            decimal rate = 1.0m;
-            if (RateRules == null || RateRules.Count == 0)
-                return rate;
-            foreach (var rule in RateRules)
-            {
-                rate = rule.Apply(null, rate);
-            }
-            return rate;
-        }
+        public decimal Spread { get; set; } = 0.0m;

-        public List<RateRule> RateRules { get; set; } = new List<RateRule>();
+        [Obsolete]
+        public List<RateRule_Obsolete> RateRules { get; set; } = new List<RateRule_Obsolete>();
        public string PreferredExchange { get; set; }

        [JsonConverter(typeof(CurrencyValueJsonConverter))]
@ -273,6 +296,15 @@ namespace BTCPayServer.Data
        public Uri CustomLogo { get; set; }
        [JsonConverter(typeof(UriJsonConverter))]
        public Uri CustomCSS { get; set; }
+        public string HtmlTitle { get; set; }
+
+        public bool RateScripting { get; set; }
+
+        public string RateScript { get; set; }
+
+        public bool AnyoneCanInvoice { get; set; }
+        
+        public ChangellySettings ChangellySettings { get; set; }


        string _LightningDescriptionTemplate;
@ -288,12 +320,77 @@ namespace BTCPayServer.Data
            }
        }

-        public RateRules GetRateRules()
+        [DefaultValue(0)]
+        [JsonProperty(DefaultValueHandling = DefaultValueHandling.Populate)]
+        public double PaymentTolerance { get; set; }
+
+        public BTCPayServer.Rating.RateRules GetRateRules(BTCPayNetworkProvider networkProvider)
        {
-            return new RateRules(RateRules)
+            if (!RateScripting ||
+                string.IsNullOrEmpty(RateScript) ||
+                !BTCPayServer.Rating.RateRules.TryParse(RateScript, out var rules))
            {
-                PreferredExchange = PreferredExchange
-            };
+                return GetDefaultRateRules(networkProvider);
+            }
+            else
+            {
+                rules.Spread = Spread;
+                return rules;
+            }
+        }
+
+        public RateRules GetDefaultRateRules(BTCPayNetworkProvider networkProvider)
+        {
+            StringBuilder builder = new StringBuilder();
+            foreach (var network in networkProvider.GetAll())
+            {
+                if (network.DefaultRateRules.Length != 0)
+                {
+                    builder.AppendLine($"// Default rate rules for {network.CryptoCode}");
+                    foreach (var line in network.DefaultRateRules)
+                    {
+                        builder.AppendLine(line);
+                    }
+                    builder.AppendLine($"////////");
+                    builder.AppendLine();
+                }
+            }
+
+            var preferredExchange = string.IsNullOrEmpty(PreferredExchange) ? "coinaverage" : PreferredExchange;
+            builder.AppendLine($"X_X = {preferredExchange}(X_X);");
+
+            BTCPayServer.Rating.RateRules.TryParse(builder.ToString(), out var rules);
+            rules.Spread = Spread;
+            return rules;
+        }
+
+        [Obsolete("Use GetExcludedPaymentMethods instead")]
+        public string[] ExcludedPaymentMethods { get; set; }
+
+        public IPaymentFilter GetExcludedPaymentMethods()
+        {
+#pragma warning disable CS0618 // Type or member is obsolete
+            if (ExcludedPaymentMethods == null || ExcludedPaymentMethods.Length == 0)
+                return PaymentFilter.Never();
+            return PaymentFilter.Any(ExcludedPaymentMethods.Select(p => PaymentFilter.WhereIs(PaymentMethodId.Parse(p))).ToArray());
+#pragma warning restore CS0618 // Type or member is obsolete
+        }
+
+        public bool IsExcluded(PaymentMethodId paymentMethodId)
+        {
+            return GetExcludedPaymentMethods().Match(paymentMethodId);
+        }
+
+        public void SetExcluded(PaymentMethodId paymentMethodId, bool value)
+        {
+#pragma warning disable CS0618 // Type or member is obsolete
+            var methods = new HashSet<string>(ExcludedPaymentMethods ?? Array.Empty<string>());
+            if (value)
+                methods.Add(paymentMethodId.ToString());
+            else
+                methods.Remove(paymentMethodId.ToString());
+            ExcludedPaymentMethods = methods.ToArray();
+#pragma warning restore CS0618 // Type or member is obsolete
        }
    }
 }
--- a/BTCPayServer/DerivationSchemeParser.cs
+++ b/BTCPayServer/DerivationSchemeParser.cs
@ -63,16 +63,20 @@ namespace BTCPayServer
            electrumMapping.Add(p2wpkh, Array.Empty<string>());

            var parts = str.Split('-');
+            bool hasLabel = false;
            for (int i = 0; i < parts.Length; i++)
            {
                if (IsLabel(parts[i]))
                {
+                    if (!hasLabel)
+                        hintedLabels.Clear();
+                    hasLabel = true;
                    hintedLabels.Add(parts[i].Substring(1, parts[i].Length - 2).ToLowerInvariant());
                    continue;
                }
                try
                {
-                    var data = Encoders.Base58Check.DecodeData(parts[i]);
+                    var data = Network.GetBase58CheckEncoder().DecodeData(parts[i]);
                    if (data.Length < 4)
                        continue;
                    var prefix = Utils.ToUInt32(data, false);
@ -80,7 +84,7 @@ namespace BTCPayServer
                    for (int ii = 0; ii < 4; ii++)
                        data[ii] = standardPrefix[ii];

-                    var derivationScheme = new BitcoinExtPubKey(Encoders.Base58Check.EncodeData(data), Network).ToString();
+                    var derivationScheme = new BitcoinExtPubKey(Network.GetBase58CheckEncoder().EncodeData(data), Network).ToString();
                    electrumMapping.TryGetValue(prefix, out string[] labels);
                    if (labels != null)
                    {
--- a/BTCPayServer/DerivationStrategy.cs
+++ b/BTCPayServer/DerivationStrategy.cs
@ -32,7 +32,7 @@ namespace BTCPayServer

        public BTCPayNetwork Network { get { return this._Network; } }

-        public DerivationStrategyBase DerivationStrategyBase { get { return this._DerivationStrategy; } }
+        public DerivationStrategyBase DerivationStrategyBase => this._DerivationStrategy;

        public PaymentMethodId PaymentId => new PaymentMethodId(Network.CryptoCode, PaymentTypes.BTCLike);

--- a/BTCPayServer/Events/InvoiceEvent.cs
+++ b/BTCPayServer/Events/InvoiceEvent.cs
@ -8,24 +8,20 @@ namespace BTCPayServer.Events
 {
    public class InvoiceEvent
    {
-        public InvoiceEvent(InvoiceEntity invoice, int code, string name) : this(invoice.Id, code, name)
+        public InvoiceEvent(Models.InvoiceResponse invoice, int code, string name)
        {
-
-        }
-        public InvoiceEvent(string invoiceId, int code, string name)
-        {
-            InvoiceId = invoiceId;
+            Invoice = invoice;
            EventCode = code;
            Name = name;
        }

-        public string InvoiceId { get; set; }
+        public Models.InvoiceResponse Invoice { get; set; }
        public int EventCode { get; set; }
        public string Name { get; set; }

        public override string ToString()
        {
-            return $"Invoice {InvoiceId} new event: {Name} ({EventCode})";
+            return $"Invoice {Invoice.Id} new event: {Name} ({EventCode})";
        }
    }
 }
--- a/BTCPayServer/Events/NBXplorerStateChangedEvent.cs
+++ b/BTCPayServer/Events/NBXplorerStateChangedEvent.cs
@ -6,21 +6,6 @@ using BTCPayServer.HostedServices;

 namespace BTCPayServer.Events
 {
-    public class NBXplorerErrorEvent
-    {
-        public NBXplorerErrorEvent(BTCPayNetwork network, string errorMessage)
-        {
-            Message = errorMessage;
-            Network = network;
-        }
-        public string Message { get; set; }
-        public BTCPayNetwork Network { get; set; }
-
-        public override string ToString()
-        {
-            return $"{Network.CryptoCode}: NBXplorer error `{Message}`";
-        }
-    }
    public class NBXplorerStateChangedEvent
    {
        public NBXplorerStateChangedEvent(BTCPayNetwork network, NBXplorerState old, NBXplorerState newState)
--- a/BTCPayServer/Extensions.cs
+++ b/BTCPayServer/Extensions.cs
@ -29,33 +29,15 @@ using Microsoft.AspNetCore.Identity;
 using BTCPayServer.Models;
 using System.Security.Claims;
 using System.Globalization;
+using BTCPayServer.Services;
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using NBXplorer.DerivationStrategy;

 namespace BTCPayServer
 {
    public static class Extensions
    {
-        public static string Prettify(this TimeSpan timeSpan)
-        {
-            if (timeSpan.TotalMinutes < 1)
-            {
-                return $"{(int)timeSpan.TotalSeconds} second{Plural((int)timeSpan.TotalSeconds)}";
-            }
-            if (timeSpan.TotalHours < 1)
-            {
-                return $"{(int)timeSpan.TotalMinutes} minute{Plural((int)timeSpan.TotalMinutes)}";
-            }
-            if (timeSpan.Days < 1)
-            {
-                return $"{(int)timeSpan.TotalHours} hour{Plural((int)timeSpan.TotalHours)}";
-            }
-            return $"{(int)timeSpan.TotalDays} day{Plural((int)timeSpan.TotalDays)}";
-        }
-
-        private static string Plural(int totalDays)
-        {
-            return totalDays > 1 ? "s" : string.Empty;
-        }
-
        public static string PrettyPrint(this TimeSpan expiration)
        {
            StringBuilder builder = new StringBuilder();
@ -102,10 +84,13 @@ namespace BTCPayServer
            return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";
        }

-        public static bool IsCoinAverage(this string exchangeName)
+        public static bool SupportDropForeignKey(this Microsoft.EntityFrameworkCore.Migrations.Migration migration, string activeProvider)
        {
-            string[] coinAverages = new[] { "coinaverage", "bitcoinaverage" };
-            return String.IsNullOrWhiteSpace(exchangeName) ? true : coinAverages.Contains(exchangeName, StringComparer.OrdinalIgnoreCase) ? true : false;
+            return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";
+        }
+        public static bool SupportDropForeignKey(this DatabaseFacade facade)
+        {
+            return facade.ProviderName != "Microsoft.EntityFrameworkCore.Sqlite";
        }

        public static async Task<Dictionary<uint256, TransactionResult>> GetTransactions(this BTCPayWallet client, uint256[] hashes, CancellationToken cts = default(CancellationToken))
@ -124,6 +109,39 @@ namespace BTCPayServer
            return str + "/";
        }

+        public static void SetHeaderOnStarting(this HttpResponse resp, string name, string value)
+        {
+            if (resp.HasStarted)
+                return;
+            resp.OnStarting(() =>
+            {
+                SetHeader(resp, name, value);
+                return Task.CompletedTask;
+            });
+        }
+
+        public static void SetHeader(this HttpResponse resp, string name, string value)
+        {
+            var existing = resp.Headers[name].FirstOrDefault();
+            if (existing != null && value == null)
+                resp.Headers.Remove(name);
+            else
+                resp.Headers[name] = value;
+        }
+
+        public static bool IsSegwit(this DerivationStrategyBase derivationStrategyBase)
+        {
+            if (IsSegwitCore(derivationStrategyBase))
+                return true;
+            return (derivationStrategyBase is P2SHDerivationStrategy p2shStrat && IsSegwitCore(p2shStrat.Inner));
+        }
+
+        private static bool IsSegwitCore(DerivationStrategyBase derivationStrategyBase)
+        {
+            return (derivationStrategyBase is P2WSHDerivationStrategy) ||
+                            (derivationStrategyBase is DirectDerivationStrategy direct) && direct.Segwit;
+        }
+
        public static string GetAbsoluteRoot(this HttpRequest request)
        {
            return string.Concat(
@ -133,6 +151,31 @@ namespace BTCPayServer
                        request.PathBase.ToUriComponent());
        }

+        public static string GetCurrentUrl(this HttpRequest request)
+        {
+            return string.Concat(
+                        request.Scheme,
+                        "://",
+                        request.Host.ToUriComponent(),
+                        request.PathBase.ToUriComponent(),
+                        request.Path.ToUriComponent());
+        }
+
+        public static string GetCurrentPath(this HttpRequest request)
+        {
+            return string.Concat(
+                        request.PathBase.ToUriComponent(),
+                        request.Path.ToUriComponent());
+        }
+
+        public static string GetAbsoluteUri(this HttpRequest request, string redirectUrl)
+        {
+            bool isRelative =
+                (redirectUrl.Length > 0 && redirectUrl[0] == '/')
+                || !new Uri(redirectUrl, UriKind.RelativeOrAbsolute).IsAbsoluteUri;
+            return isRelative ? request.GetAbsoluteRoot() + redirectUrl : redirectUrl;
+        }
+
        public static IServiceCollection ConfigureBTCPayServer(this IServiceCollection services, IConfiguration conf)
        {
            services.Configure<BTCPayServerOptions>(o =>
@ -142,12 +185,76 @@ namespace BTCPayServer
            return services;
        }

