API

  • How to reconfigure API trading automation to Noones?

    In order to use the same automation software, you need to make a few changes depending on the type of API you are using.

    Typically, an API integration requires the following configuration items:

    • API Keys. Your software communicates with Noones to access your data (e.g. update offers for price management, access to trading chats, etc.)
    • Webhooks (optional). Your software can receive notifications of various events (for example, the start of trading, a new message in a trading chat) and respond to them.

    There are currently 2 types of API keys available.

    In addition to accessing your own data, OAuth2 API keys allow your application to access other users's data and act on their behalf if they grant such access. HMAC and OAuth2 keys use different authentication algorithms, so check with your developer before proceeding with the configuration. 

    Note: Authentication is required to access all API methods. Please make sure you pass authorization headers even for methods like /currency/list or /offer/all which don't require user context.

     

    HMAC API 

    API Access 

    1. Log in to your Noones account, hover over your username on the top right of the page and click Settings from the context menu that appears.
      Settings_page.png
    2. On the menu on the left side of the page, click Developer.
      Developers_page.png

      The Developer page appears.

    3. Insert the two-factor code in the field below and click Add new API key.
      API_Key_2FA.png
      Your new API key appears on the Developer page alongside with additional sections. Save the Key and Secret. They will be used later for API Authentication.

    4. Enable endpoints that are used by your software
      HMAC_Endpoints.png

    5. Update your software configuration with the new API Key and Secret.

    6. Change the base API URL: https://noones.com/api

    Webhooks

    1. Update your software configuration to support new Validation headers:

       

      Header name

      Description

      X-Noones-Request-Challenge

      Webhook address verification request

      X-Noones-Signature

      Webhook event notification

       

    2. Open the Developer page and scroll to the Webhooks section
    3. Paste the link of your public application endpoint into the Request URL field and click Save.
    4. In case of success, a list of events available for subscription appears below. Tick a box to select an event from the Subscribe to events list.

    HMAC API Changes

    • wallet/* methods are not available anymore. Please contact us if you have used any of these methods.

    OAuth 2.0 API 

    Direct Access 

    1. Authenticate in Developers Portal
    2. Navigate to the Direct Access Dashboard
    3. Start API Key creation wizard
      mceclip0.png
    4. Enter a name for your key 
      mceclip1.png
    5. Make sure you've selected the Noones API product on the list and press "Create Key" button
      mceclip2.png
    6. Find the new created API key in the list and copy its Key ID
      mceclip3.png
    7. Click on the blobid0.png icon and enter your password
      mceclip4.png
    8. After successful authentication you will be able to copy your API Key's Secret
      mceclip5.pngDon't share your API Key Secret with anyone under any circumstances. 
    9. Update your software configuration with the new credentials (API Key, API Secret) and the following endpoints:
      Token endpoint https://auth.noones.com/oauth2/token
      API Gateway endpoint https://api.noones.com/

    Delegated Access 

    1. Authenticate in Developers Portal
    2. Navigate to the Delegated Access Dashboard
    3. Start Application creation wizard
      mceclip6.png
    4. Enter a name for your Application and upload its Logo if required
      mceclip8.png
    5. Make sure you've added the following Products:
      • Noones API
      • Sign in with Noones
    6. Fill-in your Contact details
      mceclip9.png
    7. On the last step enter the Callback URL where a user will be redirected to upon successful authentication and click on "Create App" button.
      mceclip10.png
    8. Find the new created API Application in the list and copy its Key ID
      mceclip11.png
    9. Click on the blobid0.png icon and enter your password
      mceclip4.png
    10. After successful authentication you will be able to copy your App Secret
      mceclip13.png
      Don't share your API Key Secret with anyone under any circumstances. 
    11. Update your software configuration with the new credentials (App Key, App Secret) and the following endpoints:
      Authorization endpoint https://auth.noones.com/oauth2/authorize
      Token endpoint https://auth.noones.com/oauth2/token
      API Gateway endpoint https://api.noones.com/

    Webhooks

    1. Update your software configuration to support new Authentication headers:

      Header name

      Description

      X-Noones-Request-Challenge

      Webhook address verification request

    2. Authenticate in Developers Portal
    3. Navigate to the Direct Access Dashboard and scroll to the Webhooks section
    4. Click on the "Add Webhook" button
      mceclip14.png
    5. Create a webhook by specifying its URL and choose the events you want
      mceclip15.png
    6. Click on "Save" button. 
      mceclip17.png

    OAuth2 API Changes

    • wallet/* methods are not available anymore. Please contact us if you have used any of these methods.
  • What is API ?

    Application programming interfaces (APIs) are for developers or businesses that want to create applications to connect with Noones. For more information, click here.

