
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
blockfolio-api-client
Advanced tools
Use with caution: Your DEVICE_TOKEN
is used to access all your
Blockfolio datas, keep it safe and DON'T make it public.
This module is NOT provided by Blockfolio.
Get the official Blockfolio app at blockfolio.com
npm install blockfolio-api-client --save
init
method with your DEVICE_TOKEN
DEVICE_TOKEN
The DEVICE_TOKEN
used to be found under the Settings
menu until
version 1.1.14
of Blockfolio, since 1.1.15
, only a disposable one
is displayed on the app.
If you want to find out what is your real DEVICE_TOKEN
, you have
several ways to do it, but we will only document here the easiest one :
Once you get your DEVICE_TOKEN
using this method, you may then go
back to the latest version without any issue, enjoy!
You need to allow 3rd parties packages / Installation outside the Play Store, then install an old version directly from the APK.
Then you can easily find sources for the old official APK on the Internet (ie. APK4FUN, APK.Plus, and many others...)
Just remove your current version, download the 1.1.14
and install it
on your device. You should now see your real DEVICE_TOKEN
and start to
play with the API!
If you installed Blockfolio before the 1.1.5 update, you can find the previous version using iTunes.
Go to the Music
> iTunes
> iTunes Media
> Mobile Applications
folder on your drive, then you should find a folder called
Previous Mobile Applications
. Find the 1.1.14
version of
Blockfolio, and drag and drop it onto iTunes. Delete the app from your
phone, and resync with iTunes. You should be back to 1.1.14 version,
congratulations !
const Blockfolio = require("blockfolio-api-client");
Blockfolio
// Initialize the client with your DEVICE_TOKEN
.init("BLOCKFOLIO_DEVICE_TOKEN")
// Add a position of 42 XMR/BTC on the top exchange, at the current price
.then(() => {
return Blockfolio.addPosition("XMR/BTC", {
amount: 42,
note: "I love XMR!"
});
// Get the positions you got for XMR
}).then(() => {
return Blockfolio.getPositions({ pair: "XMR" });
// Then remove the first one (last added)
}).then((positions) => {
console.log("I just added a position of XMR/BTC on the top exchange, there it is:");
console.log(positions[0]);
// Now delete this position:
return Blockfolio.removePosition(positions[0].positionId);
// TADA!
}).then(() => {
console.log("Position successfully removed!");
}).catch((err) => {
console.error(err);
});
Every client's methods could be called with an ending error-first callback. In that case, the first parameter of the callback must be null
if everything was fine, and returns the result in second parameter. If the method doesn't succeed, then the first parameter will contain the returned error, and the second will be populated with the raw body of the API's reponse.
const Blockfolio = require("blockfolio-api-client");
Blockfolio
// Initialize the client with your DEVICE_TOKEN (disableCoinCheck to skip coins sync)
.init("BLOCKFOLIO_DEVICE_TOKEN", { disableCoinCheck: true }, (err) => {
if (err) { return console.error(err); }
// Call getPositions with only a callback to fetch all global positions
Blockfolio.getPositions((err, positions) => {
if (err) { return console.error(err); }
// Display list of current positions
positions.forEach((position) => {
console.log(`Got ${position.quantity} ${position.coin} for a total BTC value of ${position.holdingValueBtc}.`);
});
});
});
Get the summary of your portfolio
A summary object
Blockfolio.getPortfolioSummary().then((summary) => {
console.log(`I'm currently owning ${summary.btcValue}btc, for a usd value of ${summary.usdValue}!`);
}).catch((err) => { console.error(err); });
Return a summary of all the positions in Blockfolio if no coin pair is provided.
If a token pair is passed, then the detailed positions regarding this specific pair are returned.
"XMR/BTC"
)An array of position objects.
Blockfolio.getPositions().then((positions) => {
positions.forEach((pos) => {
console.log(`I HODL ${pos.quantity} ${pos.coin}/${pos.base} for a value of ${pos.holdingValueFiat} ${pos.fiatSymbol}`);
});
}).catch((err) => { console.error(err); });
OR
Blockfolio.getPositions("BTC/USD").then((positions) => {
// positions contains all the orders saved on Blockfolio in "BTC/USD"
positions.forEach((pos) => {
// Do something with each position taken
});
}).catch((err) => { console.error(err); });
Add a new position to your portfolio.
"XMR/BTC"
)buy
or sell
getExchanges
to get the list of available exchanges for a specific token pair)getPrice
to get the latest price for a specific token pair on a specific exchange)err
should be null if everything was fine, and result
should contain success
(otherwise, it will be the response body) - you can also use directly the result as a PromiseBlockfolio.addPosition("XMR/BTC", {
mode: "buy",
exchange: "bittrex",
amount: 42,
note: "I really like Monero !"
}).then(() => {
console.log("42 XMR successfully added to your Blockfolio at the current price from Bittrex!"