-
-        public static BitIdentity GetBitIdentity(this Controller controller, bool throws = true)
+        public static string GetSIN(this ClaimsPrincipal principal)
        {
-            if (!(controller.User.Identity is BitIdentity))
-                return throws ? throw new UnauthorizedAccessException("no-bitid") : (BitIdentity)null;
-            return (BitIdentity)controller.User.Identity;
+            return principal.Claims.Where(c => c.Type == Claims.SIN).Select(c => c.Value).FirstOrDefault();
+        }
+
+        public static string GetStoreId(this ClaimsPrincipal principal)
+        {
+            return principal.Claims.Where(c => c.Type == Claims.OwnStore).Select(c => c.Value).FirstOrDefault();
+        }
+
+        public static void SetIsBitpayAPI(this HttpContext ctx, bool value)
+        {
+            NBitcoin.Extensions.TryAdd(ctx.Items, "IsBitpayAPI", value);
+        }
+
+        public static void AddRange<T>(this HashSet<T> hashSet, IEnumerable<T> items)
+        {
+            foreach (var item in items)
+            {
+                hashSet.Add(item);
+            }
+        }
+        public static bool GetIsBitpayAPI(this HttpContext ctx)
+        {
+            return ctx.Items.TryGetValue("IsBitpayAPI", out object obj) &&
+                  obj is bool b && b;
+        }
+
+        public static void SetBitpayAuth(this HttpContext ctx, (string Signature, String Id, String Authorization) value)
+        {
+            NBitcoin.Extensions.TryAdd(ctx.Items, "BitpayAuth", value);
+        }
+
+        public static async Task<T> WithCancellation<T>(this Task<T> task, CancellationToken cancellationToken)
+        {
+            using (var delayCTS = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken))
+            {
+                var waiting = Task.Delay(-1, delayCTS.Token);
+                var doing = task;
+                await Task.WhenAny(waiting, doing);
+                delayCTS.Cancel();
+                cancellationToken.ThrowIfCancellationRequested();
+                return await doing;
+            }
+        }
+        public static async Task WithCancellation(this Task task, CancellationToken cancellationToken)
+        {
+            using (var delayCTS = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken))
+            {
+                var waiting = Task.Delay(-1, delayCTS.Token);
+                var doing = task;
+                await Task.WhenAny(waiting, doing);
+                delayCTS.Cancel();
+                cancellationToken.ThrowIfCancellationRequested();
+            }
+        }
+
+        public static (string Signature, String Id, String Authorization) GetBitpayAuth(this HttpContext ctx)
+        {
+            ctx.Items.TryGetValue("BitpayAuth", out object obj);
+            return ((string Signature, String Id, String Authorization))obj;
+        }
+
+        public static StoreData GetStoreData(this HttpContext ctx)
+        {
+            return ctx.Items.TryGet("BTCPAY.STOREDATA") as StoreData;
+        }
+        public static void SetStoreData(this HttpContext ctx, StoreData storeData)
+        {
+            ctx.Items["BTCPAY.STOREDATA"] = storeData;
        }

        private static JsonSerializerSettings jsonSettings = new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() };
@ -156,13 +263,5 @@ namespace BTCPayServer
            var res = JsonConvert.SerializeObject(o, Formatting.None, jsonSettings);
            return res;
        }
-
-        public static HtmlString ToJSVariableModel(this object o, string variableName)
-        {
-            var encodedJson = JavaScriptEncoder.Default.Encode(o.ToJson());
-            return new HtmlString($"var {variableName} = JSON.parse('" + encodedJson + "');");
-        }
-
-
    }
 }
--- a/BTCPayServer/Filters/ContentSecurityPolicyAttribute.cs
+++ b/BTCPayServer/Filters/ContentSecurityPolicyAttribute.cs
@ -0,0 +1,106 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using BTCPayServer.Security;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace BTCPayServer.Filters
+{
+    public interface IContentSecurityPolicy : IFilterMetadata { }
+    public class ContentSecurityPolicyAttribute : Attribute, IActionFilter, IContentSecurityPolicy
+    {
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+
+        }
+
+        public bool AutoSelf { get; set; } = true;
+        public bool UnsafeInline { get; set; } = true;
+        public bool FixWebsocket { get; set; } = true;
+        public string FontSrc { get; set; } = null;
+        public string ImgSrc { get; set; } = null;
+        public string DefaultSrc { get; set; }
+        public string StyleSrc { get; set; }
+        public string ScriptSrc { get; set; }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            if (context.IsEffectivePolicy<IContentSecurityPolicy>(this))
+            {
+                var policies = context.HttpContext.RequestServices.GetService(typeof(ContentSecurityPolicies)) as ContentSecurityPolicies;
+                if (policies == null)
+                    return;
+                if (DefaultSrc != null)
+                {
+                    policies.Add(new ConsentSecurityPolicy("default-src", DefaultSrc));
+                }
+                if (UnsafeInline)
+                {
+                    policies.Add(new ConsentSecurityPolicy("script-src", "'unsafe-inline'"));
+                }
+                if (!string.IsNullOrEmpty(FontSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("font-src", FontSrc));
+                }
+
+                if (!string.IsNullOrEmpty(ImgSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("img-src", ImgSrc));
+                }
+
+                if (!string.IsNullOrEmpty(StyleSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("style-src", StyleSrc));
+                }
+
+                if (!string.IsNullOrEmpty(ScriptSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("script-src", ScriptSrc));
+                }
+
+                if (FixWebsocket && AutoSelf) // Self does not match wss:// and ws:// :(
+                {
+                    var request = context.HttpContext.Request;
+
+                    var url = string.Concat(
+                            request.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase) ? "ws" : "wss",
+                            "://",
+                            request.Host.ToUriComponent(),
+                            request.PathBase.ToUriComponent());
+                    policies.Add(new ConsentSecurityPolicy("connect-src", url));
+                }
+
+                context.HttpContext.Response.OnStarting(() =>
+                {
+                    if (!policies.HasRules)
+                        return Task.CompletedTask;
+                    if (AutoSelf)
+                    {
+                        bool hasSelf = false;
+                        foreach (var group in policies.Rules.GroupBy(p => p.Name))
+                        {
+                            hasSelf = group.Any(g => g.Value.Contains("'self'", StringComparison.OrdinalIgnoreCase));
+                            if (!hasSelf && !group.Any(g => g.Value.Contains("'none'", StringComparison.OrdinalIgnoreCase) ||
+                                               g.Value.Contains("*", StringComparison.OrdinalIgnoreCase)))
+                            {
+                                policies.Add(new ConsentSecurityPolicy(group.Key, "'self'"));
+                                hasSelf = true;
+                            }
+                            if (hasSelf)
+                            {
+                                foreach (var authorized in policies.Authorized)
+                                {
+                                    policies.Add(new ConsentSecurityPolicy(group.Key, authorized));
+                                }
+                            }
+                        }
+                    }
+                    context.HttpContext.Response.SetHeader("Content-Security-Policy", policies.ToString());
+                    return Task.CompletedTask;
+                });
+            }
+        }
+    }
+}
--- a/BTCPayServer/Filters/OnlyMediaTypeAttribute.cs
+++ b/BTCPayServer/Filters/OnlyMediaTypeAttribute.cs
@ -28,6 +28,28 @@ namespace BTCPayServer.Filters
        }
    }

+    public class MediaTypeAcceptConstraintAttribute : Attribute, IActionConstraint
+    {
+        public MediaTypeAcceptConstraintAttribute(string mediaType)
+        {
+            MediaType = mediaType ?? throw new ArgumentNullException(nameof(mediaType));
+        }
+
+        public string MediaType
+        {
+            get; set;
+        }
+
+        public int Order => 100;
+
+        public bool Accept(ActionConstraintContext context)
+        {
+            if (!context.RouteContext.HttpContext.Request.Headers.ContainsKey("Accept"))
+                return false;
+            return context.RouteContext.HttpContext.Request.Headers["Accept"].ToString().StartsWith(MediaType, StringComparison.Ordinal);
+        }
+    }
+
    public class BitpayAPIConstraintAttribute : Attribute, IActionConstraint
    {
        public BitpayAPIConstraintAttribute(bool isBitpayAPI = true)
@ -43,9 +65,7 @@ namespace BTCPayServer.Filters

        public bool Accept(ActionConstraintContext context)
        {
-            var hasVersion = context.RouteContext.HttpContext.Request.Headers["x-accept-version"].Where(h => h == "2.0.0").Any();
-            var hasIdentity = context.RouteContext.HttpContext.Request.Headers["x-identity"].Any();
-            return (hasVersion || hasIdentity) == IsBitpayAPI;
+            return context.RouteContext.HttpContext.GetIsBitpayAPI() == IsBitpayAPI;
        }
    }

--- a/BTCPayServer/Filters/ReferrerPolicyAttribute.cs
+++ b/BTCPayServer/Filters/ReferrerPolicyAttribute.cs
@ -0,0 +1,30 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace BTCPayServer.Filters
+{
+    public interface IReferrerPolicy : IFilterMetadata { }
+    public class ReferrerPolicyAttribute : Attribute, IActionFilter
+    {
+        public ReferrerPolicyAttribute(string value)
+        {
+            Value = value;
+        }
+        public string Value { get; set; }
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            if (context.IsEffectivePolicy<ReferrerPolicyAttribute>(this))
+            {
+                context.HttpContext.Response.SetHeaderOnStarting("Referrer-Policy", Value);
+            }
+        }
+    }
+}
--- a/BTCPayServer/Filters/XContentTypeOptionsAttribute.cs
+++ b/BTCPayServer/Filters/XContentTypeOptionsAttribute.cs
@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace BTCPayServer.Filters
+{
+    public class XContentTypeOptionsAttribute : Attribute, IActionFilter
+    {
+        public XContentTypeOptionsAttribute(string value)
+        {
+            Value = value;
+        }
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+        }
+
+        public string Value { get; set; }
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            context.HttpContext.Response.SetHeaderOnStarting("X-Content-Type-Options", Value);
+        }
+    }
+}
--- a/BTCPayServer/Filters/XFrameOptionsAttribute.cs
+++ b/BTCPayServer/Filters/XFrameOptionsAttribute.cs
@ -23,11 +23,10 @@ namespace BTCPayServer.Filters

