Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Python client for dYdX (v3 API).
The library is currently tested against Python versions 2.7, 3.4, 3.5, 3.6, 3.9, and 3.11.
The dydx-v3-python
package is available on PyPI. Install with pip
:
pip install dydx-v3-python
The Client
object can be created with different levels of authentication depending on which features are needed. For more complete examples, see the examples directory, as well as the integration tests.
No authentication information is required to access public endpoints.
from dydx3 import Client
from web3 import Web3
#
# Access public API endpoints.
#
public_client = Client(
host='http://localhost:8080',
)
public_client.public.get_markets()
One of the following is required:
api_key_credentials
eth_private_key
web3
web3_account
web3_provider
#
# Access private API endpoints, without providing a STARK private key.
#
private_client = Client(
host='http://localhost:8080',
api_key_credentials={ 'key': '...', ... },
)
private_client.private.get_orders()
private_client.private.create_order(
# No STARK key, so signatures are required for orders and withdrawals.
signature='...',
# ...
)
#
# Access private API endpoints, with a STARK private key.
#
private_client_with_key = Client(
host='http://localhost:8080',
api_key_credentials={ 'key': '...', ... },
stark_private_key='...',
)
private_client.private.create_order(
# Order will be signed using the provided STARK private key.
# ...
)
One of the following is required:
eth_private_key
web3
web3_account
web3_provider
#
# Onboard a new user or manage API keys, without providing private keys.
#
web3_client = Client(
host='http://localhost:8080',
web3_provider=Web3.HTTPProvider('http://localhost:8545'),
)
web3_client.onboarding.create_user(
stark_public_key='...',
ethereum_address='...',
)
web3_client.eth_private.create_api_key(
ethereum_address='...',
)
#
# Onboard a new user or manage API keys, with private keys.
#
web3_client_with_keys = Client(
host='http://localhost:8080',
stark_private_key='...',
eth_private_key='...',
)
web3_client_with_keys.onboarding.create_user()
web3_client_with_keys.eth_private.create_api_key()
By default, STARK curve operations such as signing and verification will use the Python native implementation. These operations occur whenever placing an order or requesting a withdrawal. To use the C++ implementation, initialize the client object with crypto_c_exports_path
:
client = Client(
crypto_c_exports_path='./libcrypto_c_exports.so',
...
)
The path should point to a C++ shared library file, built from Starkware's crypto-cpp
library (CMake target) for the particular platform (e.g. Linux, etc.) that you are running your trading program on.
If you want to run tests when developing the library locally, clone the repo and run:
pip install -r requirements.txt
docker-compose up # In a separate terminal
V3_API_HOST=<api-host> tox
NOTE: api-host
should be https://api.stage.dydx.exchange
to test in staging.
FAQs
dYdX Python REST API for Limit Orders
We found that dydx-v3-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.