Bitcoin Forum
April 19, 2014, 07:01:52 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: Bitoption.org API Discussion  (Read 3162 times)
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 09, 2011, 09:30:39 PM
 #1

I'm fielding a good number of requests, comments and questions from API developers at bitoption.org; I thought I'd put a spot in place for them here.


To get the ball rolling; added today:

/mailResetToken?name=<login_name>
/resetPassword?reset_token=<yourtoken>&newpass=<newpassword>



----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
1397890912
Hero Member
*
Offline Offline

Posts: 1397890912

View Profile Personal Message (Offline)

Ignore
1397890912
Reply with quote  #2

1397890912
Report to moderator
1397890912
Hero Member
*
Offline Offline

Posts: 1397890912

View Profile Personal Message (Offline)

Ignore
1397890912
Reply with quote  #2

1397890912
Report to moderator
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397890912
Hero Member
*
Offline Offline

Posts: 1397890912

View Profile Personal Message (Offline)

Ignore
1397890912
Reply with quote  #2

1397890912
Report to moderator
1397890912
Hero Member
*
Offline Offline

Posts: 1397890912

View Profile Personal Message (Offline)

Ignore
1397890912
Reply with quote  #2

1397890912
Report to moderator
1397890912
Hero Member
*
Offline Offline

Posts: 1397890912

View Profile Personal Message (Offline)

Ignore
1397890912
Reply with quote  #2

1397890912
Report to moderator
random_cat
Newbie
*
Offline Offline

Activity: 29


View Profile

Ignore
June 09, 2011, 10:48:34 PM
 #2

I see you improved the formatting for the history; much easier on the eyes.  You might also improve the sorting so the commission always falls after the purchase/sale; It'd be nice for writes to say 'sell.'  Just some eye candy ideas.
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 09, 2011, 10:50:18 PM
 #3

Good thoughts.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 10, 2011, 04:17:03 AM
 #4

Also up today:


listOpenContracts(token)
 you get back rows with bidId and askId among other things.
cancelOpenBid(token,bidId)
cancelOpenAsk(token,askId)




----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 10, 2011, 06:21:52 PM
 #5

a note on /bid and /ask:

The api documentation incorrectly states that you price them with bid= and ask=.

This has been changed to bidask= for both, simplifying things a bit.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 10, 2011, 06:45:20 PM
 #6

Correct usage for canceling open options:



cancelOpenBid?token=&bidId=
cancelOpenAsk?token=&askId=

I incorrectly had something else here earlier.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
random_cat
Newbie
*
Offline Offline

Activity: 29


View Profile

Ignore
June 11, 2011, 02:38:31 AM
 #7

still seeing 500 response on attempt to exercise contractId 19
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 11, 2011, 04:33:39 AM
 #8

That's because I'm an idiot. It's fixed, or should be.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
random_cat
Newbie
*
Offline Offline

Activity: 29


View Profile

Ignore
June 11, 2011, 04:26:32 PM
 #9

Not yet.
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 11, 2011, 06:48:32 PM
 #10

Hit me up on email / google talk, we'll get it sorted.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 11, 2011, 06:53:31 PM
 #11

Update, I believe it is working now. A second typo, sorry.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile

Ignore
June 16, 2011, 05:52:53 AM
 #12

There are two thing I would really like to see in the API.

First, I'd like the ability to change the bid/ask price on an open contract. It just seems cleaner than canceling and replacing, and it shouldn't be too hard to implement. This would be nice on the website too.

Second, and this one is harder, I'd like to be able to place an expiration on my open contracts. A time expiration would make me feel a lot more confidant and safer, especially if I were running a bot. If I get disconnected somehow, I know my open contracts will expire in an hour or two or whatever I set. Along with this should go a "renew" option which would let me change the expiration time.

Along the line of an expiration time, it would be nice to perhaps have an expiration price. If mt gox trades above, or below, a certain price the open contract gets canceled. This could by default be set (for asks at least) to anything that would instantly be in the money, since I'm pretty sure that no one ever wants to write a contract that is immediately in the money. This would require getting constant data from mt gox, but perhaps it could be implemented.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 16, 2011, 07:00:08 AM
 #13

OK, So let's agree on some functionality here.