        public void OnActionExecuting(ActionExecutingContext context)
        {
-            var existing = context.HttpContext.Response.Headers["x-frame-options"].FirstOrDefault();
-            if (existing != null && Value == null)
-                context.HttpContext.Response.Headers.Remove("x-frame-options");
-            else
-                context.HttpContext.Response.Headers["x-frame-options"] = Value;
+            if (context.IsEffectivePolicy<XFrameOptionsAttribute>(this))
+            {
+                context.HttpContext.Response.SetHeaderOnStarting("X-Frame-Options", Value);
+            }
        }
    }
 }
--- a/BTCPayServer/Filters/XXSSProtectionAttribute.cs
+++ b/BTCPayServer/Filters/XXSSProtectionAttribute.cs
@ -0,0 +1,23 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc.ViewFeatures;
+using Microsoft.AspNetCore.Mvc.ViewFeatures.Internal;
+
+namespace BTCPayServer.Filters
+{
+    public class XXSSProtectionAttribute : Attribute, IActionFilter
+    {
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            context.HttpContext.Response.SetHeaderOnStarting("X-XSS-Protection", "1; mode=block");
+        }
+        
+    }
+}
--- a/BTCPayServer/HostedServices/BaseAsyncService.cs
+++ b/BTCPayServer/HostedServices/BaseAsyncService.cs
@ -0,0 +1,66 @@
+using System;
+using Microsoft.Extensions.Logging;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Rates;
+using Microsoft.Extensions.Hosting;
+using BTCPayServer.Logging;
+using System.Runtime.CompilerServices;
+using System.IO;
+using System.Text;
+
+namespace BTCPayServer.HostedServices
+{
+    public abstract class BaseAsyncService : IHostedService
+    {
+        private CancellationTokenSource _Cts;
+        protected Task[] _Tasks;
+
+        public Task StartAsync(CancellationToken cancellationToken)
+        {
+            _Cts = new CancellationTokenSource();
+            _Tasks = InitializeTasks();
+            return Task.CompletedTask;
+        }
+
+        internal abstract Task[] InitializeTasks();
+
+        protected CancellationToken Cancellation
+        {
+            get { return _Cts.Token; }
+        }
+
+        protected async Task CreateLoopTask(Func<Task> act, [CallerMemberName]string caller = null)
+        {
+            await new SynchronizationContextRemover();
+            while (!_Cts.IsCancellationRequested)
+            {
+                try
+                {
+                    await act();
+                }
+                catch (OperationCanceledException) when (_Cts.IsCancellationRequested)
+                {
+                }
+                catch (Exception ex)
+                {
+                    Logs.PayServer.LogWarning(ex, caller + " failed");
+                    try
+                    {
+                        await Task.Delay(TimeSpan.FromMinutes(1), _Cts.Token);
+                    }
+                    catch (OperationCanceledException) when (_Cts.IsCancellationRequested) { }
+                }
+            }
+        }
+
+        public Task StopAsync(CancellationToken cancellationToken)
+        {
+            _Cts.Cancel();
+            return Task.WhenAll(_Tasks);
+        }
+    }
+}
--- a/BTCPayServer/HostedServices/CheckConfigurationHostedService.cs
+++ b/BTCPayServer/HostedServices/CheckConfigurationHostedService.cs
@ -0,0 +1,76 @@
+using System;
+using Microsoft.Extensions.Logging;
+using Microsoft.EntityFrameworkCore;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Services;
+using Microsoft.Extensions.Hosting;
+using System.Threading;
+using BTCPayServer.Configuration;
+using BTCPayServer.Logging;
+using NBitcoin.DataEncoders;
+
+namespace BTCPayServer.HostedServices
+{
+    public class CheckConfigurationHostedService : IHostedService
+    {
+        private readonly BTCPayServerOptions _options;
+
+        public CheckConfigurationHostedService(BTCPayServerOptions options)
+        {
+            _options = options;
+        }
+
+        public Task StartAsync(CancellationToken cancellationToken)
+        {
+            new Thread(() =>
+            {
+                if (_options.SSHSettings != null)
+                {
+                    Logs.Configuration.LogInformation($"SSH settings detected, testing connection to {_options.SSHSettings.Username}@{_options.SSHSettings.Server} on port {_options.SSHSettings.Port} ...");
+                    var connection = new Renci.SshNet.SshClient(_options.SSHSettings.CreateConnectionInfo());
+                    connection.HostKeyReceived += (object sender, Renci.SshNet.Common.HostKeyEventArgs e) =>
+                    {
+                        e.CanTrust = true;
+                        if (!_options.IsTrustedFingerprint(e.FingerPrint, e.HostKey))
+                        {
+                            Logs.Configuration.LogWarning($"SSH host fingerprint for {e.HostKeyName} is untrusted, start BTCPay with -sshtrustedfingerprints \"{Encoders.Hex.EncodeData(e.FingerPrint)}\"");
+                        }
+                    };
+                    try
+                    {
+                        connection.Connect();
+                        connection.Disconnect();
+                        Logs.Configuration.LogInformation($"SSH connection succeeded");
+                    }
+                    catch (Renci.SshNet.Common.SshAuthenticationException)
+                    {
+                        Logs.Configuration.LogWarning($"SSH invalid credentials");
+                    }
+                    catch (Exception ex)
+                    {
+                        var message = ex.Message;
+                        if (ex is AggregateException aggrEx && aggrEx.InnerException?.Message != null)
+                        {
+                            message = aggrEx.InnerException.Message;
+                        }
+                        Logs.Configuration.LogWarning($"SSH connection issue: {message}");
+                    }
+                    finally
+                    {
+                        connection.Dispose();
+                    }
+                }
+            })
+            { IsBackground = true }.Start();
+            return Task.CompletedTask;
+        }
+
+        public Task StopAsync(CancellationToken cancellationToken)
+        {
+            return Task.CompletedTask;
+        }
+    }
+}
--- a/BTCPayServer/HostedServices/CssThemeManager.cs
+++ b/BTCPayServer/HostedServices/CssThemeManager.cs
@ -11,52 +11,109 @@ using NBXplorer.Models;
 using System.Collections.Concurrent;
 using BTCPayServer.Events;
 using BTCPayServer.Services;
+using Microsoft.AspNetCore.Mvc.Filters;
+using BTCPayServer.Security;

 namespace BTCPayServer.HostedServices
 {
    public class CssThemeManager
    {
-        public CssThemeManager(SettingsRepository settingsRepository)
-        {
-            Update(settingsRepository);
-        }
-
-        private async void Update(SettingsRepository settingsRepository)
-        {
-            var data = (await settingsRepository.GetSettingAsync<ThemeSettings>()) ?? new ThemeSettings();
-            Update(data);
-        }
-
        public void Update(ThemeSettings data)
        {
-            UpdateBootstrap(data.BootstrapCssUri);
-            UpdateCreativeStart(data.CreativeStartCssUri);
-        } 
+            if (String.IsNullOrWhiteSpace(data.BootstrapCssUri))
+                _bootstrapUri = "/vendor/bootstrap4/css/bootstrap.css?v=" + DateTime.Now.Ticks;
+            else
+                _bootstrapUri = data.BootstrapCssUri;

-        private string _bootstrapUri = "/vendor/bootstrap4/css/bootstrap.css?v=" + DateTime.Now.Ticks;
+
+            if (String.IsNullOrWhiteSpace(data.CreativeStartCssUri))
+                _creativeStartUri = "/vendor/bootstrap4-creativestart/creative.css?v=" + DateTime.Now.Ticks;
+            else
+                _creativeStartUri = data.CreativeStartCssUri;
+        }
+
+        private string _bootstrapUri;
        public string BootstrapUri
        {
            get { return _bootstrapUri; }
        }
-        public void UpdateBootstrap(string newUri)
-        {
-            if (String.IsNullOrWhiteSpace(newUri))
-                _bootstrapUri = "/vendor/bootstrap4/css/bootstrap.css?v="+ DateTime.Now.Ticks;
-            else
-                _bootstrapUri = newUri;
-        }

-        private string _creativeStartUri = "/vendor/bootstrap4-creativestart/creative.css?v=" + DateTime.Now.Ticks;
+        private string _creativeStartUri;
        public string CreativeStartUri
        {
            get { return _creativeStartUri; }
        }
-        public void UpdateCreativeStart(string newUri)
+
+        public bool ShowRegister { get; set; }
+
+        internal void Update(PoliciesSettings data)
        {
-            if (String.IsNullOrWhiteSpace(newUri))
-                _creativeStartUri = "/vendor/bootstrap4-creativestart/creative.css?v=" + DateTime.Now.Ticks;
-            else
-                _creativeStartUri = newUri;
+            ShowRegister = !data.LockSubscription;
+        }
+    }
+
+    public class ContentSecurityPolicyCssThemeManager : Attribute, IActionFilter, IOrderedFilter
+    {
+        public int Order => 1001;
+
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+            
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            var manager = context.HttpContext.RequestServices.GetService(typeof(CssThemeManager)) as CssThemeManager;
+            var policies = context.HttpContext.RequestServices.GetService(typeof(ContentSecurityPolicies)) as ContentSecurityPolicies;
+            if (manager != null && policies != null)
+            {
+                if(manager.CreativeStartUri != null && Uri.TryCreate(manager.CreativeStartUri, UriKind.Absolute, out var uri))
+                {
+                    policies.Clear();
+                }
+                if (manager.BootstrapUri != null && Uri.TryCreate(manager.BootstrapUri, UriKind.Absolute, out uri))
+                {
+                    policies.Clear();
+                }
+            }
+        }
+    }
+
+    public class CssThemeManagerHostedService : BaseAsyncService
+    {
+        private SettingsRepository _SettingsRepository;
+        private CssThemeManager _CssThemeManager;
+
+        public CssThemeManagerHostedService(SettingsRepository settingsRepository, CssThemeManager cssThemeManager)
+        {
+            _SettingsRepository = settingsRepository;
+            _CssThemeManager = cssThemeManager;
+        }
+
+        internal override Task[] InitializeTasks()
+        {
+            return new[]
+            {
+                CreateLoopTask(ListenForThemeChanges),
+                CreateLoopTask(ListenForPoliciesChanges),
+            };
+        }
+
+        async Task ListenForPoliciesChanges()
+        {
+            await new SynchronizationContextRemover();
+            var data = (await _SettingsRepository.GetSettingAsync<PoliciesSettings>()) ?? new PoliciesSettings();
+            _CssThemeManager.Update(data);
+            await _SettingsRepository.WaitSettingsChanged<PoliciesSettings>(Cancellation);
+        }
+
+        async Task ListenForThemeChanges()
+        {
+            await new SynchronizationContextRemover();
+            var data = (await _SettingsRepository.GetSettingAsync<ThemeSettings>()) ?? new ThemeSettings();
+            _CssThemeManager.Update(data);
+
+            await _SettingsRepository.WaitSettingsChanged<ThemeSettings>(Cancellation);
        }
    }
 }
--- a/BTCPayServer/HostedServices/InvoiceNotificationManager.cs
+++ b/BTCPayServer/HostedServices/InvoiceNotificationManager.cs
@ -20,6 +20,7 @@ using BTCPayServer.Events;
 using NBXplorer;
 using BTCPayServer.Services.Invoices;
 using BTCPayServer.Payments;
+using BTCPayServer.Services.Mails;

 namespace BTCPayServer.HostedServices
 {
@ -52,24 +53,44 @@ namespace BTCPayServer.HostedServices
        EventAggregator _EventAggregator;
        InvoiceRepository _InvoiceRepository;
        BTCPayNetworkProvider _NetworkProvider;
+        IEmailSender _EmailSender;

        public InvoiceNotificationManager(
            IBackgroundJobClient jobClient,
            EventAggregator eventAggregator,
            InvoiceRepository invoiceRepository,
            BTCPayNetworkProvider networkProvider,
-            ILogger<InvoiceNotificationManager> logger)
+            ILogger<InvoiceNotificationManager> logger,
+            IEmailSender emailSender)
        {
            Logger = logger as ILogger ?? NullLogger.Instance;
            _JobClient = jobClient;
            _EventAggregator = eventAggregator;
            _InvoiceRepository = invoiceRepository;
            _NetworkProvider = networkProvider;
+            _EmailSender = emailSender;
        }

        async Task Notify(InvoiceEntity invoice, int? eventCode = null, string name = null)
        {
            CancellationTokenSource cts = new CancellationTokenSource(10000);
+
+            if (!String.IsNullOrEmpty(invoice.NotificationEmail))
+            {
+                // just extracting most important data for email body, merchant should query API back for full invoice based on Invoice.Id
+                var ipn = new
+                {
+                    invoice.Id,
+                    invoice.Status,
+                    invoice.StoreId
+                };
+                // TODO: Consider adding info on ItemDesc and payment info (amount)
+
+                var emailBody = NBitcoin.JsonConverters.Serializer.ToString(ipn);
+                await _EmailSender.SendEmailAsync(
+                    invoice.NotificationEmail, $"BtcPayServer Invoice Notification - ${invoice.StoreId}", emailBody);
+            }
+
            try
            {
                if (string.IsNullOrEmpty(invoice.NotificationURL))
@ -198,7 +219,12 @@ namespace BTCPayServer.HostedServices
                PosData = dto.PosData,
                Price = dto.Price,
                Status = dto.Status,
-                BuyerFields = invoice.RefundMail == null ? null : new Newtonsoft.Json.Linq.JObject() { new JProperty("buyerEmail", invoice.RefundMail) }
+                BuyerFields = invoice.RefundMail == null ? null : new Newtonsoft.Json.Linq.JObject() { new JProperty("buyerEmail", invoice.RefundMail) },
+                PaymentSubtotals = dto.PaymentSubtotals,
+                PaymentTotals = dto.PaymentTotals,
+                AmountPaid = dto.AmountPaid,
+                ExchangeRates = dto.ExchangeRates,
+
            };

