MtGox API version 2: Unofficial Documentation - page 9.

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

Quote from: MikeH on April 16, 2013, 05:50:53 AM

I've only posted perl code.. is that what you ran?

paste your java equivalent of the following:

my $nonce = 'nonce=' . sprintf "%d", gettimeofday * 1e6;
my $hash_data = $method . chr(0) . $nonce . $args;

my $req = HTTP::Request->new(POST => 'https://data.mtgox.com/api/2/' . $method );
$req->content_type('application/x-www-form-urlencoded');
$req->content($nonce . $args);
$req->header('Rest-Key' => $key);
$req->header('Rest-Sign' => encode_base64( hmac_sha512( $hash_data, decode_base64($secret) ) ));

my $result = $lwp->request($req);

Hi Mike, thanks for your support. However, if you go back in this conversation you can follow the track of the java discussion .

MikeH

sr. member

Activity: 406

Merit: 250

I've only posted perl code.. is that what you ran?

paste your java equivalent of the following:

my $nonce = 'nonce=' . sprintf "%d", gettimeofday * 1e6;
my $hash_data = $method . chr(0) . $nonce . $args;

my $req = HTTP::Request->new(POST => 'https://data.mtgox.com/api/2/' . $method );
$req->content_type('application/x-www-form-urlencoded');
$req->content($nonce . $args);
$req->header('Rest-Key' => $key);
$req->header('Rest-Sign' => encode_base64( hmac_sha512( $hash_data, decode_base64($secret) ) ));

my $result = $lwp->request($req);

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

Quote from: MikeH on April 16, 2013, 05:14:00 AM

works via POST for me - should paste the rest of the code in question.

I receive this error when "POSTing" it : {"result":"error","error":"Invalid request method for this API","token":"invalid_request_method"}

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

Spotted new difference between your code

Code:

HttpsURLConnection c = (HttpsURLConnection)query.openConnection();

and my code

Code:

HttpURLConnection connection = (HttpURLConnection)query.openConnection();

still missing_nonce_error.

Plus, I don't understand howcome it works for you without specifying the keystore file .... :\ To make your code work I had to add the keystore to it! (And yes, it works with the same api keys I'm try to use)

MikeH

sr. member

Activity: 406

Merit: 250

works via POST for me - should paste the rest of the code in question.

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

update : the call to the ticker works only via GET

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

Thanks! My today's resolution is : don't go to sleep unless it works.

So, lets try to capture exceptions and errors:

Code:

            if (connection.getResponseCode() != 200) {
                 BufferedReader errBr = new BufferedReader(new InputStreamReader((connection.getErrorStream())));
                
			System.err.println("Failed : HTTP error code : "
					+ connection.getResponseCode() + " \n Response message:"
                                        + connection.getResponseMessage() + " \n Permission :"
                                        + connection.getPermission());
                         String output;
                         System.out.println("Error Stream: : \n"); //TODO Remove
                         while ((output = errBr.readLine()) != null) {
                            System.err.println(output);

                    }                                          
		}

And here we go baby :

Code:

Failed : HTTP error code : 403 
Response message:Forbidden 
Permission :("java.net.SocketPermission" "data.mtgox.com:80" "connect,resolve")
Error Stream: {"result":"error","error":"Identification required to access private API","token":"login_error_missing_nonce"}

missing nonce?

nitrous

sr. member

Activity: 246

Merit: 250

Quote from: MikeH on April 15, 2013, 01:47:53 PM

not sure if it's an issue with v2 but others have had probs with their nonce not being long enough, something to keep in mind - but remember if you fiddle with it, you can't make it shorter again

don't know the requirement but mine's working at 16 chars.

Yeah I noticed that recently, but testing today with a separate API key I found 13 also seems to work, so millisecond time should also be ok. I'll put it on my todo list to find the minimum length at some point

MikeH

sr. member

Activity: 406

Merit: 250

not sure if it's an issue with v2 but others have had probs with their nonce not being long enough, something to keep in mind - but remember if you fiddle with it, you can't make it shorter again

don't know the requirement but mine's working at 16 chars.

nitrous

sr. member

Activity: 246

Merit: 250

Quote from: advanced on April 15, 2013, 11:42:00 AM

ah, really? :\ Huh

Writing this client is driving me nuts.

This is the behaviour at the moment :
Doing nothing or specifing the request method with this line :

Code:

connection.setRequestMethod("GET");

allows me to read the ticker and gives me the 403 on my info.

Using post, on the other hand, stars giving me a HTTP 500 on the ticker! (and still 403 on the info)

Code:

connection.setRequestMethod("POST");

/code]

This is everything I was able to get so far... unfortunately not any JSON.

