{"id":2774,"date":"2022-01-03T07:14:27","date_gmt":"2022-01-03T07:14:27","guid":{"rendered":"https:\/\/www.nathankowald.com\/blog\/?p=2774"},"modified":"2022-01-03T21:38:11","modified_gmt":"2022-01-03T21:38:11","slug":"how-to-use-the-coinspot-api-v2-in-postman","status":"publish","type":"post","link":"https:\/\/www.nathankowald.com\/blog\/2022\/01\/how-to-use-the-coinspot-api-v2-in-postman\/","title":{"rendered":"How to use the CoinSpot API V2 in Postman"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Screenshots taken using Postman 9.7.1.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Generate your API key and API secret<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Log into CoinSpot and generate an API key at this URL: <br><a href=\"https:\/\/www.coinspot.com.au\/my\/api\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">https:\/\/www.coinspot.com.au\/my\/api<\/a><br><br>You have two choices:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Read Only:<\/strong>&nbsp;This key only allows you to <em>read<\/em> data from your account.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Full Access:<\/strong>&nbsp;This key allows<em> full access<\/em> to your account including digital currency withdrawals.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I chose Full Access because the API route I was interested in &#8211; <strong>\/my\/coin\/withdraw\/senddetails<\/strong> &#8211; requires full access. If you only want to use read only API routes, choose <strong>Read Only<\/strong> instead. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Important: <\/strong>Choosing <em>Full Access <\/em>and enabling <em>Coin Withdraw<\/em> means anyone with access to a Postman app connected to your API key and secret can transfer your crypto elsewhere.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"run-in-postman\">Run in Postman<\/h2>\n\n\n\n<div class=\"wp-block-jetpack-markdown\"><p><a href=\"https:\/\/app.getpostman.com\/run-collection\/2772925-f17ed29c-dd3d-4a07-81bf-8289d3a7f6b2?action=collection%2Ffork&amp;collection-url=entityId%3D2772925-f17ed29c-dd3d-4a07-81bf-8289d3a7f6b2%26entityType%3Dcollection%26workspaceId%3Ddc8dc046-72ce-44b9-8c1f-09db9fd5b8d6\"><img decoding=\"async\" src=\"https:\/\/run.pstmn.io\/button.svg\" alt=\"Run in Postman\"><\/a><\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">To make using the <a href=\"https:\/\/www.coinspot.com.au\/api\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Coinspot API V2 (BETA) API<\/a> as easy as possible &#8211; and enable anyone to fix bugs and make improvements &#8211; I created a Public Postman Workspace for the CoinSpot API V2 (BETA) API that you can Fork, add your own API key and secret and be up and running in no time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Click the &#8220;Run in Postman&#8221; button, then edit the <strong>key<\/strong> and <strong>secret<\/strong>  Environment variables &#8211; <strong>Current Values<\/strong> with your own CoinSpot API key and secret and you will be ready to go!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"375\" src=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-1024x375.png\" alt=\"\" class=\"wp-image-2799\" srcset=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-1024x375.png 1024w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-300x110.png 300w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-768x281.png 768w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-1536x563.png 1536w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-2048x750.png 2048w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-900x330.png 900w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-env-vars-update-current-values-1280x469.png 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption>Add your API key and API secret into the CURRENT VALUE fields.<\/figcaption><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Initial values are shared when you share a collection or environment. Current values are local and not synced or shared.<\/p><\/blockquote>\n\n\n\n<div class=\"wp-block-jetpack-markdown\"><p><a href=\"https:\/\/app.getpostman.com\/run-collection\/2772925-f17ed29c-dd3d-4a07-81bf-8289d3a7f6b2?action=collection%2Ffork&amp;collection-url=entityId%3D2772925-f17ed29c-dd3d-4a07-81bf-8289d3a7f6b2%26entityType%3Dcollection%26workspaceId%3Ddc8dc046-72ce-44b9-8c1f-09db9fd5b8d6\"><img decoding=\"async\" src=\"https:\/\/run.pstmn.io\/button.svg\" alt=\"Run in Postman\"><\/a><\/p>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Preview the CoinSpot API V2 (Beta) Postman Workspace <\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.postman.com\/n8kowald\/workspace\/coinspot-api-v2-beta\/overview\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">https:\/\/www.postman.com\/n8kowald\/workspace\/coinspot-api-v2-beta\/overview<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Postman Workspace Organisation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Postman Collection is split into Public, API and Read Only collection folders.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Most cointype values default to BTC. <br>The place order inputs are intentionally blank.