            // We keep backward compatibility with bitpay by passing BTC info to the notification
@ -207,7 +233,7 @@ namespace BTCPayServer.HostedServices
            if (btcCryptoInfo != null)
            {
 #pragma warning disable CS0618
-                notification.Rate = (double)dto.Rate;
+                notification.Rate = dto.Rate;
                notification.Url = dto.Url;
                notification.BTCDue = dto.BTCDue;
                notification.BTCPaid = dto.BTCPaid;
@ -259,15 +285,15 @@ namespace BTCPayServer.HostedServices
                        sendRequest()
                            .ContinueWith(t =>
                            {
-                                if(t.Status == TaskStatus.RanToCompletion)
-                                { 
+                                if (t.Status == TaskStatus.RanToCompletion)
+                                {
                                    completion.TrySetResult(t.Result);
                                }
-                                if(t.Status == TaskStatus.Faulted)
+                                if (t.Status == TaskStatus.Faulted)
                                {
                                    completion.TrySetException(t.Exception);
                                }
-                                if(t.Status == TaskStatus.Canceled)
+                                if (t.Status == TaskStatus.Canceled)
                                {
                                    completion.TrySetCanceled();
                                }
@ -284,7 +310,7 @@ namespace BTCPayServer.HostedServices
                    lock (_SendingRequestsByInvoiceId)
                    {
                        _SendingRequestsByInvoiceId.TryGetValue(id, out var executing2);
-                        if(executing2 == sending)
+                        if (executing2 == sending)
                            _SendingRequestsByInvoiceId.Remove(id);
                    }
                }, TaskScheduler.Default);
@ -304,8 +330,13 @@ namespace BTCPayServer.HostedServices
        {
            leases.Add(_EventAggregator.Subscribe<InvoiceEvent>(async e =>
            {
-                var invoice = await _InvoiceRepository.GetInvoice(null, e.InvoiceId);
-                await SaveEvent(invoice.Id, e);
+                var invoice = await _InvoiceRepository.GetInvoice(null, e.Invoice.Id);
+                if (invoice == null)
+                    return;
+                List<Task> tasks = new List<Task>();
+
+                // Awaiting this later help make sure invoices should arrive in order
+                tasks.Add(SaveEvent(invoice.Id, e));

                // we need to use the status in the event and not in the invoice. The invoice might now be in another status.
                if (invoice.FullNotifications)
@ -315,20 +346,22 @@ namespace BTCPayServer.HostedServices
                       e.Name == "invoice_failedToConfirm" ||
                       e.Name == "invoice_markedInvalid" ||
                       e.Name == "invoice_failedToConfirm" ||
-                       e.Name == "invoice_completed"
+                       e.Name == "invoice_completed" ||
+                       e.Name == "invoice_expiredPaidPartial"
                     )
-                        await Notify(invoice);
+                        tasks.Add(Notify(invoice));
                }

                if (e.Name == "invoice_confirmed")
                {
-                    await Notify(invoice);
+                    tasks.Add(Notify(invoice));
                }

                if (invoice.ExtendedNotifications)
                {
-                    await Notify(invoice, e.EventCode, e.Name);
+                    tasks.Add(Notify(invoice, e.EventCode, e.Name));
                }
+                await Task.WhenAll(tasks.ToArray());
            }));


--- a/BTCPayServer/HostedServices/InvoiceWatcher.cs
+++ b/BTCPayServer/HostedServices/InvoiceWatcher.cs
@ -66,8 +66,10 @@ namespace BTCPayServer.HostedServices
                context.MarkDirty();
                await _InvoiceRepository.UnaffectAddress(invoice.Id);

-                context.Events.Add(new InvoiceEvent(invoice, 1004, "invoice_expired"));
+                context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1004, "invoice_expired"));
                invoice.Status = "expired";
+                if(invoice.ExceptionStatus == "paidPartial")
+                    context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 2000, "invoice_expiredPaidPartial"));
            }

            var payments = invoice.GetPayments().Where(p => p.Accounted).ToArray();
@ -78,11 +80,11 @@ namespace BTCPayServer.HostedServices
            var network = _NetworkProvider.GetNetwork(paymentMethod.GetId().CryptoCode);
            if (invoice.Status == "new" || invoice.Status == "expired")
            {
-                if (accounting.Paid >= accounting.TotalDue)
+                if (accounting.Paid >= accounting.MinimumTotalDue)
                {
                    if (invoice.Status == "new")
                    {
-                        context.Events.Add(new InvoiceEvent(invoice, 1003, "invoice_paidInFull"));
+                        context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1003, "invoice_paidInFull"));
                        invoice.Status = "paid";
                        invoice.ExceptionStatus = accounting.Paid > accounting.TotalDue ? "paidOver" : null;
                        await _InvoiceRepository.UnaffectAddress(invoice.Id);
@ -91,22 +93,22 @@ namespace BTCPayServer.HostedServices
                    else if (invoice.Status == "expired" && invoice.ExceptionStatus != "paidLate")
                    {
                        invoice.ExceptionStatus = "paidLate";
-                        context.Events.Add(new InvoiceEvent(invoice, 1009, "invoice_paidAfterExpiration"));
+                        context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1009, "invoice_paidAfterExpiration"));
                        context.MarkDirty();
                    }
                }

-                if (accounting.Paid < accounting.TotalDue && invoice.GetPayments().Count != 0 && invoice.ExceptionStatus != "paidPartial")
+                if (accounting.Paid < accounting.MinimumTotalDue && invoice.GetPayments().Count != 0 && invoice.ExceptionStatus != "paidPartial")
                {
-                    invoice.ExceptionStatus = "paidPartial";
-                    context.MarkDirty();
+                        invoice.ExceptionStatus = "paidPartial";
+                        context.MarkDirty();
                }
            }

            // Just make sure RBF did not cancelled a payment
            if (invoice.Status == "paid")
            {
-                if (accounting.Paid == accounting.TotalDue && invoice.ExceptionStatus == "paidOver")
+                if (accounting.MinimumTotalDue <= accounting.Paid && accounting.Paid <= accounting.TotalDue && invoice.ExceptionStatus == "paidOver")
                {
                    invoice.ExceptionStatus = null;
                    context.MarkDirty();
@ -118,7 +120,7 @@ namespace BTCPayServer.HostedServices
                    context.MarkDirty();
                }

-                if (accounting.Paid < accounting.TotalDue)
+                if (accounting.Paid < accounting.MinimumTotalDue)
                {
                    invoice.Status = "new";
                    invoice.ExceptionStatus = accounting.Paid == Money.Zero ? null : "paidPartial";
@ -134,17 +136,17 @@ namespace BTCPayServer.HostedServices
                   (invoice.MonitoringExpiration < DateTimeOffset.UtcNow)
                   &&
                   // And not enough amount confirmed
-                   (confirmedAccounting.Paid < accounting.TotalDue))
+                   (confirmedAccounting.Paid < accounting.MinimumTotalDue))
                {
                    await _InvoiceRepository.UnaffectAddress(invoice.Id);
-                    context.Events.Add(new InvoiceEvent(invoice, 1013, "invoice_failedToConfirm"));
+                    context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1013, "invoice_failedToConfirm"));
                    invoice.Status = "invalid";
                    context.MarkDirty();
                }
-                else if (confirmedAccounting.Paid >= accounting.TotalDue)
+                else if (confirmedAccounting.Paid >= accounting.MinimumTotalDue)
                {
                    await _InvoiceRepository.UnaffectAddress(invoice.Id);
-                    context.Events.Add(new InvoiceEvent(invoice, 1005, "invoice_confirmed"));
+                    context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1005, "invoice_confirmed"));
                    invoice.Status = "confirmed";
                    context.MarkDirty();
                }
@ -153,9 +155,9 @@ namespace BTCPayServer.HostedServices
            if (invoice.Status == "confirmed")
            {
                var completedAccounting = paymentMethod.Calculate(p => p.GetCryptoPaymentData().PaymentCompleted(p, network));
-                if (completedAccounting.Paid >= accounting.TotalDue)
+                if (completedAccounting.Paid >= accounting.MinimumTotalDue)
                {
-                    context.Events.Add(new InvoiceEvent(invoice, 1006, "invoice_completed"));
+                    context.Events.Add(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1006, "invoice_completed"));
                    invoice.Status = "complete";
                    context.MarkDirty();
                }
@ -247,13 +249,13 @@ namespace BTCPayServer.HostedServices
            {
                if (b.Name == "invoice_created")
                {
-                    Watch(b.InvoiceId);
-                    await Wait(b.InvoiceId);
+                    Watch(b.Invoice.Id);
+                    await Wait(b.Invoice.Id);
                }

                if (b.Name == "invoice_receivedPayment")
                {
-                    Watch(b.InvoiceId);
+                    Watch(b.Invoice.Id);
                }
            }));
            return Task.CompletedTask;
@ -289,7 +291,7 @@ namespace BTCPayServer.HostedServices
                            if (updateContext.Dirty)
                            {
                                await _InvoiceRepository.UpdateInvoiceStatus(invoice.Id, invoice.Status, invoice.ExceptionStatus);
-                                updateContext.Events.Add(new InvoiceDataChangedEvent(invoice));
+                                updateContext.Events.Insert(0, new InvoiceDataChangedEvent(invoice));
                            }

                            foreach (var evt in updateContext.Events)
--- a/BTCPayServer/HostedServices/MigratorHostedService.cs
+++ b/BTCPayServer/HostedServices/MigratorHostedService.cs
@ -0,0 +1,120 @@
+using System;
+using Microsoft.Extensions.Logging;
+using Microsoft.EntityFrameworkCore;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Logging;
+
+namespace BTCPayServer.HostedServices
+{
+    public class MigratorHostedService : BaseAsyncService
+    {
+        private ApplicationDbContextFactory _DBContextFactory;
+        private StoreRepository _StoreRepository;
+        private BTCPayNetworkProvider _NetworkProvider;
+        private SettingsRepository _Settings;
+        public MigratorHostedService(
+            BTCPayNetworkProvider networkProvider,
+            StoreRepository storeRepository,
+            ApplicationDbContextFactory dbContextFactory,
+            SettingsRepository settingsRepository)
+        {
+            _DBContextFactory = dbContextFactory;
+            _StoreRepository = storeRepository;
+            _NetworkProvider = networkProvider;
+            _Settings = settingsRepository;
+        }
+        internal override Task[] InitializeTasks()
+        {
+            return new[]
+            {
+                Update()
+            };
+        }
+
+        private async Task Update()
+        {
+            try
+            {
+                var settings = (await _Settings.GetSettingAsync<MigrationSettings>()) ?? new MigrationSettings();
+                if (!settings.DeprecatedLightningConnectionStringCheck)
+                {
+                    await DeprecatedLightningConnectionStringCheck();
+                    settings.DeprecatedLightningConnectionStringCheck = true;
+                    await _Settings.UpdateSetting(settings);
+                }
+                if (!settings.UnreachableStoreCheck)
+                {
+                    await UnreachableStoreCheck();
+                    settings.UnreachableStoreCheck = true;
+                    await _Settings.UpdateSetting(settings);
+                }
+                if (!settings.ConvertMultiplierToSpread)
+                {
+                    await ConvertMultiplierToSpread();
+                    settings.ConvertMultiplierToSpread = true;
+                    await _Settings.UpdateSetting(settings);
+                }
+            }
+            catch (Exception ex)
+            {
+                Logs.PayServer.LogError(ex, "Error on the MigratorHostedService");
+                throw;
+            }
+        }
+
+        private async Task ConvertMultiplierToSpread()
+        {
+            using (var ctx = _DBContextFactory.CreateContext())
+            {
+                foreach (var store in await ctx.Stores.ToArrayAsync())
+                {
+                    var blob = store.GetStoreBlob();
+#pragma warning disable CS0612 // Type or member is obsolete
+                    decimal multiplier = 1.0m;
+                    if (blob.RateRules != null && blob.RateRules.Count != 0)
+                    {
+                        foreach (var rule in blob.RateRules)
+                        {
+                            multiplier = rule.Apply(null, multiplier);
+                        }
+                    }
+                    blob.RateRules = null;
+                    blob.Spread = Math.Min(1.0m, Math.Max(0m, -(multiplier - 1.0m)));
+                    store.SetStoreBlob(blob);
+#pragma warning restore CS0612 // Type or member is obsolete
+                }
+                await ctx.SaveChangesAsync();
+            }
+        }
+
+        private Task UnreachableStoreCheck()
+        {
+            return _StoreRepository.CleanUnreachableStores();
+        }
+
+        private async Task DeprecatedLightningConnectionStringCheck()
+        {
+            using (var ctx = _DBContextFactory.CreateContext())
+            {
+                foreach (var store in await ctx.Stores.ToArrayAsync())
+                {
+                    foreach (var method in store.GetSupportedPaymentMethods(_NetworkProvider).OfType<Payments.Lightning.LightningSupportedPaymentMethod>())
+                    {
+                        var lightning = method.GetLightningUrl();
+                        if (lightning.IsLegacy)
+                        {
+                            method.SetLightningUrl(lightning);
+                            store.SetSupportedPaymentMethod(method.PaymentId, method);
+                        }
+                    }
+                }
+                await ctx.SaveChangesAsync();
+            }
+        }
+    }
+}
--- a/BTCPayServer/HostedServices/NBXplorerWaiter.cs
+++ b/BTCPayServer/HostedServices/NBXplorerWaiter.cs
@ -47,7 +47,11 @@ namespace BTCPayServer.HostedServices
                   summary.Status != null && 
                   summary.Status.IsFullySynched;
        }
-
+        public NBXplorerSummary Get(string cryptoCode)
+        {
+            _Summaries.TryGetValue(cryptoCode, out var summary);
+            return summary;
+        }
        public IEnumerable<NBXplorerSummary> GetAll()
        {
            return _Summaries.Values;
@ -192,7 +196,7 @@ namespace BTCPayServer.HostedServices
            {
                State = NBXplorerState.NotConnected;
                status = null;
-                _Aggregator.Publish(new NBXplorerErrorEvent(_Network, error));
+                Logs.PayServer.LogError($"{_Network.CryptoCode}: NBXplorer error `{error}`");
            }

