{"_id":"56326ea3df556c0d00cd08f6","__v":0,"category":{"_id":"56326e9ddf556c0d00cd08cc","__v":1,"project":"544fc17e698ab40800b4f891","version":"56326e9cdf556c0d00cd08ca","pages":["56326ea3df556c0d00cd08f6","56326ea3df556c0d00cd08f7","56326ea3df556c0d00cd08f8"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-05-01T05:42:46.293Z","from_sync":false,"order":1,"slug":"authentication","title":"Authentication"},"parentDoc":null,"project":"544fc17e698ab40800b4f891","user":"544fc065698ab40800b4f888","version":{"_id":"56326e9cdf556c0d00cd08ca","project":"544fc17e698ab40800b4f891","__v":2,"createdAt":"2015-10-29T19:08:12.724Z","releaseDate":"2015-10-29T19:08:12.724Z","categories":["56326e9ddf556c0d00cd08cb","56326e9ddf556c0d00cd08cc","56326e9ddf556c0d00cd08cd","56326e9ddf556c0d00cd08ce","56326e9ddf556c0d00cd08cf","56326e9ddf556c0d00cd08d0","56326e9ddf556c0d00cd08d1","56326e9ddf556c0d00cd08d2","56326e9ddf556c0d00cd08d3","56326e9ddf556c0d00cd08d4","56d942ac337fd11300d6a251"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"collector","version_clean":"2.1.0","version":"2.1"},"updates":["55e00d886bad670d0081f18f"],"next":{"pages":[],"description":""},"createdAt":"2015-05-01T09:01:57.826Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"You can use either HMAC or OAuth to authenticate with the coins API. Both authentication methods work with all functionalities of the API, and both honor the scopes defined in the Application Client.\n\n* [HMAC](doc:hmac) - HMAC requests are executed using the developer's account.\n* [OAuth2](doc:oauth) - OAuth2 uses the application user's account to execute requests.\n\nPick one authentication method depending on the needs of your application. These methods should not be combined. In the event where both OAuth and HMAC authorization are used in a single request, HMAC authorization will take precedence.\n\nYou can use the following code examples as templates on how to implement either HMAC or OAuth2:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"import requests\\nimport hashlib\\nimport hmac\\nimport time\\nimport json\\n\\nAPI_KEY = 'YOUR_API_KEY'\\nAPI_SECRET = 'YOUR_API_SECRET'\\n\\nbody = {\\n    'currency': 'PHP',\\n    'btc_amount': 0.1,\\n    'payment_outlet': 'bdo',\\n    'bank_account_name': 'Customer bank account name',\\n    'bank_account_number': 'Customer bank account number',\\n}\\n\\nurl = 'https://coins.ph/api/v2/sellorder'\\n\\n# A nonce should only use once and should always be increasing\\nnonce = int(time.time() * 1e6)\\n\\nif body is None:\\n    # For GET requests\\n    message = str(nonce) + url\\nelse:\\n    # For POST requests\\n    body = json.dumps(body, separators=(',', ':'))\\n    message = str(nonce) + url + body\\nsignature = hmac.new(str(API_SECRET), message, hashlib.sha256).hexdigest()\\n\\nheaders = {\\n    'ACCESS_SIGNATURE': str(signature),\\n    'ACCESS_KEY': API_KEY,\\n    'ACCESS_NONCE': nonce,\\n    'Content-Type': 'application/json',\\n    'Accept': 'application/json'\\n}\\n\\n# For GET requests\\nresponse = requests.get(url, headers=headers)\\n\\n# For POST requests\\nresponse = requests.post(url, headers=headers, data=body)\\n\",\n      \"language\": \"python\",\n      \"name\": \"HMAC\"\n    },\n    {\n      \"code\": \"import requests\\n\\n# Get a new OAUth2 token\\nresponse = requests.post('https://coins.ph/user/api/authorize', data={\\n      'response_type': 'token',\\n      'client_id': 'YOUR_API_KEY',\\n      'scope': 'history user_identity',  # Optional\\n      'redirect_uri': 'http://example.com',  # Must be the same as defined in dashboard\\n})\\n\\n# Grab the token from the response URL\\ntoken = re.findall(\\n   r'access_token=(.*)&token_type',\\n   response.headers.get('Location')\\n)[0]\\n\\n# Use it for your requests\\nresponse = self.client.get(\\n    'api/v2/sellorder',\\n    headers={'Authorization': 'Bearer {}'.format(token)}\\n)\\n\",\n      \"language\": \"python\",\n      \"name\": \"OAuth\"\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"choosing-an-authentication-method","type":"basic","title":"Choosing an Authentication method"}

Choosing an Authentication method


You can use either HMAC or OAuth to authenticate with the coins API. Both authentication methods work with all functionalities of the API, and both honor the scopes defined in the Application Client. * [HMAC](doc:hmac) - HMAC requests are executed using the developer's account. * [OAuth2](doc:oauth) - OAuth2 uses the application user's account to execute requests. Pick one authentication method depending on the needs of your application. These methods should not be combined. In the event where both OAuth and HMAC authorization are used in a single request, HMAC authorization will take precedence. You can use the following code examples as templates on how to implement either HMAC or OAuth2: [block:code] { "codes": [ { "code": "import requests\nimport hashlib\nimport hmac\nimport time\nimport json\n\nAPI_KEY = 'YOUR_API_KEY'\nAPI_SECRET = 'YOUR_API_SECRET'\n\nbody = {\n 'currency': 'PHP',\n 'btc_amount': 0.1,\n 'payment_outlet': 'bdo',\n 'bank_account_name': 'Customer bank account name',\n 'bank_account_number': 'Customer bank account number',\n}\n\nurl = 'https://coins.ph/api/v2/sellorder'\n\n# A nonce should only use once and should always be increasing\nnonce = int(time.time() * 1e6)\n\nif body is None:\n # For GET requests\n message = str(nonce) + url\nelse:\n # For POST requests\n body = json.dumps(body, separators=(',', ':'))\n message = str(nonce) + url + body\nsignature = hmac.new(str(API_SECRET), message, hashlib.sha256).hexdigest()\n\nheaders = {\n 'ACCESS_SIGNATURE': str(signature),\n 'ACCESS_KEY': API_KEY,\n 'ACCESS_NONCE': nonce,\n 'Content-Type': 'application/json',\n 'Accept': 'application/json'\n}\n\n# For GET requests\nresponse = requests.get(url, headers=headers)\n\n# For POST requests\nresponse = requests.post(url, headers=headers, data=body)\n", "language": "python", "name": "HMAC" }, { "code": "import requests\n\n# Get a new OAUth2 token\nresponse = requests.post('https://coins.ph/user/api/authorize', data={\n 'response_type': 'token',\n 'client_id': 'YOUR_API_KEY',\n 'scope': 'history user_identity', # Optional\n 'redirect_uri': 'http://example.com', # Must be the same as defined in dashboard\n})\n\n# Grab the token from the response URL\ntoken = re.findall(\n r'access_token=(.*)&token_type',\n response.headers.get('Location')\n)[0]\n\n# Use it for your requests\nresponse = self.client.get(\n 'api/v2/sellorder',\n headers={'Authorization': 'Bearer {}'.format(token)}\n)\n", "language": "python", "name": "OAuth" } ] } [/block]