Code:

Failed : HTTP error code : 403 -
Server returned HTTP response code: 403 for URL: https://data.mtgox.com/api/2/money/info
Forbidden("java.net.SocketPermission" "data.mtgox.com:80" "connect,resolve")
Apr 15, 2013 6:39:36 PM io.botcoin.api.MtGox query

Your code is so close to working, which makes it that much more frustrating. It must be some small, easy to miss, error. Anyway, I quickly wrote this using my own basic API as a reference: http://pastebin.com/SmrxuJQj

I was able to get it to work, so if you compare each line hopefully you'll finally find whatever's causing the problem

Also, I found a way to get the JSON even with the IOException: declare the query function as throwing java.io.Exception, then you can check the response code of the connection - if it is >= 400, use getErrorStream instead of getInputStream, hopefully this will help you debug.

Note: I added "000" to the nonce because my api uses miroseconds, and otherwise I would be rejected by the server, feel free to remove them as your nonces are milliseconds.

nitrous

sr. member

Activity: 246

Merit: 250

Quote from: bittencoin on April 15, 2013, 12:30:52 PM

Thank you Nitrous. I will test it out and report back. But by looking at the original template code from mtgox, I can see why it does not work now.

This block of code is suppose to check if the "path" is api version 2

Code:

$prefix = '';
	if (substr($path, 0, 2) == '2/') {
		$prefix = substr($path, 2)."\0";
	}

the check is supposed to look for the "2/" at end of the string, but in this case the $path variable is "BTCUSD/money/ticker" and does not contain the "2/". If I am correct, the original code tried to look for the "2/" in the wrong string, it should be looking for the version in the base url

Code:

https://data.mtgox.com/api/2/

using the code

Code:

substr($path, -2, 2) == '2/'

. So if that is fixed, then you don't need to hard code the null character into the REST sign.

UPDATE:

Here is my fix of that block of code

Code:

$prefix = '';
	$baseurl = 'https://data.mtgox.com/api/2/';
	if (substr($baseurl, -2, 2) == '2/') {
		$prefix = $path."\0";
		
	}

Ok, let me know how it goes, your code is very close to working, the error you received was simply not signing the request properly, which the above should fix

bittencoin

member

Activity: 83

Merit: 10

Quote from: nitrous on April 15, 2013, 08:43:07 AM

Quote from: bittencoin on April 15, 2013, 03:01:43 AM

Hi Nitrous,

I tried to read and follow your guide to try to pull up some data, but I am getting errors in the response when I just try to get the ticker info.

array(3) { ["result"]=> string(5) "error" ["error"]=> string(20) "Chosen API not found" ["token"]=> string(13) "unknown_error" }

Basically, all I did was taking the example php template and put in my api key and secret (not shown here), and changed the base URL to

Code:

https://data.mtgox.com/api/2/

and changed the path to

Code:

BTCUSD/money/ticker

but the var dump says Chosen API not found. I tested with many new api key/secret codes, but that appears not to be the source of the problem. Any insight is appreciated. Thank you.

Hi bittencoin,

You are correct that the API code and secret are not the problem, the problem is with this part of your code:

Quote from: bittencoin on April 15, 2013, 03:01:43 AM

Code:

	$prefix = '';
	if (substr($path, 0, 2) == '2/') {
		$prefix = substr($path, 2)."\0";
	}
 
	// generate the extra headers
	$headers = array(
		'Rest-Key: '.$key,
		'Rest-Sign: '.base64_encode(hash_hmac('sha512', $prefix.$post_data, base64_decode($secret), true)),
	);

Your prefix is empty in a normal scenario, instead, you should change this code to the following:

Code:

	$prefix = $path;
	if (substr($path, 0, 2) == '2/') {
		$prefix = substr($path, 2);
	}
 
	// generate the extra headers
	$headers = array(
		'Rest-Key: '.$key,
		'Rest-Sign: '.base64_encode(hash_hmac('sha512', $prefix."\0".$post_data, base64_decode($secret), true)),
	);

I have made sure your prefix variable contains the path, and I've moved the null character into the rest-sign to make sure it's always included. This code worked for me after doing those fixes

Thank you Nitrous. I will test it out and report back. But by looking at the original template code from mtgox, I can see why it does not work now.

This block of code is suppose to check if the "path" is api version 2

Code:

$prefix = '';
	if (substr($path, 0, 2) == '2/') {
		$prefix = substr($path, 2)."\0";
	}

the check is supposed to look for the "2/" at end of the string, but in this case the $path variable is "BTCUSD/money/ticker" and does not contain the "2/". If I am correct, the original code tried to look for the "2/" in the wrong string, it should be looking for the version in the base url

Code:

https://data.mtgox.com/api/2/

using the code

Code:

substr($path, -2, 2) == '2/'

. So if that is fixed, then you don't need to hard code the null character into the REST sign.

UPDATE:

Here is my fix of that block of code

Code:

$prefix = '';
	$baseurl = 'https://data.mtgox.com/api/2/';
	if (substr($baseurl, -2, 2) == '2/') {
		$prefix = $path."\0";
		
	}

MikeH

sr. member

Activity: 406

Merit: 250

if only the world would settle on 1 language.

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

ah, really? :\ Huh

Writing this client is driving me nuts.

This is the behaviour at the moment :
Doing nothing or specifing the request method with this line :

Code:

connection.setRequestMethod("GET");

allows me to read the ticker and gives me the 403 on my info.

