Get API keys for CoinGecko and CryptoCompare

[anastasiyaig]

Description

Problem: we receive market data from CoinGecko and CryptoCompare and we're using their "free" plans currently.

The Free plan has per-IP-Address limits, which works fine as long as we're not all in the same hotel using Status at the same time.

We need to get some paid plans and API keys for this services so they are reliable

[anastasiyaig]

@churik @iurimatias @John-44 @dlipicar

[anastasiyaig]

@alaibe adding you as well

[jakubgs]

Even more centralized services being added to the App? Really?

[anastasiyaig]

@jakubgs we use them already for long time, but the worst part is that we use free plan which is limited

[jakubgs]

Okay, but what kinda of scale do we want for this? Honestly regardless of which plan we pick once people start using this we will hit the limit, but do you have any idea what numbers we need right now?

https://www.coingecko.com/en/api/pricing

[anastasiyaig]

i would like to hear opinions from wallet team and @John-44 cc @iurimatias

[dlipicar]

Hey there! Sorry for the delay in commenting.

So, we're using both CryptoCompare and CoinGecko in a way that's not even properly documented. According to their docs, even if you don't pay you're supposed to use an API key, which has terrible (per API key) limits

We're not using API keys for any. The closest thing we have is an identifier for CryptoCompare calls, not sure if we have some special arrangement with them:

Anyway, this lets us have per-IP-address limits which is awesome for our use case. However, this is dangerous because:

• Conditions for this no-API-key usage could change at any moment or it might even be disabled
• If several people use Status from the same location with a shared IP address (offsite, presenting Status at some crypto event), we hit the limits very quickly and the wallet becomes useless

So, the plan was to keep trying to use the free plan initially, but use an API key if our requests get throttled/denied. I've got the logic for this implemented, but still need to do some tests. However, there's still some issues:

Cryptocompare's Commercial plan allows only one user per license, which is no good for the current way we use their service. We'd need to get a custom plan suitable for our "decentralized" usage. Unless we set up a proxy server to concentrate calls :D

I don't have exact usage stats, but with a 10min refresh period I think 1M calls/month would be good for a few hundred users. Unless we set up caching in our proxy server :D :D

CoinGecko's plans seem less restrictive (calls/month and number of users), but I'm still concerned about the calls/min limit in both (proxy server? :D :D :D)

Regarding privacy, requests to these APIs only include token symbols, no information about accounts.

@iurimatias mentioned this proxy server idea has been under discussion already. If we use that as our main provider and keep direct client access to the providers as a fallback in case we're blocked in some region, we should be good IMO.

[jakubgs]

That all sounds terrible. And nobody has the time to develop a proxy server. Best we can do is just an nginx with some caching, but even that could easily be overwhelmed.

I have yet to hear any actual concrete request for a proxy server, just conversations, so until someone actually explains what is necessary, at what scale, and for what service, there is no proxy.

[saledjenic]

Was logged here https://github.com/status-im/status-desktop/issues/14591 as well.

[anastasiyaig]

So what is the decision there? @iurimatias

[iurimatias]

@anastasiyaig we'll try the proxy approach so long users have a fallback

[jakubgs]

Indeed, the work is being done in:

• https://github.com/status-im/infra-proxy/issues/1

[anastasiyaig]

Alright thanks!