}).catch((err) => {
console.error(err);
});
Add a new position to your portfolio.
Blockfolio.removePosition(42).then((() => {
console.log("Your position #42 has been successfuly removed!"
}).catch((err) => { console.error(err); });
Completely remove a coin from your portfolio
"XMR/BTC"
)Blockfolio.removeCoin("XMR/BTC").then(() => {
// XMR/BTC is now removed from your portfolio !
}).catch((err) => {
// XMR/BTC could not be removed from your portfolio
});
Get the summary of all opened positions on specified token pair
"XMR/BTC"
)A summary of your holdings of this coin.
Blockfolio.getHoldings("XMR/BTC").then((holdings) => {
console.log(holdings);
}).catch((err) => { console.error(err); });
Retrieve the last ticker price for specific token pair on specific exchange
"XMR/BTC"
)getExchanges
to get the list of available exchanges for a specific token pair)The price of the token in selected base (or in BTC if no base is provided).
Blockfolio.getPrice("XMR/BTC", { exchange: "bittrex" }).then((price) => {
console.log("Current price for XMR on Bittrex : " + price + "btc");
}).catch((err) => { console.error(err); });
Returns a list of exchanges where the specified token pair is available
"XMR/BTC"
)Array of available exchanges for this coin.
Blockfolio.getExchanges("XMR/BTC").then((exchanges) => {
console.log("Top exchange for XMR/BTC is : " + exchanges[0]);
}).catch((err) => { console.error(err); });
Get informations on the current market for specified token pair on specified exchange
"XMR/BTC"
)getExchanges
to get the list of available exchanges for a specific token pair)Details of the selected market.
Blockfolio.getMarketDetails("XMR/BTC", { exchange: "bittrex"}).then((details) => {
console.log(details);
}).catch((err) => { console.error(err); });
Add an price alert for a coin.
"XMR/BTC"
)getExchanges
to get the list of available exchanges for a specific token pair)true
, the alert will be triggered each time the price crosses a boundaryBlockfolio.addAlert("XMR/BTC", {
exchange: "bittrex",
above: 0.03
}).then(() => {
// Alert successfuly set !
}).catch((err) => { console.error(err); });
Removes an existing alert from your portfolio.
Blockfolio.removeAlert(42).then(() => {
// Alert successfuly removed !
}).catch((err) => { console.error(err); });
Retrieve the list of current alerts set for a coin
"XMR/BTC"
)An array of alert objects.
Blockfolio.getAlerts("XMR/BTC").then((alerts) => {
alerts.forEach((alert) => {
console.log(`Alert set for ${alert.coin}/${alert.base} is ${alert.alertStatus}!`);
});
}).catch((err) => { console.error(err); });
Pause the specified alert to block it from sending notifications temporarily.
Example
Blockfolio.pauseAlert(42).then(() => {
// Alert 42 is now muted
}).catch((err) => { console.error(err); });
Restart the specified alert to allow it to send notifications again.
Example
Blockfolio.startAlert(42).then(() => {
// Alert 42 is now retarted and will notify you again if triggered!
}).catch((err) => { console.error(err); });
Pause all alerts and block then from sending notifications temporarily.
Blockfolio.pauseAllAlerts().then(() => {
// ALL Alerts are muted
}).catch((err) => { console.error(err); });
Restart all alerts to allow them to send notifications again.
Blockfolio.pauseAllAlerts().then(() => {
// ALL Alerts are retarted and will send you some notification if triggered!
}).catch((err) => { console.error(err); });
Get the whole list of coins supported by Blockfolio
An array of coin objects.
Blockfolio.getCoinsList().then((coins) => {
console.log(coins);
}).catch((err) => { console.error(err); });
Get the whole list of supported currencies.
Array of currency objects.
Blockfolio.getCurrencies().then((currencies) => {
currencies.forEach(currency => {
console.log(`${currency.fullName} (${currency.symbol}) is abbreviated ${currency.currency}.`);
});
}).catch((err) => { console.error(err); });
Get the last announcements from the new Signal API.
Array of announcements.
Blockfolio.getAnnouncements().then((announcements) => {
console.log(announcements);
}).catch((err) => { console.error(err); });
Get an status message from Blockfolio. Without any issues, this message is empty.
Empty string or status message.
Blockfolio.getStatus().then((status) => {
console.log(status);
}).catch((err) => { console.error(err); });
Get the version number of the Blockfolio API.
String containing the version number of the API.
Blockfolio.getVersion().then((version) => {
console.log(`Blockfolio API ${version}.`);
}).catch((err) => { console.error(err); });
Johan Massin - bob6664569
See also the list of contributors who participated in this project.
Distributed under the MIT License.
FAQs
JavaScript module to access Blockfolio API
The npm package blockfolio-api-client receives a total of 1 weekly downloads. As such, blockfolio-api-client popularity was classified as not popular.
We found that blockfolio-api-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.