Difference between revisions of "MtGox/API/HTTP"

From Bitcoin Wiki
Jump to: navigation, search
(Create)
 
(Creation)
Line 3: Line 3:
 
* [[MtGox/API/HTTP/v0|Version 0]]
 
* [[MtGox/API/HTTP/v0|Version 0]]
 
* [[MtGox/API/HTTP/v1|Version 1]]
 
* [[MtGox/API/HTTP/v1|Version 1]]
 +
 +
All HTTP API requests are sent to URLs beginning with<nowiki>https://mtgox.com/api/*</nowiki>. It allows placing orders, performing withdrawls, deposits, and other things. 
 +
 +
There is a [https://rubygems.org/gems/mtgox|Ruby gem] and a [[Finance::MtGox|Perl module]] available for interacting with the HTTP API.
 +
 +
=== Authentication ===
 +
 +
 +
Authentication is performed by signing each request using HMAC-SHA512. The request must contain an extra value "nonce" which must be an always incrementing numeric value.  A reference implementation is provided here:
 +
<source lang="php">
 +
<?php
 +
 +
function mtgox_query($path, array $req = array()) {
 +
// API settings
 +
$key = '';
 +
$secret = '';
 +
 +
// generate a nonce as microtime, with as-string handling to avoid problems with 32bits systems
 +
$mt = explode(' ', microtime());
 +
$req['nonce'] = $mt[1].substr($mt[0], 2, 6);
 +
 +
// generate the POST data string
 +
$post_data = http_build_query($req, '', '&');
 +
 +
// generate the extra headers
 +
$headers = array(
 +
'Rest-Key: '.$key,
 +
'Rest-Sign: '.base64_encode(hash_hmac('sha512', $post_data, base64_decode($secret), true)),
 +
);
 +
 +
// our curl handle (initialize if required)
 +
static $ch = null;
 +
if (is_null($ch)) {
 +
$ch = curl_init();
 +
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 +
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MtGox PHP client; '.php_uname('s').'; PHP/'.phpversion().')');
 +
}
 +
curl_setopt($ch, CURLOPT_URL, 'https://mtgox.com/api/'.$path);
 +
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
 +
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
 +
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
 +
 +
// run the query
 +
$res = curl_exec($ch);
 +
if ($res === false) throw new Exception('Could not get reply: '.curl_error($ch));
 +
$dec = json_decode($res, true);
 +
if (!$dec) throw new Exception('Invalid data received, please make sure connection is working and requested API exists');
 +
return $dec;
 +
}
 +
 +
// example 1: get infos about the account, plus the list of rights we have access to
 +
var_dump(mtgox_query('0/info.php'));
 +
 +
// old api (get funds)
 +
var_dump(mtgox_query('0/getFunds.php'));
 +
 +
// trade example
 +
// var_dump(mtgox_query('0/buyBTC.php', array('amount' => 1, 'price' => 15)));
 +
</source>
 +
 +
Python version here: https://bitcointalk.org/index.php?topic=49789.msg592388#msg592388
 +
 +
=== Cache ===
 +
 +
All of the API methods below have cached results, ticker, depth . . . have a 10 seconds cache .
 +
No need to poll more often, you wont have more results, you could just be blocked by the prolexic anti ddos features.

Revision as of 12:47, 28 February 2012

Two versions of the HTTP API are currently available:

All HTTP API requests are sent to URLs beginning withhttps://mtgox.com/api/*. It allows placing orders, performing withdrawls, deposits, and other things.

There is a gem and a Perl module available for interacting with the HTTP API.

Authentication

Authentication is performed by signing each request using HMAC-SHA512. The request must contain an extra value "nonce" which must be an always incrementing numeric value. A reference implementation is provided here:

<?php

function mtgox_query($path, array $req = array()) {
	// API settings
	$key = '';
	$secret = '';

	// generate a nonce as microtime, with as-string handling to avoid problems with 32bits systems
	$mt = explode(' ', microtime());
	$req['nonce'] = $mt[1].substr($mt[0], 2, 6);

	// generate the POST data string
	$post_data = http_build_query($req, '', '&');

	// generate the extra headers
	$headers = array(
		'Rest-Key: '.$key,
		'Rest-Sign: '.base64_encode(hash_hmac('sha512', $post_data, base64_decode($secret), true)),
	);

	// our curl handle (initialize if required)
	static $ch = null;
	if (is_null($ch)) {
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MtGox PHP client; '.php_uname('s').'; PHP/'.phpversion().')');
	}
	curl_setopt($ch, CURLOPT_URL, 'https://mtgox.com/api/'.$path);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

	// run the query
	$res = curl_exec($ch);
	if ($res === false) throw new Exception('Could not get reply: '.curl_error($ch));
	$dec = json_decode($res, true);
	if (!$dec) throw new Exception('Invalid data received, please make sure connection is working and requested API exists');
	return $dec;
}

// example 1: get infos about the account, plus the list of rights we have access to
var_dump(mtgox_query('0/info.php'));

// old api (get funds)
var_dump(mtgox_query('0/getFunds.php'));

// trade example
// var_dump(mtgox_query('0/buyBTC.php', array('amount' => 1, 'price' => 15)));

Python version here: https://bitcointalk.org/index.php?topic=49789.msg592388#msg592388

Cache

All of the API methods below have cached results, ticker, depth . . . have a 10 seconds cache . No need to poll more often, you wont have more results, you could just be blocked by the prolexic anti ddos features.