search

brianddk / pyexch

REST based Python Exchange API
Apache License 2.0
0 stars 2 forks source link

readme

pyexch

PyPI version License GitHub GitHub Discussions Donate with Bitcoin Lightning Donate with Bitcoin

EARLY PREVIEW RELEASE of a rudimentary python CLI based rest client for Coinbase

usage: pyexch [-h] [--method <get,post,>] [--url https://...]
              [--params params.json] [--call get_accounts]
              [--keystore ks.json] [--auth exch.auth]

Python Exchange CLI (pyexch)

optional arguments:
  -h, --help            show this help message and exit
  --method <get,post,>  rest http method (get<default>,post,put,delete)
  --url https://...     rest http url to perform actions upon
  --params params.json  json(5) filename holding rest parameters / data
  --call get_accounts   call method in the default client
  --keystore ks.json    json(5) filename where secrets are stored (backup!)
  --auth exch.auth      the auth method to use from keystore.

NOTE: Must name either "--call" or "--url", but not both, and "keystore.json"
is assumed if "--keystore" is not named

Future Plans

Getting Started

This utility is a very thin wrapper around two published Coinbase libraries, though one or both are likely no longer maintained. The first library coinbase-python uses both the v2-api, and the OAuth2-api. The second libary coinbase-advanced-py uses the v3-api. As of April 2nd, 2024 you can access all the V2 and V3 URLs using either the v3-api keys or the OAuth2-api keys. Note that since certain convenience routines like get_transaction are not in the v3-api library, some may still opt to make an OAuth2 token to use these convenience calls. Alternatively you could go directly after the URLs for these services which will work regardless.

Here's a breakdown of what you will need to do to get started:

  1. Make either a V3-API key, an OAuth2-API key, or both.
  2. Read the V2-API docs, aka "Sign In With Coinbase" (SIWC) for URLs/endpoints
  3. Read the V3-API docs, aka "Advanced Trading" (AT) for URLs/endpoints
  4. Read the V2-Library docs for names of convenience calls / routines
  5. Read the V3-Library docs for names of convenience calls / routines
  6. Optionally read the Python 3.12 Tutorial for python questions

Install and Initial Setup

This utility allows you to use a Cryptocurrency Exchange's REST API to perform basic tasks and retrieve current and historical account data. You will need to setup API / OAuth2 access keys in your account to use this utility. The utility supports both GPG and Trezor-CipherKeyValue encryption. You will need either a GPG key pair installed, or a Trezor attached. As a fallback you can store API keys in naked JSON, but that is obviously not recommended.

Install with Debug support

If you want to debug one of the client calls or step into a requests call, you can install from GIT sources. Then you can add breakpoints in source using calls to breakpoint() to get more detailed information.

  1. Get source: git clone https://github.com/brianddk/pyexch.git
  2. Switch directories: cd pyexch
  3. Install develop mode via pip: pip install -e .
  4. Verify install (cli-mode): pyexch --help
  5. Optionally add breakpoint() into one of the *.py files
  6. Optionally step through code in the python debugger (pdb)

Install without GIT

To install the most recent edition directly from GitHub tarball:

pip install https://github.com/brianddk/pyexch/archive/refs/heads/main.tar.gz

You won't get to documentation or templates, but all the code will land and function

Install last release from PIP

  1. Install: pip install pyexch
  2. Verify install: pyexch --help

Alternatively you can run it in module mode (python -m pyexch --help) or run the script directly (python pyexch.py --help).

Building a Keystore

Template keystores are provided in the templates directory. If you decide to use a naked JSON, you can simply modify the null values in the json_ks.json to fill in the key values. If you want to use encryption you will need to modify on of the encryption templates (trezor_ks.json or gnupg_ks.json) and update the unencrypted parameters. These all deal with various encryption settings. Note that for Trezor, zlib is the ONLY supported compression. Since the JSON keystore is self explanatory, I'll focus on building the encrypted keystores.

Building a GnuPG encrypted Keystore:

Start with the GnuPG template gnupg_ks.json, and change the recipient to the key-id of your GnuPG key. This can be the UID (email), or the short or long key hex.