            _Dashboard.Publish(_Network, State, status, error);
--- a/BTCPayServer/HostedServices/RatesHostedService.cs
+++ b/BTCPayServer/HostedServices/RatesHostedService.cs
@ -14,93 +14,82 @@ using System.Text;

 namespace BTCPayServer.HostedServices
 {
-    public class RatesHostedService : IHostedService
+    public class RatesHostedService : BaseAsyncService
    {
        private SettingsRepository _SettingsRepository;
-        private IRateProviderFactory _RateProviderFactory;
        private CoinAverageSettings _coinAverageSettings;
+        RateProviderFactory _RateProviderFactory;
        public RatesHostedService(SettingsRepository repo,
-                                  CoinAverageSettings coinAverageSettings,
-                                  IRateProviderFactory rateProviderFactory)
+                                  RateProviderFactory rateProviderFactory,
+                                  CoinAverageSettings coinAverageSettings)
        {
            this._SettingsRepository = repo;
-            _RateProviderFactory = rateProviderFactory;
            _coinAverageSettings = coinAverageSettings;
+            _RateProviderFactory = rateProviderFactory;
        }

-
-        CancellationTokenSource _Cts = new CancellationTokenSource();
-
-        List<Task> _Tasks = new List<Task>();
-
-        public Task StartAsync(CancellationToken cancellationToken)
+        internal override Task[] InitializeTasks()
        {
-            _Tasks.Add(RefreshCoinAverageSupportedExchanges(_Cts.Token));
-            _Tasks.Add(RefreshCoinAverageSettings(_Cts.Token));
-            return Task.CompletedTask;
-        }
-
-
-        async Task Timer(Func<Task> act, CancellationToken cancellation, [CallerMemberName]string caller = null)
-        {
-            await new SynchronizationContextRemover();
-            while (!cancellation.IsCancellationRequested)
+            return new[]
            {
+                CreateLoopTask(RefreshCoinAverageSupportedExchanges),
+                CreateLoopTask(RefreshCoinAverageSettings),
+                CreateLoopTask(RefreshRates)
+            };
+        }
+        async Task RefreshRates()
+        {
+
+            using (var timeout = CancellationTokenSource.CreateLinkedTokenSource(Cancellation))
+            {
+                timeout.CancelAfter(TimeSpan.FromSeconds(20.0));
                try
                {
-                    await act();
+                    await Task.WhenAll(_RateProviderFactory.Providers
+                                    .Select(p => (Fetcher: p.Value as BackgroundFetcherRateProvider, ExchangeName: p.Key)).Where(p => p.Fetcher != null)
+                                    .Select(p => p.Fetcher.UpdateIfNecessary().ContinueWith(t =>
+                                    {
+                                        if (t.Result.Exception != null)
+                                        {
+                                            Logs.PayServer.LogWarning($"Error while contacting {p.ExchangeName}: {t.Result.Exception.Message}");
+                                        }
+                                    }, TaskScheduler.Default))
+                                    .ToArray()).WithCancellation(timeout.Token);
                }
-                catch (OperationCanceledException) when (cancellation.IsCancellationRequested)
+                catch (OperationCanceledException) when (timeout.IsCancellationRequested)
                {
                }
-                catch (Exception ex)
-                {
-                    Logs.PayServer.LogWarning(ex, caller + " failed");
-                    try
-                    {
-                        await Task.Delay(TimeSpan.FromMinutes(1), cancellation);
-                    }
-                    catch (OperationCanceledException) when (cancellation.IsCancellationRequested) { }
-                }
            }
-        }
-        Task RefreshCoinAverageSupportedExchanges(CancellationToken cancellation)
-        {
-            return Timer(async () =>
-            {
-                await new SynchronizationContextRemover();
-                var tickers = await new CoinAverageRateProvider("BTC") { Authenticator = _coinAverageSettings }.GetExchangeTickersAsync();
-                _coinAverageSettings.AvailableExchanges = tickers
-                    .Exchanges
-                    .Select(c => (c.DisplayName, c.Name))
-                    .ToArray();
-                await Task.Delay(TimeSpan.FromHours(5), cancellation);
-            }, cancellation);
+            await Task.Delay(TimeSpan.FromSeconds(30), Cancellation);
        }

-        Task RefreshCoinAverageSettings(CancellationToken cancellation)
+        async Task RefreshCoinAverageSupportedExchanges()
        {
-            return Timer(async () =>
+            var tickers = await new CoinAverageRateProvider() { Authenticator = _coinAverageSettings }.GetExchangeTickersAsync();
+            var exchanges = new CoinAverageExchanges();
+            foreach (var item in tickers
+                .Exchanges
+                .Select(c => new CoinAverageExchange(c.Name, c.DisplayName)))
            {
-                await new SynchronizationContextRemover();
-                var rates = (await _SettingsRepository.GetSettingAsync<RatesSetting>()) ?? new RatesSetting();
-                _RateProviderFactory.CacheSpan = TimeSpan.FromMinutes(rates.CacheInMinutes);
-                if (!string.IsNullOrWhiteSpace(rates.PrivateKey) && !string.IsNullOrWhiteSpace(rates.PublicKey))
-                {
-                    _coinAverageSettings.KeyPair = (rates.PublicKey, rates.PrivateKey);
-                }
-                else
-                {
-                    _coinAverageSettings.KeyPair = null;
-                }
-                await _SettingsRepository.WaitSettingsChanged<RatesSetting>(cancellation);
-            }, cancellation);
+                exchanges.Add(item);
+            }
+            _coinAverageSettings.AvailableExchanges = exchanges;
+            await Task.Delay(TimeSpan.FromHours(5), Cancellation);
        }

-        public Task StopAsync(CancellationToken cancellationToken)
+        async Task RefreshCoinAverageSettings()
        {
-            _Cts.Cancel();
-            return Task.WhenAll(_Tasks.ToArray());
+            var rates = (await _SettingsRepository.GetSettingAsync<RatesSetting>()) ?? new RatesSetting();
+            _RateProviderFactory.CacheSpan = TimeSpan.FromMinutes(rates.CacheInMinutes);
+            if (!string.IsNullOrWhiteSpace(rates.PrivateKey) && !string.IsNullOrWhiteSpace(rates.PublicKey))
+            {
+                _coinAverageSettings.KeyPair = (rates.PublicKey, rates.PrivateKey);
+            }
+            else
+            {
+                _coinAverageSettings.KeyPair = null;
+            }
+            await _SettingsRepository.WaitSettingsChanged<RatesSetting>(Cancellation);
        }
    }
 }
--- a/BTCPayServer/Hosting/BTCPayServerServices.cs
+++ b/BTCPayServer/Hosting/BTCPayServerServices.cs
@ -12,7 +12,6 @@ using NBitcoin;
 using BTCPayServer.Data;
 using Microsoft.EntityFrameworkCore;
 using System.IO;
-using Microsoft.Data.Sqlite;
 using NBXplorer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.Hosting;
@ -38,55 +37,18 @@ using Microsoft.Extensions.Caching.Memory;
 using BTCPayServer.Logging;
 using BTCPayServer.HostedServices;
 using Meziantou.AspNetCore.BundleTagHelpers;
+using System.Security.Claims;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Security;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+using NBXplorer.DerivationStrategy;
+using NicolasDorier.RateLimits;
+using Npgsql;

 namespace BTCPayServer.Hosting
 {
    public static class BTCPayServerServices
    {
-        public class OwnStoreAuthorizationRequirement : IAuthorizationRequirement
-        {
-            public OwnStoreAuthorizationRequirement()
-            {
-            }
-
-            public OwnStoreAuthorizationRequirement(string role)
-            {
-                Role = role;
-            }
-
-            public string Role
-            {
-                get; set;
-            }
-        }
-
-        public class OwnStoreHandler : AuthorizationHandler<OwnStoreAuthorizationRequirement>
-        {
-            StoreRepository _StoreRepository;
-            UserManager<ApplicationUser> _UserManager;
-            public OwnStoreHandler(StoreRepository storeRepository, UserManager<ApplicationUser> userManager)
-            {
-                _StoreRepository = storeRepository;
-                _UserManager = userManager;
-            }
-            protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, OwnStoreAuthorizationRequirement requirement)
-            {
-                object storeId = null;
-                if (!((Microsoft.AspNetCore.Mvc.ActionContext)context.Resource).RouteData.Values.TryGetValue("storeId", out storeId))
-                    context.Succeed(requirement);
-                else if (storeId != null)
-                {
-                    var user = _UserManager.GetUserId(((Microsoft.AspNetCore.Mvc.ActionContext)context.Resource).HttpContext.User);
-                    if (user != null)
-                    {
-                        var store = await _StoreRepository.FindStore((string)storeId, user);
-                        if (store != null)
-                            if (requirement.Role == null || requirement.Role == store.Role)
-                                context.Succeed(requirement);
-                    }
-                }
-            }
-        }
        public static IServiceCollection AddBTCPayServer(this IServiceCollection services)
        {
            services.AddDbContext<ApplicationDbContext>((provider, o) =>
@ -94,6 +56,7 @@ namespace BTCPayServer.Hosting
                var factory = provider.GetRequiredService<ApplicationDbContextFactory>();
                factory.ConfigureBuilder(o);
            });
+            services.AddHttpClient();
            services.TryAddSingleton<SettingsRepository>();
            services.TryAddSingleton<InvoicePaymentNotification>();
            services.TryAddSingleton<BTCPayServerOptions>(o => o.GetRequiredService<IOptions<BTCPayServerOptions>>().Value);
@ -110,25 +73,29 @@ namespace BTCPayServer.Hosting
            services.TryAddSingleton<TokenRepository>();
            services.TryAddSingleton<EventAggregator>();
            services.TryAddSingleton<CoinAverageSettings>();
-            services.TryAddSingleton<ICoinAverageAuthenticator, CoinAverageSettingsAuthenticator>();
            services.TryAddSingleton<ApplicationDbContextFactory>(o => 
            {
                var opts = o.GetRequiredService<BTCPayServerOptions>();
                ApplicationDbContextFactory dbContext = null;
-                if (opts.PostgresConnectionString == null)
+                if (!String.IsNullOrEmpty(opts.PostgresConnectionString))
+                {
+                    Logs.Configuration.LogInformation($"Postgres DB used ({opts.PostgresConnectionString})");
+                    dbContext = new ApplicationDbContextFactory(DatabaseType.Postgres, opts.PostgresConnectionString);
+                }
+                else if(!String.IsNullOrEmpty(opts.MySQLConnectionString))
+                {
+                    Logs.Configuration.LogInformation($"MySQL DB used ({opts.MySQLConnectionString})");
+                    dbContext = new ApplicationDbContextFactory(DatabaseType.MySQL, opts.MySQLConnectionString);
+                }
+                else
                {
                    var connStr = "Data Source=" + Path.Combine(opts.DataDir, "sqllite.db");
                    Logs.Configuration.LogInformation($"SQLite DB used ({connStr})");
                    dbContext = new ApplicationDbContextFactory(DatabaseType.Sqlite, connStr);
                }
-                else
-                {
-                    Logs.Configuration.LogInformation($"Postgres DB used ({opts.PostgresConnectionString})");
-                    dbContext = new ApplicationDbContextFactory(DatabaseType.Postgres, opts.PostgresConnectionString);
-                }
+                 
                return dbContext;
            });
-            services.TryAddSingleton<Payments.Lightning.LightningClientFactory>();

            services.TryAddSingleton<BTCPayNetworkProvider>(o => 
            {
@ -136,9 +103,11 @@ namespace BTCPayServer.Hosting
                return opts.NetworkProvider;
            });

