API v2 documentation

Server Time - 6.27 20 Feb

BTC Price - $1038.2

LTC Price - $2.93999

Introduction

API v2 is our current stable API that should be used to interact with cryptonit. API v2 completely relies on OAuth/OAuth2. This enables direct access to the site functions by setting a proper "Authentication" header in your API requests.
If you are not going to trade on cryptonit but just want to get last rate, list all orders for some pair, list completed transaction for some pair then you can use our Public API, it does not require any authentication, so you can start using it within some minutes even without registering yourself at cryptonit

API Key (token)

In order to get API OAuth2 key you must be logged in. Then go to API menu section on your right, select appropriate permissions for the security token and create it.

Pay attention that you must have at least one authenticator added to your account, otherwise you will not be able to confirm creation procedure. API key gives a lot of power over your account so it can be created only after you have made your account 2-Factor-Authentication ready. You can refer to our video tutorials if you do not understand how to add authenticators to your account (though it is really easy).

In order to authenticate yourself when talking with cryptonit server your API key (token) must be passed in API http requests as a separate header in the following way:
"Authorization: Bearer <your token>"You will see it in all PHP examples below.

Responsibilities

API key that will be used in your HTTP requests allows to perform critical actions over your account (withdraw funds, set/cancel orders) so as soon as you create it - it is your full responsibility to keep it safe. If your authentication header is leaked to unverified servers, there is a high possibility that attackers can use this authentication token to clear your funds.
It is you as user of the API v2 to ensure that you are always communicating with us.

Security

Having such reduced requirements of authentications and signatures the arises this bring enough security. In fact, yes. Major internet companies as Facebook, Google, Yahoo etc. already using OAuth2 activily and no concern arising. The reason for its security is to rely on SSL and the users responsibility the verify the identity of the server. This simple change makes access very simple and easy. There is no need to calculate signatures or any other authorization tokens of low security.

HTTPS

As you have always to verify that you are actually talking with cryptonit and not a man-in-the-middle, you must always use HTTPS when connecting to our servers. If you should even once connect to cryptonit services without HTTPS connection your authentication token might be comprised and used by attackers.

Certificate Verification

When connecting via HTTPS you also must verify the certificate. Otherwise you cannot be sure to talk with cryptonit. To do this you can either setup your on certificate store which only contains the certificate chain of cryptonit or simply compare the fingerprints.
The fingerprints of cryptonit are:

SHA256: D4 58 34 0E D9 D1 60 7F 23 F4 64 60 3A 95 EC 51 4C 00 C8 13 89 B4 FA 2C DC 0F 9F 4B CB A6 83 ABSHA1: F1 61 51 FC FF 4A 6F 88 9B 2E B9 8B 95 E2 31 29 9C B4 74 27MD5: EC 41 F8 27 DA 67 2F 45 46 75 60 0A 53 F5 CE CB

Nonce paramenter

You may see in our examples nonce paramenter that is used widely. It is mandatory parameter that is used while communicating with cryptonit. Nonce parameter is needed to disallow our server to serve similar requests that may go one by one as a result of some connection error. For this reason nonce is a numeric value that must always increase with the next request. Last nonce value is stored for every API key. So even if you didnt use some of your API keys for a long time, after interruption nonce value for this API key must be greater than the last used value passed to cryptonit server. A good advise is to use microtime() php function to generate nonce value.

Tags: