Encrypted password?

9 posts / 0 new
Last post
APItrader
Encrypted password?

How do I encrypt the password if I am not using either of the four platforms listed at:

https://labs.ig.com/loginrestrictions

Is there "generic documentation" somewhere?

falex
Good question APITRader, I'm

Good question APITRader, I'm using python and if the ciphering code don't work with python I'll could be a little confused.

Any explanation Chris, on how do we need to encrypt the password ?

Chris
Encrypted password?

Hi both,

Encryption is not required but some markets specifically request that we add this extra level of security. The encryption is there to principally prevent 'man in the middle attacks'; so usually is not required unless you are working in an environment that you may not be able to trust - i.e. a public machine in a coffee shop. However, the SDKs do have examples for encrypting the passwords.

An outline of how to do this is:

1) call /session/encryptionKey which gives a key and timestamp [see https://labs.ig.com/rest-trading-api-reference/service-detail?id=151]
2) create a RSAToken using the key.
3) encrypt password + "|" + timestamp

Thus the RSAToken will only be valid for a short amount of time.

I hope this helps.

Chris

falex
Ok fine Chris.

Ok fine Chris.

I'll do a try asap :-)

leegc
Encrypted password?

I'm using python and Crypto for my program to encrypt password. The following is my sample codes. When I run the codes, I encountered HTTP error 403, in which I can't figure why. Hope someone could enlighten me.

# Source Codes

import requests
import base64

from Crypto.PublicKey import RSA

url = "https://api.ig.com/gateway/deal"
identifier = ""
password = ""
m_apiKey = ""

session = "/session/encryptionKey"
my_url = url + session
headers = {"Content-Type": "application/json; charset=utf-8",
"Accept": "application/json; charset=utf-8",
"X-IG-API-KEY": m_apiKey
}

r = requests.get(my_url, headers=headers)

#r.status_code
#200

myData = r.json()
decoded = base64.b64decode(myData['encryptionKey'])
key = RSA.importKey(decoded)
enc = key.encrypt(password + '|' + str(myData['timeStamp']), 'x')
encryptedPassword = enc[0]

session = "/session"
my_url = url + session

headers = {"Content-Type": "application/json; charset=utf-8",
"Accept": "application/json; charset=utf-8",
"X-IG-API-KEY": m_apiKey,
"Version": "2"
}

payload = {"identifier": identifier,
"password": encryptedPassword,
"encryptedPassword": "True"
}

r = requests.post(my_url, payload, headers)
r.status_code

# 403

Chris
Encrypted password?

Hi leegc,

It seems everything is good from looking at the above, although we cannot see that the identifier is ever assigned. Can you drop us a message via the Contact Us section, confirming your account ID and we can take a look at the full logs.

Thanks,
Chris

euphemia
Hi Chris,

Hi Chris,

I have the same issue like with Ieegc with similar codes using Crypto from Python. Any solution for that?

Thanks,

wagerfield
JavaScript implementation

Hello all,

I am working on a JavaScript wrapper around the IG API, but am struggling to figure out how to get password encryption to work.

I have created a small repository demonstrating my approach using the node-rsa package to create an RSA token from the encryptionKey, but cannot get it to work.

I keep getting the response error "error.security.invalid-details"

I have explained the problem in more detail in the repository readme:

https://github.com/wagerfield/ig-login#problem

Please could I get some assistance on this?

Many Thanks,

Matthew

wagerfield
NPM Package

Further to my previous comment, I have now published my JavaScript wrapper to NPM:

https://www.npmjs.com/package/ig-api

I hope this is useful to someone. Comments, pull requests etc. always welcome.

I still need to add password encryption, but will have to await a response on my previous message in order to do so...

Log in or register to post comments