Making our platform more awesome with developers producing awesome intuitive useful solutions is where we are at. Still work in progress, but read on.
Developers that visit our platform will be aware of the many feature-rich end points on our API. We provide access to reports, and allow developers to build applications to interact with our data. As a developer, you can currently do all of the following;
These are great ways for us to get further engagement within our platform and for developers to showcase their expertise in developing meaningful applications demonstrating their knowledge of the cryptocurrency space. We recognised that better opportunities exist to allow developers to monetise their efforts when users are using that applications within our platform. This comes with a number of powerful advantages, but the risk for manipulation. We have sought to devise a mechanism which tracks requests and audits requests by the developer's application. This feature is still in pilot mode and we have more work to do to enhance this.
This article describes the new API endpoints and the proposed mechanism for onboarding new developer applications on our website. We see this as a partnership, although not legally binding with no promise of future value, but nevertheless still a potential revenue generating exercise.
We will be updating this document and others with instructions on how to interact with our platform.
You should read the further reference material links at the bottom of this article. Like most secured APIs, for developers to use our API they need to pass a secured API Key header in the request along with the defined data required by the application/API endpoint. We have the potential to add charging to most API endpoints. This means developers must have a positive account balance (in credit) to query the API from outside of the www.cryptostatto.com domain.
We have included C# code to demonstrate how we interact with our API. Obviously, you need to write your own code.
You are able to set up your API details through our member manager portal. My Manager
Alternatively, please read on.
{"emails" : ["tim@buctoo.com", "heavyfuel@direstraits.net"], "tokens" : ["your-guid-member-token1","your-guid-member-token2"]}
Two email addresses need to be supplied. You will receive an email in each inbox and you will need to click on the links. This will activate the account. The reason for activating the emails manually is to add a degree of humanity to the process.
[Category("RegistrationAndAuthenticationTest Website And Email Population")]
[TestCase("http://www.cryptostatto.com/api/Register", "POST")]
[Order(18)]
public void Register(string endpoint, string method)
{
var mails = GetTestingEmailAddresses().Select(x => new { Email = x });
var postData = GetTestingEmailAddresses().Select(x => new { Email = x });
Assert.AreEqual(GetTestingEmailAddresses().Count(), postData.Count());
Assert.AreNotEqual(0, postData.Count());
var result = restRertieverRaw.RetrieveFromJsonParameter(endpoint, string.Empty, postData.Serialise(), method, new Dictionary<string, string>());
Assert.AreEqual(HttpStatusCode.OK, result.ResponseStatus);
}
Within the application, a similar process to registration occurs, you add your emails to the signin page - Signin. The user receives signin emails with links to sign in. Once these emails are verified, the user is then signed into the website. There is no benefit to trying to signin to the API as this is purely for the user to use the website as a signed in user.
A Faucet is our way of permitting users to interact with the API with a limited amount of credit. Part of the Faucet process adds member tokens to our platform.
[Category("User Operation Tests Accounting Activities")]
[TestCase("http://www.cryptostatto.com/api/MemberOperation", "POST", "ApplyFaucet")]
[Order(11)]
public void ApplyFaucetBasedUponExistingMemberAccount(string endpoint, string method, string accountingOperation)
{
this.PerformAccountingOperationFromEmails(endpoint, method, accountingOperation);
}
public void PerformAccountingOperationFromEmails(string endpoint, string method, string accountingOperation, Dictionary<string,string> headers = null )
{
var mails = GetTestingEmailAddresses();
OperationConfirmation oc = new OperationConfirmation
{
AccountingOperation = accountingOperation
,
Confirmed = true,
ExtraData = mails.Serialise()
};
Assert.AreNotEqual(0, mails.Count());
var result = restRertieverRaw.RetrieveFromJsonParameter(endpoint, string.Empty, oc.Serialise(), method, headers ?? new Dictionary<string, string>());
Assert.AreEqual(HttpStatusCode.OK, result.ResponseStatus);
}
Once the faucet has been activated you can request member tokens.
It is a simple case of passing your email addresses you registered with to the member operation endpoint. You will then receive your member tokens in your inboxes if they match.
