Jump to content
Sign in to follow this  
justin nelson

Delete Session is a POST method, but specifies URL Parameters

Recommended Posts

Guest sky.sanders

It is a long story but a version of DeleteSession is a DELETE directly to the session endpoint with the username and sessionid in request headers.

Neither DELETE nor requests headers enjoy support across all target platforms so 1) username and sessionid can be specified in url and 2) deletesession should be a post as it is not idempotent.

I cannot guarantee this but if you were to post a json object to that method with username and session it would likely work but is not documented this way in the meta.

Share this post


Link to post

I just got started with the API as my accounts will be migrated here soon. Overall I really like the documentation and the structure, but I am confused about how to delete a session:

 

Following the documentation, I am able to log on

PROMPT> curl -X POST "https://ciapi.cityindex.com/tradingapi/session" -H 'Content-Type: application/json; charset=UTF-8' -d '{"UserName":"myusername","Password":"mypasswd","AppKey": "myappkey"}'

{"Session":"mysessionid","PasswordChangeRequired":false,"AllowedAccountOperator":false} 
and get historic price bars (for example for EUR/USD as shown):
PROMPT> curl -v -X GET "https://ciapi.cityindex.com/TradingAPI/market/154290/barhistory?interval=MINUTE&span=15&PriceBars=200&PriceType=BID&UserName=myusername&Session=mysessionid"

{"PriceBars":[{"BarDate":"\/Date(1444411800000)\/","Open":1.13683000,"High":1.13733000,"Low":1.13683000,"Close":1.13717000},{"BarDate":"\/Date(1444412700000)\/","Open":1.13717000,"High":1.13730000,"Low":1.13665000,"Close":1.13669000},
...
{"BarDate":"\/Date(1444419000000)\/","Open":1.13559000,"High":1.13573000,"Low":1.13529000,"Close":1.13546000},{"BarDate":"\/Date(1* Connection #0 to host ciapi.cityindex.com left intact
444419900000)\/","Open":1.13551000,"High":1.13568000,"Low":1.13517000,"Close":1.13546000}],"PartialPriceBar":{"BarDate":"\/Date(1444420800000)\/","Open":1.13548000,"High":1.13613000,"Low":1.13546000,"Close":1.13605000}}

So far so good. But when I try to log out (i.e use DeleteSession), I can't seem to be able to wrap my head around the correct way tp use it. Following the documentation, I tried

PROMPT> curl -v -X POST "https://ciapi.cityindex.com/tradingapi/session/deleteSession" -H 'Content-Type: application/json; charset=UTF-8' -d '{"UserName":"myusername", "Session": "mysessionid"}'
and then after reading some of the discussion here
PROMPT> curl -v "https://ciapi.cityindex.com/tradingapi/session/DeleteSession?UserName=myusername&session=mysessionid"

but neither works. I am posting with here as a reply, as I believe my problems are likely related to this previous discussion. Thanks!

 

Share this post


Link to post

Hello!

 

Please clarify as to what error message you receive when you try to log out, or what indicators do you receive to show it is now working? We can look into it further when we receive your reply.

I've tried using both methods to logout in the Test Harness and they both return a successful log out.

 

Kind Regards,

PM!

Share this post


Link to post

Thanks much for the prompt response. Below are the command with both methods again along with verbose output and the error messages: (Note that I masked the username and session values, but with the actual values, I am successfully able to retrieve price bars, for example, indicating that the session that I am trying to delete is really open.)

PROMPT> curl -v -X POST "https://ciapi.cityindex.com/tradingapi/session/deleteSession" -H 'Content-Type: application/json; charset=UTF-8' -d '{"UserName":"myusername", "Session": "mysessionid"}'

produces

 

 

