freqtrade_origin/docs/rest-api.md

347 lines
12 KiB
Markdown
Raw Normal View History

2021-01-25 19:48:52 +00:00
# REST API & FreqUI
## FreqUI
Freqtrade provides a builtin webserver, which can serve [FreqUI](https://github.com/freqtrade/frequi), the freqtrade UI.
By default, the UI is not included in the installation (except for docker images), and must be installed explicitly with `freqtrade install-ui`.
This same command can also be used to update freqUI, should there be a new release.
Once the bot is started in trade / dry-run mode (with `freqtrade trade`) - the UI will be available under the configured port below (usually `http://127.0.0.1:8080`).
!!! info "Alpha release"
FreqUI is still considered an alpha release - if you encounter bugs or inconsistencies please open a [FreqUI issue](https://github.com/freqtrade/frequi/issues/new/choose).
!!! Note "developers"
Developers should not use this method, but instead use the method described in the [freqUI repository](https://github.com/freqtrade/frequi) to get the source-code of freqUI.
2019-05-18 08:24:22 +00:00
## Configuration
Enable the rest API by adding the api_server section to your configuration and setting `api_server.enabled` to `true`.
Sample configuration:
``` json
"api_server": {
"enabled": true,
"listen_ip_address": "127.0.0.1",
2019-05-25 12:16:59 +00:00
"listen_port": 8080,
2021-01-03 06:18:41 +00:00
"verbosity": "error",
"enable_openapi": false,
2020-05-10 17:42:06 +00:00
"jwt_secret_key": "somethingrandom",
2020-06-24 18:32:19 +00:00
"CORS_origins": [],
2019-05-25 12:16:59 +00:00
"username": "Freqtrader",
"password": "SuperSecret1!"
2019-05-18 08:24:22 +00:00
},
```
!!! Danger "Security warning"
By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet and choose a strong, unique password, since others will potentially be able to control your bot.
2019-05-25 12:16:59 +00:00
2019-11-11 19:25:44 +00:00
You can then access the API by going to `http://127.0.0.1:8080/api/v1/ping` in a browser to check if the API is running correctly.
2019-11-11 19:09:58 +00:00
This should return the response:
``` output
{"status":"pong"}
```
2020-05-10 17:42:06 +00:00
All other endpoints return sensitive info and require authentication and are therefore not available through a web browser.
2019-05-18 08:24:22 +00:00
2021-01-25 19:48:52 +00:00
### Security
To generate a secure password, best use a password manager, or use the below code.
``` python
import secrets
secrets.token_hex()
```
2021-01-25 19:48:52 +00:00
!!! Hint "JWT token"
2020-05-10 17:42:06 +00:00
Use the same method to also generate a JWT secret key (`jwt_secret_key`).
2021-01-25 19:48:52 +00:00
!!! Danger "Password selection"
Please make sure to select a very strong, unique password to protect your bot from unauthorized access.
Also change `jwt_secret_key` to something random (no need to remember this, but it'll be used to encrypt your session, so it better be something unique!).
2019-05-18 08:24:22 +00:00
### Configuration with docker
2020-08-06 05:54:54 +00:00
If you run your bot using docker, you'll need to have the bot listen to incoming connections. The security is then handled by docker.
2019-05-18 08:24:22 +00:00
``` json
"api_server": {
"enabled": true,
"listen_ip_address": "0.0.0.0",
"listen_port": 8080
},
```
2021-01-25 19:48:52 +00:00
Uncomment the following from your docker-compose file:
2019-05-18 08:24:22 +00:00
2021-01-25 19:48:52 +00:00
```yml
ports:
- "127.0.0.1:8080:8080"
2019-05-18 08:24:22 +00:00
```
2021-01-25 19:48:52 +00:00
!!! Danger "Security warning"
By using `8080:8080` in the docker port mapping, the API will be available to everyone connecting to the server under the correct port, so others may be able to control your bot.
2019-05-18 08:24:22 +00:00
2021-01-25 19:48:52 +00:00
## Rest API
2019-05-18 08:24:22 +00:00
2021-01-25 19:48:52 +00:00
### Consuming the API
2019-05-18 08:24:22 +00:00
You can consume the API by using the script `scripts/rest_client.py`.
2020-02-14 18:37:20 +00:00
The client script only requires the `requests` module, so Freqtrade does not need to be installed on the system.