+            services.TryAddSingleton<AppsHelper>();
+
+            services.TryAddSingleton<LightningConfigurationProvider>();
            services.TryAddSingleton<LanguageService>();
            services.TryAddSingleton<NBXplorerDashboard>();
-            services.TryAddSingleton<CssThemeManager>();
            services.TryAddSingleton<StoreRepository>();
            services.TryAddSingleton<BTCPayWalletProvider>();
            services.TryAddSingleton<CurrencyNameTable>();
@ -148,16 +117,30 @@ namespace BTCPayServer.Hosting
                BlockTarget = 20
            });

+            services.AddSingleton<CssThemeManager>();
+            services.Configure<MvcOptions>((o) => {
+                o.Filters.Add(new ContentSecurityPolicyCssThemeManager());
+                o.ModelMetadataDetailsProviders.Add(new SuppressChildValidationMetadataProvider(typeof(WalletId)));
+                o.ModelMetadataDetailsProviders.Add(new SuppressChildValidationMetadataProvider(typeof(DerivationStrategyBase)));
+            });
+            services.AddSingleton<IHostedService, CssThemeManagerHostedService>();
+            services.AddSingleton<IHostedService, MigratorHostedService>();
+
            services.AddSingleton<Payments.IPaymentMethodHandler<DerivationStrategy>, Payments.Bitcoin.BitcoinLikePaymentHandler>();
            services.AddSingleton<IHostedService, Payments.Bitcoin.NBXplorerListener>();

+            services.AddSingleton<IHostedService, HostedServices.CheckConfigurationHostedService>();
+
            services.AddSingleton<Payments.IPaymentMethodHandler<Payments.Lightning.LightningSupportedPaymentMethod>, Payments.Lightning.LightningLikePaymentHandler>();
            services.AddSingleton<IHostedService, Payments.Lightning.LightningListener>();
+            
+            services.AddSingleton<ChangellyClientProvider>();

            services.AddSingleton<IHostedService, NBXplorerWaiters>();
            services.AddSingleton<IHostedService, InvoiceNotificationManager>();
            services.AddSingleton<IHostedService, InvoiceWatcher>();
            services.AddSingleton<IHostedService, RatesHostedService>();
+            services.AddTransient<IConfigureOptions<MvcOptions>, BTCPayClaimsFilter>();

            services.TryAddSingleton<ExplorerClientProvider>();
            services.TryAddSingleton<Bitpay>(o =>
@ -167,40 +150,37 @@ namespace BTCPayServer.Hosting
                else
                    return new Bitpay(new Key(), new Uri("https://test.bitpay.com/"));
            });
-            services.TryAddSingleton<IRateProviderFactory, BTCPayRateProviderFactory>();
+            services.TryAddSingleton<RateProviderFactory>();
+            services.TryAddSingleton<RateFetcher>();

            services.TryAddScoped<IHttpContextAccessor, HttpContextAccessor>();
-            services.TryAddSingleton<IAuthorizationHandler, OwnStoreHandler>();
            services.AddTransient<AccessTokenController>();
            services.AddTransient<InvoiceController>();
            // Add application services.
            services.AddTransient<IEmailSender, EmailSender>();
-
-            services.AddAuthorization(o =>
-            {
-                o.AddPolicy(StorePolicies.CanAccessStores, builder =>
-                {
-                    builder.AddRequirements(new OwnStoreAuthorizationRequirement());
-                });
-
-                o.AddPolicy(StorePolicies.OwnStore, builder =>
-                {
-                    builder.AddRequirements(new OwnStoreAuthorizationRequirement(StoreRoles.Owner));
-                });
-            });
-
            // bundling

+            services.AddAuthorization(o => Policies.AddBTCPayPolicies(o));
+            BitpayAuthentication.AddAuthentication(services);
+
            services.AddBundles();
            services.AddTransient<BundleOptions>(provider =>
            {
                var opts = provider.GetRequiredService<BTCPayServerOptions>();
                var bundle = new BundleOptions();
-                bundle.UseMinifiedFiles = opts.BundleJsCss;
+                bundle.UseBundles = opts.BundleJsCss;
                bundle.AppendVersion = true;
                return bundle;
            });

+            services.AddCors(options=> 
+            {
+                options.AddPolicy(CorsPolicies.All, p=>p.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
+            });
+
+            var rateLimits = new RateLimitService();
+            rateLimits.SetZone($"zone={ZoneLimits.Login} rate=5r/min burst=3 nodelay");
+            services.AddSingleton(rateLimits);
            return services;
        }

@ -221,7 +201,7 @@ namespace BTCPayServer.Hosting

        static void Retry(Action act)
        {
-            CancellationTokenSource cts = new CancellationTokenSource(10000);
+            CancellationTokenSource cts = new CancellationTokenSource(1000);
            while (true)
            {
                try
@ -229,7 +209,9 @@ namespace BTCPayServer.Hosting
                    act();
                    return;
                }
-                catch when(!cts.IsCancellationRequested)
+                // Starting up
+                catch (PostgresException ex) when (ex.SqlState == "57P03") { Thread.Sleep(1000); }
+                catch when (!cts.IsCancellationRequested)
                {
                    Thread.Sleep(100);
                }
--- a/BTCPayServer/Hosting/BTCpayMiddleware.cs
+++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs
@ -6,37 +6,25 @@ using System.Collections.Generic;
 using System.Text;
 using System.Linq;
 using System.Threading.Tasks;
-using NBitcoin;
-using NBitcoin.Crypto;
-using NBitcoin.DataEncoders;
-using Microsoft.AspNetCore.Http.Internal;
 using System.IO;
 using BTCPayServer.Authentication;
-using System.Security.Principal;
-using NBitpayClient.Extensions;
 using BTCPayServer.Logging;
 using Newtonsoft.Json;
 using BTCPayServer.Models;
 using BTCPayServer.Configuration;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.Routing;
-using Microsoft.AspNetCore.Http.Extensions;
-using BTCPayServer.Controllers;
 using System.Net.WebSockets;
+using BTCPayServer.Services.Stores;

 namespace BTCPayServer.Hosting
 {
    public class BTCPayMiddleware
    {
-        TokenRepository _TokenRepository;
        RequestDelegate _Next;
        BTCPayServerOptions _Options;

        public BTCPayMiddleware(RequestDelegate next,
-            TokenRepository tokenRepo,
            BTCPayServerOptions options)
        {
-            _TokenRepository = tokenRepo ?? throw new ArgumentNullException(nameof(tokenRepo));
            _Next = next ?? throw new ArgumentNullException(nameof(next));
            _Options = options ?? throw new ArgumentNullException(nameof(options));
        }
@ -45,42 +33,16 @@ namespace BTCPayServer.Hosting
        public async Task Invoke(HttpContext httpContext)
        {
            RewriteHostIfNeeded(httpContext);
-            httpContext.Request.Headers.TryGetValue("x-signature", out StringValues values);
-            var sig = values.FirstOrDefault();
-            httpContext.Request.Headers.TryGetValue("x-identity", out values);
-            var id = values.FirstOrDefault();
-            if (!string.IsNullOrEmpty(sig) && !string.IsNullOrEmpty(id))
-            {
-                httpContext.Request.EnableRewind();
-
-                string body = string.Empty;
-                if (httpContext.Request.ContentLength != 0 && httpContext.Request.Body != null)
-                {
-                    using (StreamReader reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8, true, 1024, true))
-                    {
-                        body = reader.ReadToEnd();
-                    }
-                    httpContext.Request.Body.Position = 0;
-                }
-
-                var url = httpContext.Request.GetEncodedUrl();
-                try
-                {
-                    var key = new PubKey(id);
-                    if (BitIdExtensions.CheckBitIDSignature(key, sig, url, body))
-                    {
-                        var bitid = new BitIdentity(key);
-                        httpContext.User = new GenericPrincipal(bitid, Array.Empty<string>());
-                        Logs.PayServer.LogDebug($"BitId signature check success for SIN {bitid.SIN}");
-                    }
-                }
-                catch (FormatException) { }
-                if (!(httpContext.User.Identity is BitIdentity))
-                    Logs.PayServer.LogDebug("BitId signature check failed");
-            }

            try
            {
+                var bitpayAuth = GetBitpayAuth(httpContext, out bool isBitpayAuth);
+                var isBitpayAPI = IsBitpayAPI(httpContext, isBitpayAuth);
+                httpContext.SetIsBitpayAPI(isBitpayAPI);
+                if (isBitpayAPI)
+                {
+                    httpContext.SetBitpayAuth(bitpayAuth);
+                }
                await _Next(httpContext);
            }
            catch (WebSocketException)
@ -100,6 +62,56 @@ namespace BTCPayServer.Hosting
            }
        }

+        private static (string Signature, String Id, String Authorization) GetBitpayAuth(HttpContext httpContext, out bool hasBitpayAuth)
+        {
+            httpContext.Request.Headers.TryGetValue("x-signature", out StringValues values);
+            var sig = values.FirstOrDefault();
+            httpContext.Request.Headers.TryGetValue("x-identity", out values);
+            var id = values.FirstOrDefault();
+            httpContext.Request.Headers.TryGetValue("Authorization", out values);
+            var auth = values.FirstOrDefault();
+            hasBitpayAuth = auth != null || (sig != null && id != null);
+            return (sig, id, auth);
+        }
+
+        private bool IsBitpayAPI(HttpContext httpContext, bool bitpayAuth)
+        {
+            if (!httpContext.Request.Path.HasValue)
+                return false;
+
+            var isJson = (httpContext.Request.ContentType ?? string.Empty).StartsWith("application/json", StringComparison.OrdinalIgnoreCase);
+            var path = httpContext.Request.Path.Value;
+            if (
+                bitpayAuth &&
+              (path == "/invoices" || path == "/invoices/") &&
+              httpContext.Request.Method == "POST" &&
+              isJson)
+                return true;
+
+            if (
+                bitpayAuth &&
+                 (path == "/invoices" || path == "/invoices/") &&
+              httpContext.Request.Method == "GET")
+                return true;
+
+            if (
+                path.StartsWith("/invoices/", StringComparison.OrdinalIgnoreCase) &&
+                httpContext.Request.Method == "GET" &&
+                (isJson || httpContext.Request.Query.ContainsKey("token")))
+                return true;
+
+            if (path.StartsWith("/rates", StringComparison.OrdinalIgnoreCase) &&
+                httpContext.Request.Method == "GET")
+                return true;
+
+            if (
+                path.Equals("/tokens", StringComparison.Ordinal) &&
+                (httpContext.Request.Method == "GET" || httpContext.Request.Method == "POST"))
+                return true;
+
+            return false;
+        }
+
        private void RewriteHostIfNeeded(HttpContext httpContext)
        {
            string reverseProxyScheme = null;
@ -128,13 +140,9 @@ namespace BTCPayServer.Hosting
                if (reverseProxyScheme != null && _Options.ExternalUrl.Scheme != reverseProxyScheme)
                {
                    if (reverseProxyScheme == "http" && _Options.ExternalUrl.Scheme == "https")
-                        Logs.PayServer.LogWarning($"BTCPay ExternalUrl setting expected to use scheme '{_Options.ExternalUrl.Scheme}' externally, but the reverse proxy uses scheme '{reverseProxyScheme}'");
-                    httpContext.Request.Scheme = reverseProxyScheme;
-                }
-                else
-                { 
-                    httpContext.Request.Scheme = _Options.ExternalUrl.Scheme;
+                        Logs.PayServer.LogWarning($"BTCPay ExternalUrl setting expected to use scheme '{_Options.ExternalUrl.Scheme}' externally, but the reverse proxy uses scheme '{reverseProxyScheme}' (X-Forwarded-Port), forcing ExternalUrl");
                }
+                httpContext.Request.Scheme = _Options.ExternalUrl.Scheme;
                if (_Options.ExternalUrl.IsDefaultPort)
                    httpContext.Request.Host = new HostString(_Options.ExternalUrl.Host);
                else
--- a/BTCPayServer/Hosting/Startup.cs
+++ b/BTCPayServer/Hosting/Startup.cs
@ -35,11 +35,11 @@ using Hangfire.Annotations;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using System.Threading;
 using Microsoft.Extensions.Options;
-using Microsoft.ApplicationInsights.AspNetCore.Extensions;
 using Microsoft.AspNetCore.Mvc.Cors.Internal;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using System.Net;
 using Meziantou.AspNetCore.BundleTagHelpers;
+using BTCPayServer.Security;

 namespace BTCPayServer.Hosting
 {
@ -57,19 +57,22 @@ namespace BTCPayServer.Hosting
                return context.GetHttpContext().User.IsInRole(_Role);
            }
        }
-        public Startup(IConfiguration conf, IHostingEnvironment env)
+        public Startup(IConfiguration conf, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            Configuration = conf;
            _Env = env;
+            LoggerFactory = loggerFactory;
        }
        IHostingEnvironment _Env;
        public IConfiguration Configuration
        {
            get; set;
        }
+        public ILoggerFactory LoggerFactory { get; }

        public void ConfigureServices(IServiceCollection services)
        {
+            Logs.Configure(LoggerFactory);
            services.ConfigureBTCPayServer(Configuration);
            services.AddMemoryCache();
            services.AddIdentity<ApplicationUser, IdentityRole>()
@ -80,8 +83,19 @@ namespace BTCPayServer.Hosting
            services.AddMvc(o =>
            {
                o.Filters.Add(new XFrameOptionsAttribute("DENY"));
+                o.Filters.Add(new XContentTypeOptionsAttribute("nosniff"));
+                o.Filters.Add(new XXSSProtectionAttribute());
+                o.Filters.Add(new ReferrerPolicyAttribute("same-origin"));
+                //o.Filters.Add(new ContentSecurityPolicyAttribute()
+                //{
+                //    FontSrc = "'self' https://fonts.gstatic.com/",
+                //    ImgSrc = "'self' data:",
+                //    DefaultSrc = "'none'",
+                //    StyleSrc = "'self' 'unsafe-inline'",
+                //    ScriptSrc = "'self' 'unsafe-inline'"
+                //});
            });
-
+            services.TryAddScoped<ContentSecurityPolicies>();
            services.Configure<IdentityOptions>(options =>
            {
                options.Password.RequireDigit = false;
@ -89,6 +103,9 @@ namespace BTCPayServer.Hosting
                options.Password.RequireLowercase = false;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireUppercase = false;
+                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
+                options.Lockout.MaxFailedAccessAttempts = 5;
+                options.Lockout.AllowedForNewUsers = true;
            });

            services.AddHangfire((o) =>
@ -104,19 +121,43 @@ namespace BTCPayServer.Hosting
                    b.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
                });
            });
-            services.Configure<IOptions<ApplicationInsightsServiceOptions>>(o =>
-            {
-                o.Value.DeveloperMode = _Env.IsDevelopment();
-            });