{
  "format": "gnupg",
  "gnupg": {
    "recipient": "TYPE_YOUR_GPG_PUBLIC_KEY_HERE"
  }
}

Once you have populate the recipient, you can update the secrets interactively to keep them off of your filesystem and out of your process viewer. This uses the update_keystore command which takes a JSON template as a parameter. Any null value will trigger prompting on the console. Input is not masked or muted, so you may want to run a clear-screen after to keep reduce the amount of time it is in the console buffer.

  1. Pick a authorization method to use (coinbase.oauth2, coinbase.v2_api, coinbase.v3_api)
  2. Fill in your template data, leave null values for prompting (ex: coinbase_oauth2.json)
  3. Run the update_keystore command to prompt and encrypt secrets

Template:

{
  "format": "json",
  "coinbase": {
    "oauth2": {
      "auth_url": "https://login.coinbase.com/oauth/auth",
      "token_url": "https://login.coinbase.com/oauth2/token",
      "revoke_url": "https://login.coinbase.com/oauth2/revoke",
      "redirect_url": "http://localhost:8000/callback",
      "scope": "wallet:user:read,wallet:accounts:read",
      "id": null,
      "secret": null
    }
  }
}

With both the GnuPG and OAuth2 templates, the update_keystore call will prompt for the null fields, and encrypt the resultant merge with GnuPG

pyexch --keystore gnupg_ks.json --params coinbase_oauth2.json --call update_keystore

If you choose OAuth2, you will need to create / authorize your app to get a grant token

pyexch --keystore gnupg_ks.json --auth coinbase.oauth2 --uri https://api.coinbase.com/oauth/authorize

This will launch your web-browser and web-server to service the request and store the keys in your keystore. Note that since this get takes secret params, the auth_url is treated special and the parameters are built internally for processing to avoid the need for an encrypted params.json file.

You can display the keys that got updated on console using print_keystore call. A redaction template can be included in --params to mask secrets from getting shown on screen. In this workflow, simply seeing that the new oauth store got a auth token and a refresh token is a good indication that the calls worked. If you want to see all the secrets, just omit the --params field in the call to print_keystore

pyexch --keystore gnupg_ks.json --params redactions.json5 --call print_keystore

Note that since OAuth tokens are short lived, you will need to refresh the tokens about every hour. To refresh to token post to the token_url to get a new token. Since this get takes secret params, the token_url is treated special and the parameters are built internally for processing to avoid the need for an encrypted params.json file.

pyexch --keystore gnupg_ks.json --method post --uri https://api.coinbase.com/oauth/token

Note: The --auth choice is cached in the keystore so the last choice used is assumed unless --auth is named again.

Making REST or Client calls

Once you have good API / AUTH tokens stored, you can start making calls to the API's or Clients directly. To determine which URLs are supported look at the API V2 documentation, and API V3 documentation. Note that OAuth2 works on both v2 and v3 URLs.

To learn which calls are supported, look at the V2 Client and V3 Client. All parameters needed for the call commands are taken from the JSON file pointed to in the --params argument.

For example, to exercise the V2-API Show Authorization Information endpoint, you can do the following

pyexch --keystore gnupg_ks.json --url https://api.coinbase.com/v2/user/auth

To call the get_buy_price method from the V2-Client using BTC-USD trading pair (use \" with echo on certain shells)

echo {"currency_pair" : "BTC-USD"} > params.json
pyexch --keystore gnupg_ks.json --params params.json --call get_buy_price

Supported Call Endpoints

These are the supported options for the --call parameter

Internal call endpoints

These are the call endpoints that have internal functions without exchange interaction

coinbase.oauth2 call endpoints

These endpoints are supported when using the --auth value of coinbase.oauth2. These are exposed from the coinbase.wallet.client.OAuthClient client object.

coinbase.oauth2 / coinbase.v2_api call endpoints

These endpoints are supported when using the --auth value of either coinbase.oauth2 or coinbase.v2_api. These are exposed from the coinbase.wallet.client.OAuthClient and coinbase.wallet.client.Client client objects. All of these calls accept named parameters pulled from --params JSON.

coinbase.v3_api call endpoints

These endpoints are supported when using the --auth value of coinbase.v3_api. These are exposed from the coinbase.rest.RESTClient client object. All of these calls accept named parameters pulled from --params JSON.