2019-05-18 08:24:22 +00:00
``` bash
python3 scripts/rest_client.py <command> [optional parameters]
```
By default, the script assumes `127.0.0.1` (localhost) and port `8080` to be used, however you can specify a configuration file to override this behaviour.
2021-01-25 19:48:52 +00:00
#### Minimalistic client config
2019-05-18 08:24:22 +00:00
``` json
{
"api_server": {
"enabled": true,
"listen_ip_address": "0.0.0.0",
"listen_port": 8080
}
}
```
``` bash
python3 scripts/rest_client.py --config rest_config.json <command> [optional parameters]
```
2021-01-25 19:48:52 +00:00
### Available endpoints
2019-05-18 08:24:22 +00:00
2020-08-04 17:57:28 +00:00
| Command | Description |
|----------|-------------|
| `ping` | Simple command testing the API Readiness - requires no authentication.
2020-10-18 08:48:39 +00:00
| `start` | Starts the trader.
| `stop` | Stops the trader.
2020-08-04 17:57:28 +00:00
| `stopbuy` | Stops the trader from opening new trades. Gracefully closes open trades according to their rules.
2020-10-18 08:48:39 +00:00
| `reload_config` | Reloads the configuration file.
2020-08-04 17:57:28 +00:00
| `trades` | List last trades.
2021-04-05 17:32:55 +00:00
| `trade/<tradeid>` | Get specific trade.
2020-08-04 17:57:28 +00:00
| `delete_trade <trade_id>` | Remove trade from the database. Tries to close open orders. Requires manual handling of this trade on the exchange.
2020-10-18 08:48:39 +00:00
| `show_config` | Shows part of the current configuration with relevant settings to operation.
| `logs` | Shows last log messages.
| `status` | Lists all open trades.
| `count` | Displays number of trades used and available.
| `locks` | Displays currently locked pairs.
2021-03-01 18:50:39 +00:00
| `delete_lock <lock_id>` | Deletes (disables) the lock by id.
2020-10-18 08:48:39 +00:00
| `profit` | Display a summary of your profit/loss from close trades and some stats about your performance.
2020-08-04 17:57:28 +00:00
| `forcesell <trade_id>` | Instantly sells the given trade (Ignoring `minimum_roi`).
| `forcesell all` | Instantly sells all open trades (Ignoring `minimum_roi`).
| `forcebuy <pair> [rate]` | Instantly buys the given pair. Rate is optional. (`forcebuy_enable` must be set to True)
2020-10-18 08:48:39 +00:00
| `performance` | Show performance of each finished trade grouped by pair.
| `balance` | Show account balance per currency.
| `daily <n>` | Shows profit or loss per day, over the last n days (n defaults to 7).
2020-12-07 14:07:08 +00:00
| `stats` | Display a summary of profit / loss reasons as well as average holding times.
2020-10-18 08:48:39 +00:00
| `whitelist` | Show the current whitelist.
2020-08-04 17:57:28 +00:00
| `blacklist [pair]` | Show the current blacklist, or adds a pair to the blacklist.
| `edge` | Show validated pairs by Edge if it is enabled.
2020-09-13 18:09:54 +00:00
| `pair_candles` | Returns dataframe for a pair / timeframe combination while the bot is running. **Alpha**
| `pair_history` | Returns an analyzed dataframe for a given timerange, analyzed by a given strategy. **Alpha**
| `plot_config` | Get plot config from the strategy (or nothing if not configured). **Alpha**
| `strategies` | List strategies in strategy directory. **Alpha**
2020-09-17 05:53:22 +00:00
| `strategy <strategy>` | Get specific Strategy content. **Alpha**
2020-09-13 18:09:54 +00:00
| `available_pairs` | List available backtest data. **Alpha**
2020-10-18 08:48:39 +00:00
| `version` | Show version.
2019-05-18 08:24:22 +00:00
2020-09-13 18:09:54 +00:00
!!! Warning "Alpha status"
Endpoints labeled with *Alpha status* above may change at any time without notice.
2019-05-18 08:24:22 +00:00
Possible commands can be listed from the rest-client script using the `help` command.
``` bash
python3 scripts/rest_client.py help
```
``` output
Possible commands:
2020-08-14 13:44:52 +00:00
available_pairs
Return available pair (backtest data) based on timeframe / stake_currency selection
:param timeframe: Only pairs with this timeframe available.
:param stake_currency: Only pairs that include this timeframe
2019-05-18 08:24:22 +00:00
balance
2020-08-14 13:44:52 +00:00
Get the account balance.