-            // Needed to debug U2F for ledger support
-            //services.Configure<KestrelServerOptions>(kestrel =>
-            //{
-            //    kestrel.Listen(IPAddress.Loopback, 5012, l =>
-            //    {
-            //        l.UseHttps("devtest.pfx", "toto");
-            //    });
-            //});
+            // If the HTTPS certificate path is not set this logic will NOT be used and the default Kestrel binding logic will be.
+            string httpsCertificateFilePath = Configuration.GetOrDefault<string>("HttpsCertificateFilePath", null);
+            bool useDefaultCertificate = Configuration.GetOrDefault<bool>("HttpsUseDefaultCertificate", false);
+            bool hasCertPath = !String.IsNullOrEmpty(httpsCertificateFilePath);
+            if (hasCertPath || useDefaultCertificate)
+            {
+                var bindAddress = Configuration.GetOrDefault<IPAddress>("bind", IPAddress.Any);
+                int bindPort = Configuration.GetOrDefault<int>("port", 443);
+
+                services.Configure<KestrelServerOptions>(kestrel =>
+                {
+                    if (hasCertPath && !File.Exists(httpsCertificateFilePath))
+                    {
+                        // Note that by design this is a fatal error condition that will cause the process to exit.
+                        throw new ConfigException($"The https certificate file could not be found at {httpsCertificateFilePath}.");
+                    }
+                    if(hasCertPath && useDefaultCertificate)
+                    {
+                        throw new ConfigException($"Conflicting settings: if HttpsUseDefaultCertificate is true, HttpsCertificateFilePath should not be used");
+                    }
+
+                    kestrel.Listen(bindAddress, bindPort, l =>
+                    {
+                        if (hasCertPath)
+                        {
+                            Logs.Configuration.LogInformation($"Using HTTPS with the certificate located in {httpsCertificateFilePath}.");
+                            l.UseHttps(httpsCertificateFilePath, Configuration.GetOrDefault<string>("HttpsCertificateFilePassword", null));
+                        }
+                        else
+                        {
+                            Logs.Configuration.LogInformation($"Using HTTPS with the default certificate");
+                            l.UseHttps();
+                        }
+                    });
+                });
+            }
        }

        public void Configure(
@ -126,7 +167,6 @@ namespace BTCPayServer.Hosting
            BTCPayServerOptions options,
            ILoggerFactory loggerFactory)
        {
-            Logs.Configure(loggerFactory);
            Logs.Configuration.LogInformation($"Root Path: {options.RootPath}");
            if (options.RootPath.Equals("/", StringComparison.OrdinalIgnoreCase))
            {
@ -146,12 +186,9 @@ namespace BTCPayServer.Hosting
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
-                app.UseBrowserLink();
            }

-            //App insight do not that by itself...
-            loggerFactory.AddApplicationInsights(prov, LogLevel.Information);
-
+            app.UseCors();
            app.UsePayServer();
            app.UseStaticFiles();
            app.UseAuthentication();
@ -162,6 +199,7 @@ namespace BTCPayServer.Hosting
                Authorization = new[] { new NeedRole(Roles.ServerAdmin) }
            });
            app.UseWebSockets();
+            app.UseStatusCodePages();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
--- a/BTCPayServer/JsonConverters/LightMoneyJsonConverter.cs
+++ b/BTCPayServer/JsonConverters/LightMoneyJsonConverter.cs
@ -1,43 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Newtonsoft.Json;
-using System.Reflection;
-using BTCPayServer.Payments.Lightning;
-using NBitcoin.JsonConverters;
-using System.Globalization;
-
-namespace BTCPayServer.JsonConverters
-{
-    public class LightMoneyJsonConverter : JsonConverter
-    {
-        public override bool CanConvert(Type objectType)
-        {
-            return typeof(LightMoneyJsonConverter).GetTypeInfo().IsAssignableFrom(objectType.GetTypeInfo());
-        }
-
-        Type longType = typeof(long).GetTypeInfo();
-        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
-        {
-            try
-            {
-                return reader.TokenType == JsonToken.Null ? null :
-                    reader.TokenType == JsonToken.Integer ?
-                                                longType.IsAssignableFrom(reader.ValueType) ? new LightMoney((long)reader.Value)
-                                                                                            : new LightMoney(long.MaxValue) :
-                    reader.TokenType == JsonToken.String ? new LightMoney(long.Parse((string)reader.Value, CultureInfo.InvariantCulture)) 
-                    : null;
-            }
-            catch (InvalidCastException)
-            {
-                throw new JsonObjectException("Money amount should be in millisatoshi", reader);
-            }
-        }
-
-        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
-        {
-            writer.WriteValue(((LightMoney)value).MilliSatoshi);
-        }
-    }
-}
--- a/BTCPayServer/Logging/ConsoleLogger.cs
+++ b/BTCPayServer/Logging/ConsoleLogger.cs
@ -1,13 +1,14 @@
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Logging.Console;
-using Microsoft.Extensions.Logging.Console.Internal;
-using System;
+using System;
 using System.Collections.Concurrent;
-using System.Collections.Generic;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions.Internal;
+using Microsoft.Extensions.Logging.Console;
+using Microsoft.Extensions.Logging.Console.Internal;

 namespace BTCPayServer.Logging
 {
@ -20,19 +21,18 @@ namespace BTCPayServer.Logging
        }
        public ILogger CreateLogger(string categoryName)
        {
-            return new CustomConsoleLogger(categoryName, (a, b) => true, false, _Processor);
+            return new CustomerConsoleLogger(categoryName, (a, b) => true, null, _Processor);
        }

        public void Dispose()
        {
-
        }
    }

    /// <summary>
    /// A variant of ASP.NET Core ConsoleLogger which does not make new line for the category
    /// </summary>
-    public class CustomConsoleLogger : ILogger
+    public class CustomerConsoleLogger : ILogger
    {
        private static readonly string _loglevelPadding = ": ";
        private static readonly string _messagePadding;
@ -47,19 +47,33 @@ namespace BTCPayServer.Logging
        [ThreadStatic]
        private static StringBuilder _logBuilder;

-        static CustomConsoleLogger()
+        static CustomerConsoleLogger()
        {
            var logLevelString = GetLogLevelString(LogLevel.Information);
            _messagePadding = new string(' ', logLevelString.Length + _loglevelPadding.Length);
            _newLineWithMessagePadding = Environment.NewLine + _messagePadding;
        }

-        public CustomConsoleLogger(string name, Func<string, LogLevel, bool> filter, bool includeScopes, ConsoleLoggerProcessor loggerProcessor)
+        public CustomerConsoleLogger(string name, Func<string, LogLevel, bool> filter, bool includeScopes)
+            : this(name, filter, includeScopes ? new LoggerExternalScopeProvider() : null, new ConsoleLoggerProcessor())
        {
-            Name = name ?? throw new ArgumentNullException(nameof(name));
-            Filter = filter ?? ((category, logLevel) => true);
-            IncludeScopes = includeScopes;
+        }

+        internal CustomerConsoleLogger(string name, Func<string, LogLevel, bool> filter, IExternalScopeProvider scopeProvider)
+            : this(name, filter, scopeProvider, new ConsoleLoggerProcessor())
+        {
+        }
+
+        internal CustomerConsoleLogger(string name, Func<string, LogLevel, bool> filter, IExternalScopeProvider scopeProvider, ConsoleLoggerProcessor loggerProcessor)
+        {
+            if (name == null)
+            {
+                throw new ArgumentNullException(nameof(name));
+            }
+
+            Name = name;
+            Filter = filter ?? ((category, logLevel) => true);
+            ScopeProvider = scopeProvider;
            _queueProcessor = loggerProcessor;

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
@ -80,7 +94,12 @@ namespace BTCPayServer.Logging
            }
            set
            {
-                _queueProcessor.Console = value ?? throw new ArgumentNullException(nameof(value));
+                if (value == null)
+                {
+                    throw new ArgumentNullException(nameof(value));
+                }
+
+                _queueProcessor.Console = value;
            }
        }

@ -92,13 +111,13 @@ namespace BTCPayServer.Logging
            }
            set
            {
-                _filter = value ?? throw new ArgumentNullException(nameof(value));
-            }
-        }
+                if (value == null)
+                {
+                    throw new ArgumentNullException(nameof(value));
+                }

-        public bool IncludeScopes
-        {
-            get; set;
+                _filter = value;
+            }
        }

        public string Name
@ -106,6 +125,16 @@ namespace BTCPayServer.Logging
            get;
        }

+        internal IExternalScopeProvider ScopeProvider
+        {
+            get; set;
+        }
+
+        public bool DisableColors
+        {
+            get; set;
+        }
+
        public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func<TState, Exception, string> formatter)
        {
            if (!IsEnabled(logLevel))
@ -154,10 +183,7 @@ namespace BTCPayServer.Logging
            while (lenAfter++ < 18)
                logBuilder.Append(" ");
            // scope information
-            if (IncludeScopes)
-            {
-                GetScopeInformation(logBuilder);
-            }
+            GetScopeInformation(logBuilder);

            if (!string.IsNullOrEmpty(message))
            {
@ -202,18 +228,15 @@ namespace BTCPayServer.Logging

        public bool IsEnabled(LogLevel logLevel)
        {
+            if (logLevel == LogLevel.None)
+            {
+                return false;
+            }
+
            return Filter(Name, logLevel);
        }

-        public IDisposable BeginScope<TState>(TState state)
-        {
-            if (state == null)
-            {
-                throw new ArgumentNullException(nameof(state));
-            }
-
-            return ConsoleLogScope.Push(Name, state);
-        }
+        public IDisposable BeginScope<TState>(TState state) => ScopeProvider?.Push(state) ?? NullScope.Instance;

        private static string GetLogLevelString(LogLevel logLevel)
        {
@ -238,6 +261,11 @@ namespace BTCPayServer.Logging

        private ConsoleColors GetLogLevelConsoleColors(LogLevel logLevel)
        {
+            if (DisableColors)
+            {
+                return new ConsoleColors(null, null);
+            }
+
            // We must explicitly set the background color if we are setting the foreground color,
            // since just setting one can look bad on the users console.
            switch (logLevel)
@ -259,30 +287,25 @@ namespace BTCPayServer.Logging
            }
        }

-        private void GetScopeInformation(StringBuilder builder)
+        private void GetScopeInformation(StringBuilder stringBuilder)
        {
-            var current = ConsoleLogScope.Current;
-            string scopeLog = string.Empty;
-            var length = builder.Length;
-
-            while (current != null)
+            var scopeProvider = ScopeProvider;
+            if (scopeProvider != null)
            {
-                if (length == builder.Length)
-                {
-                    scopeLog = $"=> {current}";
-                }
-                else
-                {
-                    scopeLog = $"=> {current} ";
-                }
+                var initialLength = stringBuilder.Length;

