MtGox/API/HTTP: Difference between revisions
Create |
Creation |
||
Line 3: | Line 3: | ||
* [[MtGox/API/HTTP/v0|Version 0]] | * [[MtGox/API/HTTP/v0|Version 0]] | ||
* [[MtGox/API/HTTP/v1|Version 1]] | * [[MtGox/API/HTTP/v1|Version 1]] | ||
All HTTP API requests are sent to URLs beginning with<nowiki>https://mtgox.com/api/*</nowiki>. It allows placing orders, performing withdrawls, deposits, and other things. | |||
There is a [https://rubygems.org/gems/mtgox|Ruby gem] and a [[Finance::MtGox|Perl module]] available for interacting with the HTTP API. | |||
=== Authentication === | |||
Authentication is performed by signing each request using HMAC-SHA512. The request must contain an extra value "nonce" which must be an always incrementing numeric value. A reference implementation is provided here: | |||
<source lang="php"> | |||
<?php | |||
function mtgox_query($path, array $req = array()) { | |||
// API settings | |||
$key = ''; | |||
$secret = ''; | |||
// generate a nonce as microtime, with as-string handling to avoid problems with 32bits systems | |||
$mt = explode(' ', microtime()); | |||
$req['nonce'] = $mt[1].substr($mt[0], 2, 6); | |||
// generate the POST data string | |||
$post_data = http_build_query($req, '', '&'); | |||
// generate the extra headers | |||
$headers = array( | |||
'Rest-Key: '.$key, | |||
'Rest-Sign: '.base64_encode(hash_hmac('sha512', $post_data, base64_decode($secret), true)), | |||
); | |||
// our curl handle (initialize if required) | |||
static $ch = null; | |||
if (is_null($ch)) { | |||
$ch = curl_init(); | |||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |||
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MtGox PHP client; '.php_uname('s').'; PHP/'.phpversion().')'); | |||
} | |||
curl_setopt($ch, CURLOPT_URL, 'https://mtgox.com/api/'.$path); | |||
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); | |||
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); | |||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); | |||
// run the query | |||
$res = curl_exec($ch); | |||
if ($res === false) throw new Exception('Could not get reply: '.curl_error($ch)); | |||
$dec = json_decode($res, true); | |||
if (!$dec) throw new Exception('Invalid data received, please make sure connection is working and requested API exists'); | |||
return $dec; | |||
} | |||
// example 1: get infos about the account, plus the list of rights we have access to | |||
var_dump(mtgox_query('0/info.php')); | |||
// old api (get funds) | |||
var_dump(mtgox_query('0/getFunds.php')); | |||
// trade example | |||
// var_dump(mtgox_query('0/buyBTC.php', array('amount' => 1, 'price' => 15))); | |||
</source> | |||
Python version here: https://bitcointalk.org/index.php?topic=49789.msg592388#msg592388 | |||
=== Cache === | |||
All of the API methods below have cached results, ticker, depth . . . have a 10 seconds cache . | |||
No need to poll more often, you wont have more results, you could just be blocked by the prolexic anti ddos features. |
Revision as of 12:47, 28 February 2012
Two versions of the HTTP API are currently available:
All HTTP API requests are sent to URLs beginning withhttps://mtgox.com/api/*. It allows placing orders, performing withdrawls, deposits, and other things.
There is a gem and a Perl module available for interacting with the HTTP API.
Authentication
Authentication is performed by signing each request using HMAC-SHA512. The request must contain an extra value "nonce" which must be an always incrementing numeric value. A reference implementation is provided here:
<?php
function mtgox_query($path, array $req = array()) {
// API settings
$key = '';
$secret = '';
// generate a nonce as microtime, with as-string handling to avoid problems with 32bits systems
$mt = explode(' ', microtime());
$req['nonce'] = $mt[1].substr($mt[0], 2, 6);
// generate the POST data string
$post_data = http_build_query($req, '', '&');
// generate the extra headers
$headers = array(
'Rest-Key: '.$key,
'Rest-Sign: '.base64_encode(hash_hmac('sha512', $post_data, base64_decode($secret), true)),
);
// our curl handle (initialize if required)
static $ch = null;
if (is_null($ch)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MtGox PHP client; '.php_uname('s').'; PHP/'.phpversion().')');
}
curl_setopt($ch, CURLOPT_URL, 'https://mtgox.com/api/'.$path);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
// run the query
$res = curl_exec($ch);
if ($res === false) throw new Exception('Could not get reply: '.curl_error($ch));
$dec = json_decode($res, true);
if (!$dec) throw new Exception('Invalid data received, please make sure connection is working and requested API exists');
return $dec;
}
// example 1: get infos about the account, plus the list of rights we have access to
var_dump(mtgox_query('0/info.php'));
// old api (get funds)
var_dump(mtgox_query('0/getFunds.php'));
// trade example
// var_dump(mtgox_query('0/buyBTC.php', array('amount' => 1, 'price' => 15)));
Python version here: https://bitcointalk.org/index.php?topic=49789.msg592388#msg592388
Cache
All of the API methods below have cached results, ticker, depth . . . have a 10 seconds cache . No need to poll more often, you wont have more results, you could just be blocked by the prolexic anti ddos features.