Using post, on the other hand, stars giving me a HTTP 500 on the ticker! (and still 403 on the info)

Code:

connection.setRequestMethod("POST");

/code]

This is everything I was able to get so far... unfortunately not any JSON.

Code:

Failed : HTTP error code : 403 -
Server returned HTTP response code: 403 for URL: https://data.mtgox.com/api/2/money/info
Forbidden("java.net.SocketPermission" "data.mtgox.com:80" "connect,resolve")
Apr 15, 2013 6:39:36 PM io.botcoin.api.MtGox query

nitrous

sr. member

Activity: 246

Merit: 250

Quote from: advanced on April 15, 2013, 11:24:06 AM

All right, I'll try to get that JSON right away. In the meantime another question: is it correct that the HTTP requests are GETs, right?

I should have spotted that! No, it's POST. I'm surprised you managed to get money/ticker working without POST but yes, you need to send the post_data by POST during the connection.

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

All right, I'll try to get that JSON right away. In the meantime another question: is it correct that the HTTP requests are GETs, right?

nitrous

sr. member

Activity: 246

Merit: 250

Quote from: advanced on April 15, 2013, 10:52:03 AM

Thanks, as always!

I've found out about that method by reading through the pdfs @ https://github.com/MtGox/mtgox-doc/tree/master/api , it seems quite useful.

Quote

BTCUSD/money/info isn't technically the method, the actual method is money/info, but it can be accessed with a currency context as well. money/info gives your account details, including all the currency wallets you have, so if you have an EUR wallet, it will show up, as well as your BTC wallet, and any other currencies

Are you sure? I tried removing the BTCUSD from the ticker ending with (money/ticker) and I get a http 500.

Quote

Do you know what the response is that comes with the 403 error? Your function should still generate and return the answer, right?

Actually I'm afraid that I can't get the answer as the instruction to read the http inputstream throws the IOException... I'll try to go back to the buffer example to be able to read the answer from there

With money/ticker, a currency context is required as it returns information specific to a given currency, but money/info does not require a context as it is independent of the currency - it just returns an informative overview of your entire account (all wallets inclusive), so you can call BTCUSD/money/info if you want, but it's really just redirecting to money/info.

Could you catch the exception or is the response data completely blocked from you? The JSON response should contain an error key pointing to the problem, although it can be somewhat cryptic.

nitrous

sr. member

Activity: 246

Merit: 250

Quote from: MikeH on April 15, 2013, 10:47:24 AM

Quote from: nitrous on April 15, 2013, 09:35:01 AM

I also recommend making sure you join your arguments to your nonce properly using the following, and updating it wherever necessay:

Code:

my $post_data = $nonce . ($args == '' ? '' : '&' . $args);
my $hash_data = $method . chr(0) . $post_data;

I think it's ok as it is - the ? doesn't seem to be required in post data and I'm supplying the args in full:

print Dumper __request('BTCUSD/money/order/add', "&type=$type&amount_int=$amount");

I've created and cancelled orders with it anyway so seems fine.

Oh sorry, yeah if you pass it with a leading ampersand it's most definitely fine, yeah that works great then

Quote from: MikeH on April 15, 2013, 10:35:10 AM

403 probably means failed authentication - I don't think the post data should contain the method should it? (as shown above)

mine works with just nonce + any other arguments.

The API can return 403 for quite a few different reasons (wrong API key, bad nonce, etc), but it usually hints in the JSON the specific reason for the error.
post_data_mac is the equivalent of your $hash_data

advanced

sr. member

Activity: 267

Merit: 250

Woodwallets.io

Thanks, as always!

I've found out about that method by reading through the pdfs @ https://github.com/MtGox/mtgox-doc/tree/master/api , it seems quite useful.

Quote

BTCUSD/money/info isn't technically the method, the actual method is money/info, but it can be accessed with a currency context as well. money/info gives your account details, including all the currency wallets you have, so if you have an EUR wallet, it will show up, as well as your BTC wallet, and any other currencies

Are you sure? I tried removing the BTCUSD from the ticker ending with (money/ticker) and I get a http 500.

Quote

Do you know what the response is that comes with the 403 error? Your function should still generate and return the answer, right?

Actually I'm afraid that I can't get the answer as the instruction to read the http inputstream throws the IOException... I'll try to go back to the buffer example to be able to read the answer from there

MikeH

sr. member

Activity: 406

Merit: 250

Quote from: nitrous on April 15, 2013, 09:35:01 AM

I also recommend making sure you join your arguments to your nonce properly using the following, and updating it wherever necessay:

Code:

my $post_data = $nonce . ($args == '' ? '' : '&' . $args);
my $hash_data = $method . chr(0) . $post_data;

I think it's ok as it is - the ? doesn't seem to be required in post data and I'm supplying the args in full:

print Dumper __request('BTCUSD/money/order/add', "&type=$type&amount_int=$amount");

I've created and cancelled orders with it anyway so seems fine.

Topic: MtGox API version 2: Unofficial Documentation - page 9. (Read 62513 times)