-                builder.Insert(length, scopeLog);
-                current = current.Parent;
-            }
-            if (builder.Length > length)
-            {
-                builder.Insert(length, _messagePadding);
-                builder.AppendLine();
+                scopeProvider.ForEachScope((scope, state) =>
+                {
+                    var (builder, length) = state;
+                    var first = length == builder.Length;
+                    builder.Append(first ? "=> " : " => ").Append(scope);
+                }, (stringBuilder, initialLength));
+
+                if (stringBuilder.Length > initialLength)
+                {
+                    stringBuilder.Insert(initialLength, _messagePadding);
+                    stringBuilder.AppendLine();
+                }
            }
        }

@ -333,9 +356,9 @@ namespace BTCPayServer.Logging
            // Start Console message queue processor
            _outputTask = Task.Factory.StartNew(
                ProcessLogQueue,
-                this,
-                default(CancellationToken),
-                TaskCreationOptions.LongRunning, TaskScheduler.Default);
+                state: this,
+                cancellationToken: default(CancellationToken),
+                creationOptions: TaskCreationOptions.LongRunning, scheduler: TaskScheduler.Default);
        }

        public virtual void EnqueueMessage(LogMessageEntry message)
--- a/BTCPayServer/Logging/InvoiceLog.cs
+++ b/BTCPayServer/Logging/InvoiceLog.cs
@ -0,0 +1,37 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer.Logging
+{
+    public class InvoiceLog
+    {
+        public DateTimeOffset Timestamp { get; set; }
+        public string Log { get; set; }
+
+        public override string ToString()
+        {
+            return $"{Timestamp.UtcDateTime}: {Log}";
+        }
+    }
+    public class InvoiceLogs
+    {
+        List<InvoiceLog> _InvoiceLogs = new List<InvoiceLog>();
+        public void Write(string data)
+        {
+            lock (_InvoiceLogs)
+            {
+                _InvoiceLogs.Add(new InvoiceLog() { Timestamp = DateTimeOffset.UtcNow, Log = data });
+            }
+        }
+
+        public List<InvoiceLog> ToList()
+        {
+            lock (_InvoiceLogs)
+            {
+                return _InvoiceLogs.ToList();
+            }
+        }
+    }
+}
--- a/BTCPayServer/Logging/Logs.cs
+++ b/BTCPayServer/Logging/Logs.cs
@ -15,9 +15,14 @@ namespace BTCPayServer.Logging
        }
        public static void Configure(ILoggerFactory factory)
        {
-            Configuration = factory.CreateLogger("Configuration");
-            PayServer = factory.CreateLogger("PayServer");
-            Events = factory.CreateLogger("Events");
+            if (factory == null)
+                Configure(new FuncLoggerFactory(n => NullLogger.Instance));
+            else
+            {
+                Configuration = factory.CreateLogger("Configuration");
+                PayServer = factory.CreateLogger("PayServer");
+                Events = factory.CreateLogger("Events");
+            }
        }
        public static ILogger Configuration
        {
--- a/BTCPayServer/Migrations/20170913143004_Init.cs
+++ b/BTCPayServer/Migrations/20170913143004_Init.cs
@ -12,10 +12,10 @@ namespace BTCPayServer.Migrations
                name: "AspNetRoles",
                columns: table => new
                {
-                    Id = table.Column<string>(type: "TEXT", nullable: false),
-                    ConcurrencyStamp = table.Column<string>(type: "TEXT", nullable: true),
-                    Name = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
-                    NormalizedName = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true)
+                    Id = table.Column<string>(nullable: false),
+                    ConcurrencyStamp = table.Column<string>(nullable: true),
+                    Name = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedName = table.Column<string>(maxLength: 256, nullable: true)
                },
                constraints: table =>
                {
@ -26,21 +26,21 @@ namespace BTCPayServer.Migrations
                name: "AspNetUsers",
                columns: table => new
                {
-                    Id = table.Column<string>(type: "TEXT", nullable: false),
-                    AccessFailedCount = table.Column<int>(type: "INTEGER", nullable: false),
-                    ConcurrencyStamp = table.Column<string>(type: "TEXT", nullable: true),
-                    Email = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
+                    Id = table.Column<string>(nullable: false),
+                    AccessFailedCount = table.Column<int>(nullable: false),
+                    ConcurrencyStamp = table.Column<string>(nullable: true),
+                    Email = table.Column<string>(maxLength: 256, nullable: true),
                    EmailConfirmed = table.Column<bool>(nullable: false),
                    LockoutEnabled = table.Column<bool>(nullable: false),
                    LockoutEnd = table.Column<DateTimeOffset>(nullable: true),
-                    NormalizedEmail = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
-                    NormalizedUserName = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
-                    PasswordHash = table.Column<string>(type: "TEXT", nullable: true),
-                    PhoneNumber = table.Column<string>(type: "TEXT", nullable: true),
+                    NormalizedEmail = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedUserName = table.Column<string>(maxLength: 256, nullable: true),
+                    PasswordHash = table.Column<string>(nullable: true),
+                    PhoneNumber = table.Column<string>(nullable: true),
                    PhoneNumberConfirmed = table.Column<bool>(nullable: false),
-                    SecurityStamp = table.Column<string>(type: "TEXT", nullable: true),
+                    SecurityStamp = table.Column<string>(nullable: true),
                    TwoFactorEnabled = table.Column<bool>(nullable: false),
-                    UserName = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true)
+                    UserName = table.Column<string>(maxLength: 256, nullable: true)
                },
                constraints: table =>
                {
@ -51,12 +51,12 @@ namespace BTCPayServer.Migrations
                name: "Stores",
                columns: table => new
                {
-                    Id = table.Column<string>(type: "TEXT", nullable: false),
-                    DerivationStrategy = table.Column<string>(type: "TEXT", nullable: true),
-                    SpeedPolicy = table.Column<int>(type: "INTEGER", nullable: false),
+                    Id = table.Column<string>(nullable: false),
+                    DerivationStrategy = table.Column<string>(nullable: true),
+                    SpeedPolicy = table.Column<int>(nullable: false),
                    StoreCertificate = table.Column<byte[]>(nullable: true),
-                    StoreName = table.Column<string>(type: "TEXT", nullable: true),
-                    StoreWebsite = table.Column<string>(type: "TEXT", nullable: true)
+                    StoreName = table.Column<string>(nullable: true),
+                    StoreWebsite = table.Column<string>(nullable: true)
                },
                constraints: table =>
                {
@ -67,11 +67,11 @@ namespace BTCPayServer.Migrations
                name: "AspNetRoleClaims",
                columns: table => new
                {
-                    Id = table.Column<int>(type: "INTEGER", nullable: false)
+                    Id = table.Column<int>(nullable: false)
                        .Annotation("Sqlite:Autoincrement", true),
-                    ClaimType = table.Column<string>(type: "TEXT", nullable: true),
-                    ClaimValue = table.Column<string>(type: "TEXT", nullable: true),
-                    RoleId = table.Column<string>(type: "TEXT", nullable: false)
+                    ClaimType = table.Column<string>(nullable: true),
+                    ClaimValue = table.Column<string>(nullable: true),
+                    RoleId = table.Column<string>(nullable: false)
                },
                constraints: table =>
                {
@ -88,11 +88,11 @@ namespace BTCPayServer.Migrations
                name: "AspNetUserClaims",
                columns: table => new
                {
-                    Id = table.Column<int>(type: "INTEGER", nullable: false)
+                    Id = table.Column<int>(nullable: false)
                        .Annotation("Sqlite:Autoincrement", true),
-                    ClaimType = table.Column<string>(type: "TEXT", nullable: true),
-                    ClaimValue = table.Column<string>(type: "TEXT", nullable: true),
-                    UserId = table.Column<string>(type: "TEXT", nullable: false)
+                    ClaimType = table.Column<string>(nullable: true),
+                    ClaimValue = table.Column<string>(nullable: true),
+                    UserId = table.Column<string>(nullable: false)
                },
                constraints: table =>
                {
@ -109,10 +109,10 @@ namespace BTCPayServer.Migrations
                name: "AspNetUserLogins",
                columns: table => new
                {
-                    LoginProvider = table.Column<string>(type: "TEXT", nullable: false),
-                    ProviderKey = table.Column<string>(type: "TEXT", nullable: false),
-                    ProviderDisplayName = table.Column<string>(type: "TEXT", nullable: true),
-                    UserId = table.Column<string>(type: "TEXT", nullable: false)
+                    LoginProvider = table.Column<string>(nullable: false),
+                    ProviderKey = table.Column<string>(nullable: false),
+                    ProviderDisplayName = table.Column<string>(nullable: true),
+                    UserId = table.Column<string>(nullable: false)
                },
                constraints: table =>
                {
@ -129,8 +129,8 @@ namespace BTCPayServer.Migrations
                name: "AspNetUserRoles",
                columns: table => new
                {
-                    UserId = table.Column<string>(type: "TEXT", nullable: false),
-                    RoleId = table.Column<string>(type: "TEXT", nullable: false)
+                    UserId = table.Column<string>(nullable: false),
+                    RoleId = table.Column<string>(nullable: false)
                },
                constraints: table =>
                {
@ -153,10 +153,10 @@ namespace BTCPayServer.Migrations
                name: "AspNetUserTokens",
                columns: table => new
                {
-                    UserId = table.Column<string>(type: "TEXT", nullable: false),
-                    LoginProvider = table.Column<string>(type: "TEXT", nullable: false),
-                    Name = table.Column<string>(type: "TEXT", nullable: false),
-                    Value = table.Column<string>(type: "TEXT", nullable: true)
+                    UserId = table.Column<string>(nullable: false),
+                    LoginProvider = table.Column<string>(nullable: false),
+                    Name = table.Column<string>(nullable: false),
+                    Value = table.Column<string>(nullable: true)
                },
                constraints: table =>
                {
@ -173,15 +173,15 @@ namespace BTCPayServer.Migrations
                name: "Invoices",
                columns: table => new
                {
-                    Id = table.Column<string>(type: "TEXT", nullable: false),
+                    Id = table.Column<string>(nullable: false),
                    Blob = table.Column<byte[]>(nullable: true),
                    Created = table.Column<DateTimeOffset>(nullable: false),
-                    CustomerEmail = table.Column<string>(type: "TEXT", nullable: true),
-                    ExceptionStatus = table.Column<string>(type: "TEXT", nullable: true),
-                    ItemCode = table.Column<string>(type: "TEXT", nullable: true),
-                    OrderId = table.Column<string>(type: "TEXT", nullable: true),
-                    Status = table.Column<string>(type: "TEXT", nullable: true),
-                    StoreDataId = table.Column<string>(type: "TEXT", nullable: true)
+                    CustomerEmail = table.Column<string>(nullable: true),
+                    ExceptionStatus = table.Column<string>(nullable: true),
+                    ItemCode = table.Column<string>(nullable: true),
+                    OrderId = table.Column<string>(nullable: true),
+                    Status = table.Column<string>(nullable: true),
+                    StoreDataId = table.Column<string>(nullable: true)
                },
                constraints: table =>
                {
@ -198,9 +198,9 @@ namespace BTCPayServer.Migrations
                name: "UserStore",
                columns: table => new
                {
-                    ApplicationUserId = table.Column<string>(type: "TEXT", nullable: false),
-                    StoreDataId = table.Column<string>(type: "TEXT", nullable: false),
-                    Role = table.Column<string>(type: "TEXT", nullable: true)
+                    ApplicationUserId = table.Column<string>(nullable: false),
+                    StoreDataId = table.Column<string>(nullable: false),
+                    Role = table.Column<string>(nullable: true)
                },
                constraints: table =>
                {
@ -223,9 +223,9 @@ namespace BTCPayServer.Migrations
                name: "Payments",
                columns: table => new
                {
-                    Id = table.Column<string>(type: "TEXT", nullable: false),
+                    Id = table.Column<string>(nullable: false),
                    Blob = table.Column<byte[]>(nullable: true),
-                    InvoiceDataId = table.Column<string>(type: "TEXT", nullable: true)
+                    InvoiceDataId = table.Column<string>(nullable: true)
                },
                constraints: table =>
                {
@ -242,9 +242,9 @@ namespace BTCPayServer.Migrations
                name: "RefundAddresses",
                columns: table => new
                {
-                    Id = table.Column<string>(type: "TEXT", nullable: false),
+                    Id = table.Column<string>(nullable: false),
                    Blob = table.Column<byte[]>(nullable: true),
-                    InvoiceDataId = table.Column<string>(type: "TEXT", nullable: true)
+                    InvoiceDataId = table.Column<string>(nullable: true)
                },
                constraints: table =>
                {
--- a/Show More
+++ b/Show More