Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The newly edited unofficial Python client for the Coinbase Pro API for use by SCR only.
The Python client for the Coinbase Pro API (formerly known as the GDAX)
. Note: this library may be subtly broken or buggy. The code is released under the MIT License – please take the following message to heart:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This README is documentation on the syntax of the python client presented in
this repository. See function docstrings for full syntax details.
This API attempts to present a clean interface to CB Pro, but in order to use it
to its full potential, you must familiarize yourself with the official CB Pro
documentation.
You may manually install the project or use pip
:
pip install cbpro
#or
pip install git+git://github.com/danpaquin/coinbasepro-python.git
Only some endpoints in the API are available to everyone. The public endpoints
can be reached using PublicClient
import cbpro
public_client = cbpro.PublicClient()
public_client.get_products()
# Get the order book at the default level.
public_client.get_product_order_book('BTC-USD')
# Get the order book at a specific level.
public_client.get_product_order_book('BTC-USD', level=1)
# Get the product ticker for a specific product.
public_client.get_product_ticker(product_id='ETH-USD')
# Get the product trades for a specific product.
# Returns a generator
public_client.get_product_trades(product_id='ETH-USD')
public_client.get_product_historic_rates('ETH-USD')
# To include other parameters, see function docstring:
public_client.get_product_historic_rates('ETH-USD', granularity=3000)
public_client.get_product_24hr_stats('ETH-USD')
public_client.get_currencies()
public_client.get_time()
Not all API endpoints are available to everyone.
Those requiring user authentication can be reached using AuthenticatedClient
.
You must setup API access within your
account settings.
The AuthenticatedClient
inherits all methods from the PublicClient
class, so you will only need to initialize one if you are planning to
integrate both into your script.
import cbpro
auth_client = cbpro.AuthenticatedClient(key, b64secret, passphrase)
# Use the sandbox API (requires a different set of API access credentials)
auth_client = cbpro.AuthenticatedClient(key, b64secret, passphrase,
api_url="https://api-public.sandbox.pro.coinbase.com")
Some calls are paginated, meaning multiple
calls must be made to receive the full set of data. The CB Pro Python API provides
an abstraction for paginated endpoints in the form of generators which provide a
clean interface for iteration but may make multiple HTTP requests behind the
scenes. The pagination options before
, after
, and limit
may be supplied as
keyword arguments if desired, but aren't necessary for typical use cases.
fills_gen = auth_client.get_fills()
# Get all fills (will possibly make multiple HTTP requests)
all_fills = list(fills_gen)
One use case for pagination parameters worth pointing out is retrieving only
new data since the previous request. For the case of get_fills()
, the
trade_id
is the parameter used for indexing. By passing
before=some_trade_id
, only fills more recent than that trade_id
will be
returned. Note that when using before
, a maximum of 100 entries will be
returned - this is a limitation of CB Pro.
from itertools import islice
# Get 5 most recent fills
recent_fills = islice(auth_client.get_fills(), 5)
# Only fetch new fills since last call by utilizing `before` parameter.
new_fills = auth_client.get_fills(before=recent_fills[0]['trade_id'])
auth_client.get_accounts()
auth_client.get_account("7d0f7d8e-dd34-4d9c-a846-06f431c381ba")
# Returns generator:
auth_client.get_account_history("7d0f7d8e-dd34-4d9c-a846-06f431c381ba")
# Returns generator:
auth_client.get_account_holds("7d0f7d8e-dd34-4d9c-a846-06f431c381ba")
# Buy 0.01 BTC @ 100 USD
auth_client.buy(price='100.00', #USD
size='0.01', #BTC
order_type='limit',
product_id='BTC-USD')
# Sell 0.01 BTC @ 200 USD
auth_client.sell(price='200.00', #USD
size='0.01', #BTC
order_type='limit',
product_id='BTC-USD')
# Limit order-specific method
auth_client.place_limit_order(product_id='BTC-USD',
side='buy',
price='200.00',
size='0.01')