[Category("User Operation Tests Accounting Activities")]
[TestCase("http://www.cryptostatto.com/api/MemberOperation", "POST", "EmailMyTokens")]
[Order(14)]
public void EmailMyTokensBasedUponExistingMemberAccount(string endpoint, string method, string accountingOperation)
{
this.PerformAccountingOperationFromEmails(endpoint, method, accountingOperation);
}
public void PerformAccountingOperationFromEmails(string endpoint, string method, string accountingOperation, Dictionary<string,string> headers = null )
{
var mails = GetTestingEmailAddresses();
OperationConfirmation oc = new OperationConfirmation
{
AccountingOperation = accountingOperation
,
Confirmed = true,
ExtraData = mails.Serialise()
};
Assert.AreNotEqual(0, mails.Count());
var result = restRertieverRaw.RetrieveFromJsonParameter(endpoint, string.Empty, oc.Serialise(), method, headers ?? new Dictionary<string, string>());
Assert.AreEqual(HttpStatusCode.OK, result.ResponseStatus);
}
You now have your member tokens and e-mail addresses, we now simply pass these two see authenticate token endpoint.
[TestCase("http://www.cryptostatto.com", "api/AuthenticateToken", 5, 15, "POST")]
[Order(18)]
public void LogonByPassingBearerTokenToWebsite(string url, string resource, int maxAttempts, int delayInSeconds, string method)
{
var tokens = tokenRetriever.GetTokens();
var emails = GetTestingEmailAddresses();
var bearerTokenLogonDetail = new BearerTokenLogonDetail
{ emails = emails, tokens = tokens };
IRestFactory<BearerTokenLogonDetail, string> restFactoryRetriever = new RestFactory<BearerTokenLogonDetail, string>();
var result = restFactoryRetriever.Retrieve( bearerTokenLogonDetail, method, url, resource, new Dictionary<string, string>());
var bearerToken = result.ResponseHeaders.First(x => x.Name == nameof(APIKey)).Value;
Assert.False(string.IsNullOrEmpty(bearerToken));
APIKey = bearerToken;
}
If you are concerned your account has been compromised, you can generate new tokens. Once the request submitted and you have your new tokens, these can be used instead. If you are really concerned, please email support@cryptostatto.com and we generate new tokens on our side, sending them to your emails.
[Category("User Operation Tests Accounting Activities")]
[TestCase("http://www.cryptostatto.com/api/MemberOperation", "POST", "GenerateNewToken")]
[Order(19)]
public void GenerateNewTokensBasedUponExistingMemberAccount(string endpoint, string method, string accountingOperation)
{
var headers = new Dictionary<string, string>() { { nameof(APIKey), APIKey } };
this.PerformAccountingOperationFromEmails(endpoint, method, accountingOperation, headers);
}
Don't let that put you off trying this out. It will help us immensely.
This is for serious developers that wants to do things properly. You will need your own middleware as we will want you to return the json with your own signature. Furthermore, you will need an application name. In the short term, email us at support@cryptostatto.com if you want to test this out. We are adding portals presently.
For now, we are just including our integration test code for you to understand this as we have more testing and development to apply on this.
[Category("Charging Monetisation Tests Operation")]
[TestCase("http://www.cryptostatto.com", "api/MemberNonceCreator", "POST")]
[Order(15)]
public void GenerateNewTokensBasedUponExistingMemberAccount(string endpoint, string resource, string method)
{
var headers = new Dictionary<string, string>() { { nameof(APIKey), APIKey } };
var result = restRertieverRaw.RetrieveSimpleEndPoint(endpoint, resource, method, headers);
Assert.AreEqual(HttpStatusCode.OK, result.ResponseStatus);
MemberNonce = result.ResponseDataltem.GetObjectFromDeserialised<string>(); // VERY IMPORTANT...
}
[Category("Charging Monetisation Tests Operation")]
[TestCase("http://www.cryptostatto.com", "api/ApplicationNonceHandler", "POST", "Fantastic Application")]
[Order(16)]
public void SubmitUserApplicationNonceAsIfWeWereTheIntermediateApplication(string endpoint, string resource, string method, string applicationName)
{
var applicationHashResult = GetTargetApplicationHash().First().ApplicationHash;
var headers = new Dictionary<string, string>() { { nameof(APIKey), APIKey } };
ApplicationAuthentication applicationAuthentication = new ApplicationAuthentication
{
ApplicationHash = applicationHashResult
,
ApplicationName = applicationName
,
EncryptedNonce = MemberNonce
};
var result = restFactoryNonceSubmitterReceiver.Retrieve(applicationAuthentication, method, endpoint, resource, headers);
Assert.AreEqual(HttpStatusCode.OK, result.ResponseStatus);
}
In theory, it is quite simple. If you have an application inside our website;
Using our Secure API Key Endpoints for Billable Content 03 OCT 2023