2019-05-18 08:24:22 +00:00
blacklist
2020-08-14 13:44:52 +00:00
Show the current blacklist.
2019-05-18 08:24:22 +00:00
:param add: List of coins to add (example: "BNB/BTC")
count
2020-08-14 13:44:52 +00:00
Return the amount of open trades.
2019-05-18 08:24:22 +00:00
daily
2021-04-05 17:34:01 +00:00
Return the profits for each day, and amount of trades.
2020-08-14 13:44:52 +00:00
2021-03-01 18:50:39 +00:00
delete_lock
Delete (disable) lock from the database.
:param lock_id: ID for the lock to delete
2020-08-14 13:44:52 +00:00
delete_trade
Delete trade from the database.
Tries to close open orders. Requires manual handling of this asset on the exchange.
:param trade_id: Deletes the trade with this ID from the database.
2019-05-18 08:24:22 +00:00
edge
2020-08-14 13:44:52 +00:00
Return information about edge.
2019-05-18 08:24:22 +00:00
forcebuy
2020-08-14 13:44:52 +00:00
Buy an asset.
2019-05-18 08:24:22 +00:00
:param pair: Pair to buy (ETH/BTC)
:param price: Optional - price to buy
forcesell
2020-08-14 13:44:52 +00:00
Force-sell a trade.
2019-05-18 08:24:22 +00:00
:param tradeid: Id of the trade (can be received via status command)
2020-08-14 13:44:52 +00:00
2021-03-01 18:50:39 +00:00
locks
Return current locks
2020-08-14 13:44:52 +00:00
logs
Show latest logs.
2021-04-05 17:34:01 +00:00
:param limit: Limits log messages to the last <limit> logs. No limit to get the entire log.
2019-05-18 08:24:22 +00:00
pair_candles
Return live dataframe for <pair><timeframe>.
:param pair: Pair to get data for
:param timeframe: Only pairs with this timeframe available.
:param limit: Limit result to the last n candles.
pair_history
Return historic, analyzed dataframe
:param pair: Pair to get data for
:param timeframe: Only pairs with this timeframe available.
:param strategy: Strategy to analyze and get values for
:param timerange: Timerange to get data for (same format than --timerange endpoints)
2019-05-18 08:24:22 +00:00
performance
2020-08-14 13:44:52 +00:00
Return the performance of the different coins.
2019-05-18 08:24:22 +00:00
ping
simple ping
plot_config
Return plot configuration if the strategy defines one.
2019-05-18 08:24:22 +00:00
profit
2020-08-14 13:44:52 +00:00
Return the profit summary.
2019-05-18 08:24:22 +00:00
reload_config
2020-08-14 13:44:52 +00:00
Reload configuration.
2019-05-18 08:24:22 +00:00
2019-11-17 14:05:56 +00:00
show_config
2020-08-14 13:44:52 +00:00
2019-11-17 14:05:56 +00:00
Returns part of the configuration, relevant for trading operations.
2019-05-18 08:24:22 +00:00
start
2020-08-14 13:44:52 +00:00
Start the bot if it's in the stopped state.
2019-05-18 08:24:22 +00:00
2020-12-07 14:07:08 +00:00
stats
Return the stats report (durations, sell-reasons).
2019-05-18 08:24:22 +00:00
status
2020-08-14 13:44:52 +00:00
Get the status of open trades.
2019-05-18 08:24:22 +00:00
stop
2020-08-14 13:44:52 +00:00
Stop the bot. Use `start` to restart.
2019-05-18 08:24:22 +00:00
stopbuy
2020-08-14 13:44:52 +00:00
Stop buying (but handle sells gracefully). Use `reload_config` to reset.
strategies
Lists available strategies
2020-09-17 05:53:22 +00:00
strategy
Get strategy details
:param strategy: Strategy class name
trade
Return specific trade
:param trade_id: Specify which trade to get.
2020-08-14 13:44:52 +00:00
trades
Return trades history.
:param limit: Limits trades to the X last trades. No limit to get all the trades.
2019-05-18 08:24:22 +00:00
version
2020-08-14 13:44:52 +00:00
Return the version of the bot.
2019-05-18 08:24:22 +00:00
whitelist
2020-08-14 13:44:52 +00:00
Show the current whitelist.
2019-05-18 08:24:22 +00:00
```
2020-05-10 14:14:35 +00:00
2021-01-25 19:48:52 +00:00
### OpenAPI interface
To enable the builtin openAPI interface (Swagger UI), specify `"enable_openapi": true` in the api_server configuration.