  • Setting Up Webhooks
    Webhooks allow you to receive real-time HTTPS notifications of events on the Noones marketplace. For example, we could send you a notification when a new trade starts or whenever your trade partner sends a message in a trade chat. This prevents you from having to query the API for changes to objects that may or may not have happened and helps you avoid reaching your rate limit. This guide will describe how exactly you can set up Webhooks with Noones.

    We support Webhooks for the following events:

    • New incoming trade on Noones
    • Message received in trade chat
    • Attachment received in trade chat
    • Someone has viewed your Noones profile
    • Someone has viewed your offer
    • Trade partner has paid for their crypto
    • Trade was cancelled or has expired
    • Crypto sold successfully
    • Crypto purchased
    • Crypto deposit confirmed
    • Incoming crypto deposit is pending
    • Feedback received from a trade partner
    • New feedback reply received

    Setting up Webhooks

    Note: Make sure your service is ready for receiving Webhooks. During the URL saving process, your service should take the "X-Noones-Request-Challenge" request header and put it into the response as-is.

    Here is how our request header should appear in your payload (this is a Webhooks service example in Node.js):

    1. Log in to your Noones account, hover over your username on the top right of the page and click Settings from the context menu that appears.

    The Settings page appears.

    2. On the menu on the left side of the page, click Developer.

    The Developer page appears.

    3. In case you don’t have an API key, insert the two-factor code in the field below and click Add new API key. If you already have an API key, you can skip this step. 

    Your new API key appears on the Developer page alongside with additional sections.

    4. Copy the URL from your app.
    Go to the Webhooks section on the Noones Developer page. Paste the link into the Request URL field and click Save.

    Warning: Our Webhooks are supported by HTTPS address types only. HTTP addresses will not work for this purpose.


    A request header is sent to your app.

    Note: We have a timeout of 10 seconds. In case if we do not receive a response from your app, the URL will not be saved, and a Webhook will not be created.

    5. In case of success, a list of events available for subscription appears below. Tick a box to select an event from the Subscribe to events list.

    Note:

    • Once selected, events are saved automatically.
    • In the case of three failed attempts to send event information to your app, Webhook (URL) becomes disabled. Timeout for calling a Webhook is 3 seconds.
    • To insert a new link, replace the current URL with the new one and click Change
    • To deactivate your Webhooks completely, click Delete.
    • To reactivate a disabled URL, click Retry.

    In case if request URL is saved successfully, this is how our events will appear in your app:

    Verifying requests from Noones

    Noones creates a unique string for your app and shares it with you. Verify requests from Noones with confidence by verifying signatures using your signing secret.

    On each HTTPS request sent, we add an "X-Noones-Signature" HTTPS header. The signature is created by combining the signing secret with the body of the request we're sending using a standard HMAC-SHA256 keyed hash.

    Note: The resulting signature is unique to each request and doesn't directly contain any secret information. That keeps your app secure, preventing bad actors from causing mischief.

    Example in JavaScript

    const crypto = require('crypto');
    const express = require('express');
    const app = express();
    const port = 3000;
    const bodyParser = require('body-parser');

    Your API secret from the https://noones.com/p2p/account/developer page:

    const apiSecret = 'maE5KV16FV0nDyh7XPm2F8f8FZTdtb5p';
    
    app.use(bodyParser.json());

    When you receive a service address verification request, you should take the "X-Noones-Request-Challenge" header from the request then put it into the response.

    app.use((req, res, next) => {
    

    The address verification request doesn't contain the payload and request signature.

      if (!Object.keys(req.body).length && !req.get('X-Noones-Signature')) {
            console.log('Address verification request received.');
            const challengeHeader = 'X-Noones-Request-Challenge';
            res.set(challengeHeader, req.get(challengeHeader));
            res.end();
        } else {
            next();
        }
    });

    When you receive event notification, you should verify the "X-Noones-Signature" header. In case the request contains the wrong signature, do not process it.

      app.use((req, res, next) => {
        const providedSignature = req.get('X-Noones-Signature');
        const calculatedSignature = crypto.createHmac('sha256', apiSecret).update(JSON.stringify(req.body)).digest('hex');
        if (providedSignature !== calculatedSignature) {
            console.log('Request signature verification failed.');
            res.status(403).end();
        } else {
            next();
        }
    });

    Now you can process an event.

      app.post('*', async (req, res) => {
        console.log('New event received:');
        console.log(req.body);
        res.end();
    });
    
    app.listen(port, () => console.log(`Example app listening at http://localhost:${port}`));

    Reach out to our Support in case of any additional questions. You can also learn more about our API services in our developers' documentation.