Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
currency-cloud
Advanced tools
This is the official Javascript SDK for v2 of Currencycloud's API. Additional documentation for each API endpoint can be found at Currencycloud API documentation. If you have any queries or you require support, please contact our development team at development@currencycloud.com
This library is distributed on npm
. In order to add it as a dependency, run the following command:
$ npm install currency-cloud --save
The current least supported Node version is 12.0.0.
The following example retrieves all tradeable currencies list:
var currencyCloud = require('currency-cloud');
currencyCloud.authentication.login({
environment: 'demo',
loginId: 'valid_login_id',
apiKey: 'valid_api_key'
})
.then(currencyCloud.reference.getAvailableCurrencies)
.then(function(res) {
console.log('available currencies: ' + JSON.stringify(res.currencies, null, 2));
})
.then(currencyCloud.balances.find)
.then(function(res) {
console.log('balances: ' + JSON.stringify(res.balances, null, 2));
})
.then(currencyCloud.authentication.logout)
.catch(console.log);
More extensive examples can be found in the examples folder.
To interact with the various Currencycloud's APIs a service client object must be created; then a particular API can be accessed via the corresponding property of this object:
// create service client object
var currencyCloud = require('currency-cloud');
// access authentication API
currencyCloud.authentication.login({
environment: 'demo',
loginId: 'valid_login_id',
apiKey: 'valid_api_key'
})
.then(function() {
// access reference API
return currencyCloud.reference.getBeneficiaryRequiredDetails({
currency: 'EUR',
bankAccountCountry: 'DE'
});
})
.then(console.log)
.then(currencyCloud.authentication.logout);
Supported APIs are listed in the Currencycloud API overview.
Prior to calling API functions authentication is required. It is performed as follows:
var currencyCloud = require('currency-cloud');
currencyCloud.authentication.login({
environment: 'demo', // environment to run API calls against, one of those listed in 'settings' section of package.json
loginId: 'login_id', // login id of the API user, as specified during registration
apiKey: 'api_key' // corresponding API key, obtained upon registration
})
.then(function(token) {
...
});
The above code retrieves authentication token, which is passed with all subsequent API calls. If a call fails due to token is expired, then re-authentication is attempted, so that the token is refreshed and the failed request is retried.
When working with API is finished, it is recommended to close the session by calling currencyCloud.authentication.logout()
.
SDK functions accept arguments as a single object, which holds both required and optional parameters:
var currencyCloud = require('currency-cloud');
currencyCloud.accounts.create({
/* required parameters */
accountName: 'Firma AB',
legalEntityType: 'company',
/* optional parameters */
status: 'enabled',
street: 'Sergels Torg 2',
city: 'Stockholm',
postalCode: '10640',
country: 'SE',
spreadTable: 'no_markup',
identificationType: 'none'
})
.then(console.log);
Function arguments as well as return objects and errors are camelCased.
Each API call is an asynchronous operation, so Promises/A+ pattern is used heavily throughout the SDK. Every function, if not synchronously throwing an Error, returns a then-able promise.
Requests over the internet will fail on occasion for seemingly no apparent reason, and the SDK includes a comprehensive set of error handling capabilities to help troubleshoot those situations. Sometimes however, the best strategy is simply to retry. This is the case particularly with transient errors like HTTP 429 - Too Many Requests, but wrapping calls in for/while loops is discouraged as in some extreme cases this may trigger our anti-DoS defences.
As of version 1.14.1 we have introduced an Exponential Backoff with Jitter retry feature which we recommend you use to safely handle retries.
Calls fn until the returned promise ends up fulfilled or rejected with an error different than TooManyRequestsError
. The optional options argument is an object which maps to the following values:
7
.2
.0
and 750
ms.30
and 60
sec.1
and 2
. Default is true
.true
. Default is false
The fn function will receive a retry function as an argument that should be called with an error whenever you want to retry fn. The retry function will always throw an error. If there're retries left, it will throw a special retry error that will be handled internally to call fn again. If there're no retries left, it will throw the actual error passed to it.