# Place a market order by specifying amount of USD to use.
# Alternatively, `size` could be used to specify quantity in BTC amount.
auth_client.place_market_order(product_id='BTC-USD',
side='buy',
funds='100.00')
# Stop order. `funds` can be used instead of `size` here.
auth_client.place_stop_order(product_id='BTC-USD',
stop_type='loss',
price='200.00',
size='0.01')
auth_client.cancel_order("d50ec984-77a8-460a-b958-66f114b0de9b")
auth_client.cancel_all(product_id='BTC-USD')
# Returns generator:
auth_client.get_orders()
auth_client.get_order("d50ec984-77a8-460a-b958-66f114b0de9b")
# All return generators
auth_client.get_fills()
# Get fills for a specific order
auth_client.get_fills(order_id="d50ec984-77a8-460a-b958-66f114b0de9b")
# Get fills for a specific product
auth_client.get_fills(product_id="ETH-BTC")
depositParams = {
'amount': '25.00', # Currency determined by account specified
'coinbase_account_id': '60680c98bfe96c2601f27e9c'
}
auth_client.deposit(depositParams)
# Withdraw from CB Pro into Coinbase Wallet
withdrawParams = {
'amount': '1.00', # Currency determined by account specified
'coinbase_account_id': '536a541fa9393bb3c7000023'
}
auth_client.withdraw(withdrawParams)
If you would like to receive real-time market updates, you must subscribe to the websocket feed.
import cbpro
# Parameters are optional
wsClient = cbpro.WebsocketClient(url="wss://ws-feed.pro.coinbase.com",
products="BTC-USD",
channels=["ticker"])
# Do other stuff...
wsClient.close()
import cbpro
# Parameters are optional
wsClient = cbpro.WebsocketClient(url="wss://ws-feed.pro.coinbase.com",
products=["BTC-USD", "ETH-USD"],
channels=["ticker"])
# Do other stuff...
wsClient.close()
The WebsocketClient
now supports data gathering via MongoDB. Given a
MongoDB collection, the WebsocketClient
will stream results directly into
the database collection.
# import PyMongo and connect to a local, running Mongo instance
from pymongo import MongoClient
import cbpro
mongo_client = MongoClient('mongodb://localhost:27017/')
# specify the database and collection
db = mongo_client.cryptocurrency_database
BTC_collection = db.BTC_collection
# instantiate a WebsocketClient instance, with a Mongo collection as a parameter
wsClient = cbpro.WebsocketClient(url="wss://ws-feed.pro.coinbase.com", products="BTC-USD",
mongo_collection=BTC_collection, should_print=False)
wsClient.start()
The WebsocketClient
subscribes in a separate thread upon initialization.
There are three methods which you could overwrite (before initialization) so it
can react to the data streaming in. The current client is a template used for
illustration purposes only.
import cbpro, time
class myWebsocketClient(cbpro.WebsocketClient):
def on_open(self):
self.url = "wss://ws-feed.pro.coinbase.com/"
self.products = ["LTC-USD"]
self.message_count = 0
print("Lets count the messages!")
def on_message(self, msg):
self.message_count += 1
if 'price' in msg and 'type' in msg:
print ("Message type:", msg["type"],
"\t@ {:.3f}".format(float(msg["price"])))
def on_close(self):
print("-- Goodbye! --")
wsClient = myWebsocketClient()
wsClient.start()
print(wsClient.url, wsClient.products)
while (wsClient.message_count < 500):
print ("\nmessage_count =", "{} \n".format(wsClient.message_count))
time.sleep(1)
wsClient.close()
A test suite is under development. Tests for the authenticated client require a
set of sandbox API credentials. To provide them, rename
api_config.json.example
in the tests folder to api_config.json
and edit the
file accordingly. To run the tests, start in the project directory and run
python -m pytest
The OrderBook
is a convenient data structure to keep a real-time record of
the orderbook for the product_id input. It processes incoming messages from an
already existing WebsocketClient. Please provide your feedback for future
improvements.
import cbpro, time, Queue
class myWebsocketClient(cbpro.WebsocketClient):
def on_open(self):
self.products = ['BTC-USD', 'ETH-USD']
self.order_book_btc = OrderBookConsole(product_id='BTC-USD')
self.order_book_eth = OrderBookConsole(product_id='ETH-USD')
def on_message(self, msg):
self.order_book_btc.process_message(msg)
self.order_book_eth.process_message(msg)
wsClient = myWebsocketClient()
wsClient.start()
time.sleep(10)
while True:
print(wsClient.order_book_btc.get_ask())
print(wsClient.order_book_eth.get_bid())
time.sleep(1)
Unit tests are under development using the pytest framework. Contributions are welcome!
To run the full test suite, in the project directory run:
python -m pytest
1.1.2 Current PyPI release
1.0
0.3
0.2.2
0.2.1
WebsocketClient
to operate intuitively and restructured example
workflow.0.2.0
0.1.2
0.1.1b2
FAQs
The newly edited unofficial Python client for the Coinbase Pro API for use by SCR only.
We found that cbpro-SCR demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.