* Trying 174.35.25.126...
* Connected to ciapi.cityindex.com (174.35.25.126) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.2, TLS handshake, Client hello (1):
* TLSv1.2, TLS handshake, Server hello (2):
* TLSv1.2, TLS handshake, CERT (11):
* TLSv1.2, TLS handshake, Server key exchange (12):
* TLSv1.2, TLS handshake, Server finished (14):
* TLSv1.2, TLS handshake, Client key exchange (16):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: C=US; ST=California; L=San Jose; O=CDNetworks Inc.; CN=support3.cdnetworks.net
* start date: 2013-11-04 00:00:00 GMT
* expire date: 2015-12-21 12:00:00 GMT
* subjectAltName: ciapi.cityindex.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
* SSL certificate verify ok.
> POST /tradingapi/session/deleteSession HTTP/1.1
> Host: ciapi.cityindex.com
> User-Agent: curl/7.42.1
> Accept: */*
> Content-Type: application/json; charset=UTF-8
> Content-Length: 74
>
* upload completely sent off: 74 out of 74 bytes
< HTTP/1.1 401 Unauthorized
< Date: Mon, 12 Oct 2015 13:38:40 GMT
< Server: PWS/8.1.20.22
< X-Px: nc h0-s1061.p7-lax ( h0-s1016.p12-sjc), nc h0-s1016.p12-sjc ( h0-s43.p6-lhr), nc h0-s43.p6-lhr ( origin)
< Cache-Control: no-cache
< Pragma: no-cache
< Expires: -1
< Content-Length: 73
< Content-Type: application/json; charset=utf-8
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Connection: keep-alive
<
* Connection #0 to host ciapi.cityindex.com left intact
{"HttpStatus":401,"ErrorMessage":"Session is not valid","ErrorCode":4011}

 

and

PROMPT> curl -v "https://ciapi.cityindex.com/tradingapi/session/DeleteSession?UserName=myusername&session=mysessionid"

produces

 

* Trying 174.35.25.62...
* Connected to ciapi.cityindex.com (174.35.25.62) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* TLSv1.2, TLS handshake, Client hello (1):
* TLSv1.2, TLS handshake, Server hello (2):
* TLSv1.2, TLS handshake, CERT (11):
* TLSv1.2, TLS handshake, Server key exchange (12):
* TLSv1.2, TLS handshake, Server finished (14):
* TLSv1.2, TLS handshake, Client key exchange (16):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: C=US; ST=California; L=San Jose; O=CDNetworks Inc.; CN=support3.cdnetworks.net
* start date: 2013-11-04 00:00:00 GMT
* expire date: 2015-12-21 12:00:00 GMT
* subjectAltName: ciapi.cityindex.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
* SSL certificate verify ok.
> GET /tradingapi/session/DeleteSession?UserName=myusername&session=mysessionid HTTP/1.1
> Host: ciapi.cityindex.com
> User-Agent: curl/7.42.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Mon, 12 Oct 2015 13:41:33 GMT
< Server: PWS/8.1.20.22
< X-Px: ms h0-s1048.p7-lax ( h0-s1016.p12-sjc), ms h0-s1016.p12-sjc ( h0-s43.p6-lhr), ms h0-s43.p6-lhr ( origin)
< Cache-Control: private
< Content-Length: 0
< X-AspNet-Version: 4.0.30319
< X-AspNetMvc-Version: 4.0
< X-Powered-By: ASP.NET
< Connection: keep-alive
<
* Connection #0 to host ciapi.cityindex.com left intact

Share this post


Link to post

Hi,

 

We'll take a look and see if we can spot what is happening. There is a clue in that the first logout method you try results in the error message indicating an invalid session. I'll post again once I have further information.

 

Kind Regards,

PM! 

Share this post


Link to post

Thanks - good point, I had seen the invalid session message and thought I had wrongly pasted the session id part from the json object returned by login, but I that's doesn't seem to be the problem, as I can retrieve price bars, for example.

 

I should mention that the account is a test account in the live environment, but I guess I should still be able to log out.

 

I will be waiting to hear back and will let you know if I figure it out myself. 

 

Thanks!

Share this post


Link to post

Hello,

 

Yes, I've passed this to our development team for further investigation.

 

In the meantime, there is one thing we can check and that is if there is a problem with your account. I doubt the problem lies with your account but best to eliminate rather than assume!

Please paste the following JS code into the Test Harness (https://ciapi.cityindex.com/tradingapi), using your account credentials and see if it works. The code logs into your account, requests market information for a few markets and then logs out.

       var userName = "XXXXXX";
        doPost('/session',{ "UserName": userName, "Password": "XXXXX"}, function (data, textCode) {    
            setRequestHeader("UserName", userName);
            setRequestHeader("Session", data.Session);

            doPost('/market/information', {"MarketIds":[400616113,99500,99498,400616150,154290]});

            //Logoff
            doPost('/session/deleteSession?userName='+userName+'&session='+data.Session);

        });

            
        

The last line of the output should read:

Response: {"LoggedOut":true}

 

If it does, then we know your account is fine and we have narrowed the problem to the code being used to log out. 

 

 

Kind Regards,

PM!

Share this post


Link to post

H and thanks so much. Yes, I verified that the JS works for me with the Test Harness.