A typical use case is presented below. For more information see the Cookbook examples.
var currencyCloud = require('currency-cloud');
const opts = {
retries: 5, //Retry up to five times before giving up
factor: 2, // Use an exponential wait
minTimeout: Math.random() * 750, // Initial wait in ms
maxTimeout: Math.random() * 30000 + 30000, // Maximum wait period in ms
randomize: true // Apply a random jitter on each iteration
log: true // Log retries to the console
};
let findBalances = () => {
return currencyCloud.retry(
() => {
return currencyCloud.balances.find()
.then(function (res) {
console.log('findBalance: ' + JSON.stringify(res, null, 2));
})
},
opts,
"currencyCloud.balances.find"
);
};
Some API calls can be executed on behalf of another user (e.g. someone who has a sub-account with the logged in user). For this sake, onBehalfOf
field with a value of corresponding contact id should be added to a parameters object of a SDK function:
var currencyCloud = require('currency-cloud');
currencyCloud.rates.get({
buyCurrency: 'SEK',
sellurrency: 'GBP',
fixedSide: 'buy',
amount: 1000.5,
onBehalfOf: '8f639ab2-2b85-4327-9eb1-01ee4f0c77bc'
})
.then(console.log);
Another option is to run a bunch of API calls using onBehalfOf(id, promise)
method; it expects contact id and a promise as parameters and returns the given promise resolved:
var currencyCloud = require('currency-cloud');
currencyCloud.onBehalfOf('8f639ab2-2b85-4327-9eb1-01ee4f0c77bc', function() {
var beneficiary = {
...
};
var conversion = {
...
};
var payment = {
...
};
return currencyCloud.beneficiaries.create(beneficiary)
.then(function(res) {
payment.beneficiaryId = res.id;
})
.then(function() {
return currencyCloud.conversions.create(conversion);
})
.then(function(res) {
payment.conversionId = res.id
})
.then(function() {
return currencyCloud.payments.create(payment);
});
})
.then(console.log);
If an API call fails, the SDK function returns rejected promise with the error wrapped into APIerror
class object. More specifically, it's an object of one of the classes, inheriting from APIerror
and representing different types of errors. Apart from standard serialization methods they expose toYAML()
method, which converts error object to human-readable YAML string:
var currencyCloud = require('currency-cloud');
currencyCloud.balances.get({
currency: 'XYZ'
})
.catch(function(err) {
// the error might be not of APIerror type (e.g connection error)
if(err instanceof currencyCloud.APIerror) {
console.log(err.toYAML());
}
else {
console.log(err);
}
});
/* outputs
BadRequestError
---
platform: node v4.1.1
request:
parameters: {}
verb: GET
url: https://devapi.currencycloud.com/v2/balances/XYZ
response:
statusCode: 400
date: Mon, 09 Nov 2017 15:06:11 GMT
requestId: 2914269054259094430
errors:
- field: currency
code: currency_is_in_invalid_format
message: currency is not a valid ISO 4217 currency code
params:
type: currency
*/
We welcome pull requests from everyone! Please see CONTRIBUTING
Our sincere thanks for helping us create the best API for moving money anywhere around the world!
This project uses semantic versioning. You can safely express a dependency on a major version and expect all minor and patch versions to be backwards compatible.
Technology evolves quickly and we are always looking for better ways to serve our customers. From time to time we need to make room for innovation by removing sections of code that are no longer necessary. We understand this can be disruptive and consequently we have designed a Deprecation Policy that protects our customers' investment and that allows us to take advantage of modern tools, frameworks and practices in developing software.
Deprecation means that we discourage the use of a feature, design or practice because it has been superseded or is no longer considered efficient or safe but instead of removing it immediately, we mark it as @deprecated to provide backwards compatibility and time for you to update your projects. While the deprecated feature remains in the SDK for a period of time, we advise that you replace it with the recommended alternative which is explained in the relevant section of the code.
We remove deprecated features after three months from the time of announcement.
The security of our customers' assets is of paramount importance to us and sometimes we have to deprecate features because they may pose a security threat or because new, more secure, ways are available. On such occasions we reserve the right to set a different deprecation period which may range from immediate removal to the standard three months.
Once a feature has been marked as deprecated, we no longer develop the code or implement bug fixes. We only do security fixes.
(No features are currently being deprecated)
We actively support the latest version of the SDK. We support the immediate previous version on best-efforts basis. All other versions are no longer supported nor maintained.
Testing of the SDK relies on the Mocha test framework, Chai assertions library and Nock HTTP mocking and expectations library. To run all test cases simply execute:
$ npm run test
The SDK includes valid mocked HTTP responses in ./test/api/fixtures
. If you would like to test against the live API, please ensure there are no js
files in that folder. The Nock library will regenerate them by recording the responses from the live run and use those next time the tests are executed.
IMPORTANT: Remember to change the loginId
and apiKey
properties in ./test/mocks.js
to use your login ID and API key.
If you don't have a valid login or key, you can get them here
Copyright (c) 2015-2022 Currencycloud. See LICENSE for details.
FAQs
Currencycloud API v2 JavaScript client
We found that currency-cloud demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.