API documentation (depricated)

Server Time - 22.17 24 Apr

BTC Price - $493.096

LTC Price - $12.0489

User login

Introduction

cryptonit offers an application programming interface (API) to interact with the provided services. In general we try to follow the CRUD pattern (Create, Retrieve, Update, Delete) + Index. However, update and delete may not be directly available for certain kind of data. To use the API you have to perform several steps which vary on the method you want to use and will be explained for each method separately. cryptonit may provide new, change or remove certain methods in future. Please check the site from time to time for such announcements. The interface of cryptonit cannot be accessed without a proper user account! Account registration is for free and immediately available. This is to prevent excessive hammering on our interface taking away resource. Please keep this in mind when accessing our API.

User-agent

For all your requests please set a proper "User-agent". This is not a requirement for now but a question of good manner. We may use this information in future to block botnets or other miss-behaving interactions with our services.

Data format

cryptonit supports two formats for communication: XML and JSON. For both formats there are free parsers for nearly all programming languages available. However, due to its smaller fingerprint we recommend to use JSON. You can define the data format you are sending and you are expecting in the header of your request. Ideally the formats are the same, but you can also mix them as you like. To set the data format you want to retrieve from the server set: 'Accept: application/json' and 'Content-Type: application/json'. In this example we want to work with JSON.

Interfaces

The interface of the cryptonit API is accessible under https://cryptonit.net/api/* where the last part depends on the certain object you want to perform an action on.

Indexing

To receive a list of several objects as for example accounts, transactions, orders etc. you can perform a GET request on the object of interest. The corresponding URL would result in: https://cryptonit.net/api/<object_type> In this URL you can also pass query parameters for some objects by appending ?property=. This is especially interesting for indexing orders. The location for indexing will not change frequently, but we may add new parameters for querying depending on user request.

Retrieving

As indexing mostly provides a compressed list of objects retrieving one certain object sometimes provides more information. To retrieve all details of a certain object you must first know its unique ID. To get this ID you may want to perform an indexing query against the API. Having the ID of the object one can perform a "GET" request against: https://cryptonit.net/api/<object_type>/

Creating

Creating of a new object is in general done by sending a "POST" request with your data to the object's interface. Please define the proper data format in the header before posting. The general URL pattern for posting is: https://cryptonit.net/api/<object_type>. Since posting is a critical action it requires some additional information beside the data of the object. These are mainly some security tokens and sometimes a signature. See below for the security measures implemented.

Security

Security is one of the most important aspect in our API. We hace decided to require 4 layers to protect you and us from miss-use and abuse. These layers are:

  • Login token
  • Cross-Site-Request-Forgery token
  • Signature
  • Nonce token

These may look over-kill, but we are working with your assets and do not want to risk to lose them due to attacks. Since it is an application programming interface it should not be much burden to fulfill the requirements. We may change, add or remove layers in future. Please be aware of announcements in our news section.

Login token

The login token is received by posting your typical login data consisting of username and password. This login token is nothing different than the session id typically stored in a cookie in your browser. This cookie is used to identify you and let you interact with your accounts, orders etc. The login token is required for ALL methods.

Cross-Site-Request-Forgery token

The Cross-Site-Request-Forgery (CSRF) token is a mean to protect you from performing actions you have not initiated. This unrequested actions may injected by an attacker to withdraw your coins or to fill his/her orders. Due to other security measures implemented for our services this might be dropped in future. The CSRF token is required for SOME methods.

Signature

The signature is a mean to ensure data integrity. It confirms that action done in the request is confirmed by you and no data has been altered on the way from your computer to our servers. For this signature we are working with a private/public key structure which is much safer than any kind of hashing as often used by other sites. Especially with the availability of fast ASIC hashing devices all signatures based on hashes can be broken in reasonable time by an attacker. Our signature comes with higher processing time on your computer but we believe the high security gain is worth doing. The Signature is required for SOME methods.

Nonce

The nonce token protects you from replay attacks. If the same request arrives from your servers twice, the second request is ignored. This is especially important if you want to send funds outside of your servers. If the receiving address is controlled by an attacker, he could resend your request until your wallet is empty. The Nonce is required for SOME methods.