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"662\" src=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-1024x662.png\" alt=\"\" class=\"wp-image-2803\" srcset=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-1024x662.png 1024w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-300x194.png 300w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-768x496.png 768w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-1536x992.png 1536w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-2048x1323.png 2048w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-900x581.png 900w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-collection-organ-1280x827.png 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">About CoinSpot API V2 Security<\/h2>\n\n\n\n<aside class=\"wp-block-group has-background\" style=\"background-color:#ffffec\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<h2 class=\"wp-block-heading\">CoinSpot API v2 Security<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This information is shared from CoinSpot&#8217;s <a href=\"https:\/\/www.coinspot.com.au\/v2\/api\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">API docs<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The API is secured by using a shared secret key to create a HMAC with the SHA512 cryptographic hash function. Hash-based message authentication code (HMAC) is a mechanism for calculating a message authentication code involving a hash function in combination with a secret key. This can be used to verify the integrity and authenticity of a a message.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All requests to the POST API requests will need to include the following security data.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Headers<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>key<\/strong>&nbsp;&#8211; Your API key generated from the settings page<br><strong>sign<\/strong>&nbsp;&#8211; The POST data is to be signed using your secret key according to HMAC-SHA512 method.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Post Params<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>nonce<\/strong>&nbsp;&#8211; Any integer value which must always be greater than the previous requests nonce value.<\/p>\n<\/div><\/aside>\n\n\n\n<p class=\"wp-block-paragraph\">It took a lot of trial and error to work out how to generate this <strong>sign<\/strong> header using MHAC-SHA512 in Postman. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Add a Pre-request Script to generate the HMAC sign header value<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The required nonce is generated from the current unix timestamp to fulfil the requirement of &#8220;<meta charset=\"utf-8\">value which must always be greater than the previous requests nonce value&#8221;.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>let nonce = new Date().getTime();\npm.collectionVariables.set('nonce', nonce);\n\nfunction getHMAC(requestBody) {\n    const SECRET_KEY = pm.variables.get(\"secret\");\n    let postBody = pm.variables.replaceIn(requestBody);\n\n    return CryptoJS.HmacSHA512(postBody, SECRET_KEY).toString();\n}\n\npm.request.headers.add({key: 'sign', value: getHMAC(request&#91;'data'])});<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"662\" src=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-1024x662.png\" alt=\"\" class=\"wp-image-2800\" srcset=\"https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-1024x662.png 1024w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-300x194.png 300w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-768x496.png 768w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-1536x993.png 1536w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-2048x1324.png 2048w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-900x582.png 900w, https:\/\/www.nathankowald.com\/blog\/wp-content\/uploads\/2022\/01\/postman-pre-request-script-updated-1280x827.png 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Screenshots taken using Postman 9.7.1. Generate your API key and API secret Log into CoinSpot and generate an API key at this URL: https:\/\/www.coinspot.com.au\/my\/api You have two choices: Read Only:&nbsp;This key only allows you to read data from your account. Full Access:&nbsp;This key allows full access to your account including digital currency withdrawals. I chose [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2808,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,34],"tags":[],"class_list":["post-2774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency","category-tutorial"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/posts\/2774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/comments?post=2774"}],"version-history":[{"count":17,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/posts\/2774\/revisions"}],"predecessor-version":[{"id":2810,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/posts\/2774\/revisions\/2810"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/media\/2808"}],"wp:attachment":[{"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/media?parent=2774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/categories?post=2774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nathankowald.com\/blog\/wp-json\/wp\/v2\/tags?post=2774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}