This will enable the Swagger UI at the `/docs` endpoint. By default, that's running at http://localhost:8080/docs/ - but it'll depend on your settings.
2021-01-25 19:48:52 +00:00
### Advanced API usage using JWT tokens
2020-05-10 14:14:35 +00:00
!!! Note
The below should be done in an application (a Freqtrade REST API client, which fetches info via API), and is not intended to be used on a regular basis.
2020-05-10 14:14:35 +00:00
Freqtrade's REST API also offers JWT (JSON Web Tokens).
2020-05-10 14:14:35 +00:00
You can login using the following command, and subsequently use the resulting access_token.
``` bash
> curl -X POST --user Freqtrader http://localhost:8080/api/v1/token/login
{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTk2ODEsIm5iZiI6MTU4OTExOTY4MSwianRpIjoiMmEwYmY0NWUtMjhmOS00YTUzLTlmNzItMmM5ZWVlYThkNzc2IiwiZXhwIjoxNTg5MTIwNTgxLCJpZGVudGl0eSI6eyJ1IjoiRnJlcXRyYWRlciJ9LCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.qt6MAXYIa-l556OM7arBvYJ0SDI9J8bIk3_glDujF5g","refresh_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTk2ODEsIm5iZiI6MTU4OTExOTY4MSwianRpIjoiZWQ1ZWI3YjAtYjMwMy00YzAyLTg2N2MtNWViMjIxNWQ2YTMxIiwiZXhwIjoxNTkxNzExNjgxLCJpZGVudGl0eSI6eyJ1IjoiRnJlcXRyYWRlciJ9LCJ0eXBlIjoicmVmcmVzaCJ9.d1AT_jYICyTAjD0fiQAr52rkRqtxCjUGEMwlNuuzgNQ"}
> access_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTk2ODEsIm5iZiI6MTU4OTExOTY4MSwianRpIjoiMmEwYmY0NWUtMjhmOS00YTUzLTlmNzItMmM5ZWVlYThkNzc2IiwiZXhwIjoxNTg5MTIwNTgxLCJpZGVudGl0eSI6eyJ1IjoiRnJlcXRyYWRlciJ9LCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.qt6MAXYIa-l556OM7arBvYJ0SDI9J8bIk3_glDujF5g"
# Use access_token for authentication
2020-05-10 14:14:35 +00:00
> curl -X GET --header "Authorization: Bearer ${access_token}" http://localhost:8080/api/v1/count
```
Since the access token has a short timeout (15 min) - the `token/refresh` request should be used periodically to get a fresh access token:
2020-05-10 14:14:35 +00:00
``` bash
> curl -X POST --header "Authorization: Bearer ${refresh_token}"http://localhost:8080/api/v1/token/refresh
{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTk5NzQsIm5iZiI6MTU4OTExOTk3NCwianRpIjoiMDBjNTlhMWUtMjBmYS00ZTk0LTliZjAtNWQwNTg2MTdiZDIyIiwiZXhwIjoxNTg5MTIwODc0LCJpZGVudGl0eSI6eyJ1IjoiRnJlcXRyYWRlciJ9LCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.1seHlII3WprjjclY6DpRhen0rqdF4j6jbvxIhUFaSbs"}
```
2020-06-24 18:32:19 +00:00
2021-01-25 19:48:52 +00:00
### CORS
2020-06-24 18:32:19 +00:00
2021-01-25 19:48:52 +00:00
All web-based front-ends are subject to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - Cross-Origin Resource Sharing.
Since most of the requests to the Freqtrade API must be authenticated, a proper CORS policy is key to avoid security problems.
Also, the standard disallows `*` CORS policies for requests with credentials, so this setting must be set appropriately.
2020-06-24 18:32:19 +00:00
Users can configure this themselves via the `CORS_origins` configuration setting.
2020-06-24 18:32:19 +00:00
It consists of a list of allowed sites that are allowed to consume resources from the bot's API.
Assuming your application is deployed as `https://frequi.freqtrade.io/home/` - this would mean that the following configuration becomes necessary:
2020-06-24 18:32:19 +00:00
```jsonc
{
//...
"jwt_secret_key": "somethingrandom",
"CORS_origins": ["https://frequi.freqtrade.io"],
//...
}
```
!!! Note
We strongly recommend to also set `jwt_secret_key` to something random and known only to yourself to avoid unauthorized access to your bot.