 

In the meantime, I have also tried the curl commands on different operating systems (OpenSUSE, OS X) and different curl versions, but  I am consistently getting error messages.

Share this post


Link to post

Hi,

 

Good we are making progress - we know the account is fine and is not the problem since it works with JS code.

 

I've heard back from the development team and they confirm that the syntax for your log out code with both methods is correct and works when they've tried it out. They noted 2 things:

 

1) They spotted the 4011 error message about the invalid session and also that you wrote in an earlier post that you were copy/pasting the Session from what you received when logging in.

2) There is an issue where if you copied in an extra empty character or white space that would cause the logout to return with a 4011. 

 

Are you able to modify your code to read in the Session and store it and then to use this stored Session when you logout? If it still doesn't work we can at least eliminate a copy with extra character as the culprit.

 

Kind Regards,

PM!

Share this post


Link to post

Hi there PM,

 

Yes, good thought, but I think the possibility can be eliminated, since I am actually using the command in the way you suggested, i.e. in a script.

 

I am not sure if this will be a possibility, but I am wondering if you or one of the developers could try my commands with the actual account information. (This is a text account anyway.)

 

Let me know, please. Thank you!

Share this post


Link to post

Hello,

 

Yes we can try that. 

 

Please send your test account credentials to me via PM. Click upon my username and in the profile page that appears, click the [Send me a message] button.

 

Thanks,

PM!

Share this post


Link to post

Thanks much, I sent you a PM!

 

In the meantime, I started working on different other parts I need to complete for his project, and it seems that the problem is not confined to DeleteSession, as  GetClientAndTradingAccount gives the same error. I will send you a follow-up PM on this with my account details. Thanks!

Share this post


Link to post

So this may be a long shot, but this *might* be the cause for the error messages: as I was moving on working on the commands that I will need to place orders and trades, I noticed there is a parameter called TradingAccountId, which is an integer. When the test account was created for me, I didn't receive an account id, just password, app key, and username. Per doc, the latter is a string. So I chatted with one of the operators via the Advantage Web chat, who stated that the trading account id for my account is the username...is that right? That would seem inconsistent.

 

Thanks!

Share this post


Link to post

Thank you for sending the information across.

 

I've checked your test account and can confirm that it is working fine. I logged in, retrieved account information using the GetClientAccountInformation command and successfully managed to log out. Since we are a Windows development environment and the successful tests with your account are in Windows, I'm suspecting it may be conflict somewhere from using a Linux/Unix OS.

 

I've asked our Dev team if they have access to a Linux/Unix box they can test your account in. In the meantime, do you have easy access to a Windows box you can use to see if you also get success with the known API commands that fail currently (LogOut and GetClientAccountInformation)? Should it work in a Windows box for you then we have narrowed the issue down to a conflict with Linux/Unix OS and our API.

 

Regarding TradingAccountId, I think the client service team member you spoke with misunderstood what you meant about TradingAccountId. They don't get many (any?) technical development queries usually. Anyway, the TradingAccountId is *NOT* the same as your username. The TradingAccountId is returned in the information from the GetClientAccountInformation call, which isn't working for you at this time. I've sent you the TradingAccountId in a reply PM so you can at least use it to test if the place trades/orders API commands will work for you or not. 

 

I'll post again when I hear back from the development team. Thanks for your help and patience!

 

Kind Regards,

PM!

Share this post


Link to post

With Physicsman's great help this could be resolved quickly:

 

It seems that DeleteSession needs to be handled as a POST request with zero length, which isn't unheard of, see http://serverfault.com/questions/315849/curl-post-411-length-required , e.g.

 

The way this works for me with curl, which I am using, is to either add empty data (which causes curl to add zero Content-Length information in the header) or explicitly add the zero content length in the header. So either

curl -v -H "Content-Type: application/json; charset=UTF-8" "https://ciapi.cityindex.com/tradingapi/session/deleteSession?UserName=MYUSERNAME&session=MYSESSIONID" -X POST -d ""

or

 curl -v -H "Content-Type: application/json; charset=UTF-8" -H "Content-Length: 0" "https://ciapi.cityindex.com/tradingapi/session/deleteSession?UserName=MYUSERNAME&session=MYSESSIONID" -X POST

Both methods return

{"LoggedOut":true}

(It seems there is a delay of a few second until a session I am running in a different terminal is actually terminated, i..e. until a few seconds after receiving the logged out true message, I can still retrieve price bars, for example.)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×