There's no point in changing the strike of a bid, plus we may tie margin logic to different strike prices, so

updateBid:
  token
  bidId
  bidask(optional)
  expiredate(optional)
  cancelifbtcusdgt(optional)

updateAsk:
  token
  askId
  bidask(optional)
  expiredate(optional)
  cancelifbtcusdgt(optional)

 
Expire dates are relatively easy. Stop Loss prices have a whole bunch of problems, including (but not limited to):

. Possible manipulation some day when the options market grows
. Thin markets in down trading times
. Mt Gox websockets / order book functionality is not perfect and might miss something
. Significant database load; we're essentially queuing an update / delete on every websocket notice. This may be non-scalable.


There's also the question of what you actually do with the them once expired; I'd say they should stick around and get annotated 'canceled when blah happened.'  A good 25% of support questions are currently "what happened to my XXX?" Of those, 20% have been the market so far, the rest are people just being confused, bad interface, or memories.

The more I think about it, the more I think the bid bot should be responsible for keeping track of Gox, or Tradehill, or wherever. I'll shoot you some python websockets code that you can include in the bot for just such a purpose; I think I have your e-mail right?

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 16, 2011, 07:56:18 AM
 #14

I also propose:

updateAllStrikeBids:
  strike
  underlying
  type
  date
  bidask=optional
  num=optional
  expireTime=optional

updateAllDateStrikeAsks:
  strike
  underlying
  type
  date
  bidask=optional
  num=optional
  expireTime=optional


I would anticipate even a vaguely sophisticated bot is going to tier out its bids/asks, so this second set might or might not be useful, but I want to make sure to support a sort of 'everything in this line should change' function.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile

Ignore
June 16, 2011, 10:06:47 AM
 #15

Sounds good. Yeah, I thought that the stop loss system would lead to a whole bunch of problem. I suppose one can assume their bot will handle it.

I'm not sure I followed where you are going with updateAllStrikeBids. Is the idea to push all of your bids up or down a little. I admit that might be useful, depending on the final implementation of the bot.

And updateAllDateStrikeAsks, is there a reason that has a "date" in the name while the other doesn't? I'm still not completely familiar with the API so I might be missing the obvious.

PS you should have my email, I signed up with mine.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 16, 2011, 02:33:47 PM
 #16



I think you may at times want to send a bunch of bulk updates, like "I've got bids and asks in on these dates at these strikes, for this strike and date, update / reset all my bids and asks." This bears a little more consideration, I think. Let's start with the first two and see what needs we have.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 18, 2011, 10:00:58 AM
 #17

Major update for API Developers:

We have moved to using posts for many API requests. I'll update here when I've had a break. Read our main thread for information about CSRF vulnerability cuddlefish pointed out to us today.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile

Ignore
June 19, 2011, 02:39:13 PM
 #18

Looking at the API, I was a little concerned by the fact that we are sending passwords in plaintext, and not a hash. I know we are using https, but I do hope that the passwords are not being stored in plaintext? A salted hash is best security practice for storing passwords. A random salt for each user, perhaps generated from their username is best, so that a brute force attack can't be used against everyone at once..

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile

Ignore
June 19, 2011, 05:53:23 PM
 #19

Someone just made a fortune buying 10,000 bitcoins at $0.01 a piece and it wasn't me!!!

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitoption
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW

Ignore
June 19, 2011, 07:41:40 PM
 #20

I have some low buy offers in; I'm curious how they'll deal with those. Sounds like we will have a 'go back in time' moment.

Here's how password security on bitoption works:

1) We take your password via an SSL-only POST request.  (This used to be a GET request before we turned on the anti-CSRF functionality. POST is marginally more secure; some logs will log the entire URL, so there was a chance of leakage that way, but it would only be at the endpoints of the request.) As it is, this is now encrypted end to end.

2) We have a sitewide secret salt that is used in all hashes

3) We have a per-account 'nonce' that is used to salt the password.

4) We store only the sha-256 hash of the password,secret,and nonce.

As far as I know, the combination of 3 and 4 is industry best practices for one factor authentication; it means that a rainbow attack is computationally difficult, in that each rainbow table is only effective for one account.

Happy to take further suggestions.

----** In Beta: The First Bitcoin Options Market ----**

Explanation and discussion: http://forum.bitcoin.org/index.php?topic=9611.0

API Developer Thread:
http://forum.bitcoin.org/index.php?topic=14194.0

-----------------------------------------------------------
Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!