Cryptsy
Provides an idiomatic Ruby client for the authenticated Cryptsy API
JSON client
Grab your API keys from the Crypsty website
client = Cryptsy::Client.new('YOUR PUBLIC KEY', 'YOUR PRIVATE KEY')
Check your account details
# Get account blances
client.info.balances_available
# Get transfers, transactions, open orders
client.transfers
client.transactions
client.orders
Query markets
client.markets
client.market_by_pair('DOGE', 'BTC')
Generate new receive addresses
client.generate_deposit_address('DOGE') # => 'DTP2Na7P4JpwhUuPTdJWjGzAK9P5VXF5Zd'
client.generate_deposit_address('BTC') # => '156q4WMvWmCSmTdZSVVn8zdnDFJWZsb6XW'
Make withdrawals
client.make_withdrawal('DKkNNCF2DRcHtSgbKeDTVd2T8qjng1Z8hV', 1250.0)
Note that this method only works for addresses that have been pre-approved. Use the web client if you wish to automate the pre-approval process.
Web client
This package provides a web client for doing unsafe operations on Cryptsy. The official JSON API does not allow you to withdraw funds to addresses that have not been pre-approved. Nor does it let you pre-approval addresses. Therefore, you would be forced to login to the HTML web interface, and input your password and TFA token to do withdrawals and add trusted addresses.
This client is rough around the edges, but the basic functionality is there. It has many extra dependencies, so you have to explicitly require it and install the dependencies.
gem install faraday-cookie_jar nokogiri rotp
require 'cryptsy/web_client'
web_client = Cryptsy::WebClient.new('YOUR CRYPTSY USERNAME', 'YOUR CRYPTSY PASSWORD', 'YOUR TFA SECRET')
web_client.login
web_client.pincode
Now that you have a session on Cryptsy, you can perform privileged operations.
Withdrawals
If you wish to make a withdrawal to an address that has not been pre-approved, use the following:
web_client.make_withdrawal(94, 'DKkNNCF2DRcHtSgbKeDTVd2T8qjng1Z8hV', 1250.0)
You will receive a confirmation email after a short period. The link in this email must be visited for the withdrawal to continue.
Note that you will not be able to use this for trusted addresses. Instead, use the respective method on the regular JSON client.
Trusted addresses
If you wish to make an address trusted, use the following:
web_client.add_trusted_address('DQRhettwhyR6xeK6xFQ2nbhjhSTgZzdgMR')
You will receive a confirmatin email after a short period. The link in this email must be visited for the address to become trusted.
Note that you will not be able to use the web client to make withdrawals to this address now. Instead, use the respective method on the regular JSON client.
Caching sessions
The web client uses Faraday with middleware for HTTP::CookieJar.
The cookie jar is accessible, so you can save and load cookies to a file between uses.
jar = web_client.
jar.load('path/to/cookies.txt')
jar.cleanup
jar.save('path/to/cookies.txt', session: true)
Confirmation email polling
Take automation to the next level! Using ConfirmationPoller
, you can scan the email account associated with your
Cryptsy account. Combining this with the web client allows you to automatically confirm:
- Trusted addresses
- Withdrawals to untrusted addresses
Refer to examples/gmail_poller.rb
to see basic integration with Gmail. Combine it with the web client like so:
adapter = GmailAdapter.new('GMAIL USERNAME', 'GMAIL PASSWORD')
web_client = Cryptsy::WebClient.new('CRYPTSY USERNAME', 'CRYPTSY PASSWORD', 'TFA SECRET')
poller = Cryptsy::ConfirmationPoller.new(adapter, CONFIRM_TRUSTED_ADDRESS_PATTERN)
poller.run_until_found.each do |link|
web_client.get(link)
end
adapter.logout
It's recommended to setup an application-specific password instead of using your primary Gmail password.
Security concerns
SSL verification
The certificate for https://api.cryptsy.com
is invalid. Therefore, any clients that connect to it
must disable SSL verification. This opens up the possibility for a MITM attack.
Until this is fixed, avoid experimenting with the JSON client on untrusted networks until this
is corrected. The web client does not have this vulnerability, the https://www.cryptsy.com
certificate
is correct.
Plaintext credentials
Using both clients will result in a large number of credentials needing to be stored in plaintext.
This includes the following:
- Cryptsy username & password
- Cryptsy API key pair
- Cryptsy two-factor authentication (TFA) secret
Therefore, you should isolate the use of this client away from a public-facing service. On a separate VM, you can use a background worker process, like Sidekiq or Resque.