Skip to content

xivira/miai-api

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

MyInvestor Account Interface (API)

ℹ️ About The Project

MyInvestor Account Interface API offers an easy to use interface for MyInvestor with TypeScript support.

⬇️ Installing

To add it to your project simply run npm install miai-api.

📚 Documentation

Importing the API

MIAI exports 4 main classes that allows for ESM-only import declarations.

import { MyInvestorAPI, MyInvestorAuthenticator, Auth, MyInvestorUserDataHandler } from 'miai-api';
// const { MyInvestorAPI, MyInvestorAuthenticator, Auth, MyInvestorUserDataHandler } = require('miai-api');// Won't work!

Getting your token

Before the API can be initialized, we must get the access token. You can get it with the static requestToken and validateAuthOTP methods found on the MyInvestorAPI class:

const data = {
  user: 'example',
  password: 'hunter32',
  device_id: (Math.random()*10000).toString() // This can be string, will require validaton the first time its used to request a token
}

// Try to authenticate
const auth_response = await MyInvestorAPI.requestToken(data.user, data.password, data.device_id);
if (!auth_response.success) throw response.failure_reason || 'invalid user or password'
if (auth_response.access_token) return auth_response.access_token;// device_id is already verified. Success!

// If the device_id is new and needs to be validated, the user receives and SMS with the validation code.
// For simplicity's sake we asume there is a magic function getUserInput()
const code = getUserInput();

let response = await MyInvestorAPI.validateAuthOTP(data.user, data.password, data.device_id, auth_response.opt_request_id, code);
if (!auth_response.success) throw response.failure_reason || 'invalid opt code'
return response.access_token;// Success!

The login process is tedious and error prone. Therefore, the MyInvestorAuthenticator class is offered, simplifying the process:

const auther = new MyInvestorAuthenticator(data);

const auth_response = await auther.getToken();

if(auth_response.token) return token;// Success!

const code = getUserInput();

return await auther.validateOTP(code).token;// Success!

Initializing the API

Once we have the authentication token, we can initialize the API. From there on we can use the exposed methods as desired. Most of them are pretty self explanatory.

const api = new MyInvestorAPI(token);

Handling user data

Handling user data is not always trivial. MyInvestorUserDataHandler class can help with safely storing user data if that is what we want to do. It is very opinionated as to how it works. It encrypts and decrypts the user data with the AES-192 cypher, salted and with an initialization vector to offer maximum security.

User data comprises of 4 attibutes:

Attirbute Usage
user MyInvestor username used for logging in
password MyInvestor password used for logging in
device_id Login identification. It can be any string. Each unique string must be validated via OTP (SMS).
signature MyInvestor signature used for validating operations (purchace, cancel orders)

NOTE: The signature attribute is optional and ideally user input should be required for validating each purchase.

const data = {
  user: 'example',
  password: 'hunter32',
  device_id: 'some_id',
  signature: 'my_signature'
}

const file = 'data.encrypted.json'

await MyInvestorUserDataHandler.encrypt(data, 'safe_password', file);

const encrypted_data = JSON.parse(readFileSync(file));

console.log(encrypted_data.iv); // Intialization Vector
console.log(encrypted_data.data); // Unreadable gibberish

const recovered_data = await MyInvestorUserDataHandler.decrypt('safe_password', file);

deepEquals(data, recovered_data); // true

Working with the API

Most api functions are queries about account data or financial products. This are pretty self explanatory and the code is self-decriptive. However, non-query orders which involve actual money are protected by requiring a validation with signature before each operation. For details on how MyInvestorAPI.ìnvest and MyInvestorAPI.cancel api methods work, check out the MyInvestorAPI.fullInvest and MyInvestorAPI.fullCancel methods which describe by example how it should be done.

🔨 Building

Install node and npm. Run npm install before using npm run build to build the library from source.

Built With

  • Node JS, portable executable environment
  • TypeScript, typing extension for JavaScript for developing more robust code

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published