I successfully submit an equity order to E*Trade using https://etws.etrade.com/order/rest/placeequityorder:
<PlaceEquityOrder xmlns="http://order.etws.etrade.com">
<EquityOrderRequest>
<clientOrderId>1507910303000001</clientOrderId>
<accountId>xxx</accountId>
<quantity>1</quantity>
<orderAction>BUY</orderAction>
<priceType>LIMIT</priceType>
<marketSession>REGULAR</marketSession>
<orderTerm>GOOD_FOR_DAY</orderTerm>
<symbol>TEUM</symbol>
<limitPrice>0.6</limitPrice>
</EquityOrderRequest>
</PlaceEquityOrder>
The order is confirmed ok by E*Trade:
<PlaceEquityOrderResponse>
<equityOrderResponse>
<accountId>xxx</accountId>
<allOrNone>false</allOrNone>
<estimatedCommission>6.95</estimatedCommission>
<estimatedTotalAmount>7.55</estimatedTotalAmount>
<messageList>
<message>
<msgDesc>Your order was successfully entered during market hours.</msgDesc>
<msgCode>1026</msgCode>
</message>
</messageList>
<orderNum>10</orderNum>
<orderTime>1507924703308</orderTime>
<quantity>1</quantity>
<reserveOrder>false</reserveOrder>
<reserveQuantity>0</reserveQuantity>
<orderTerm>GOOD_FOR_DAY</orderTerm>
<limitPrice>0.6</limitPrice>
<stopPrice>0</stopPrice>
<symbolDesc>PARETEUM CORP COM NEW</symbolDesc>
<symbol>TEUM</symbol>
<orderAction>BUY</orderAction>
<priceType>LIMIT</priceType>
</equityOrderResponse>
</PlaceEquityOrderResponse>
Then I try to update the limit price with https://etws.etrade.com/order/rest/placechangeequityorder:
<placeChangeEquityOrder xmlns="http://order.etws.etrade.com">
<changeEquityOrderRequest>
<orderNum>10</orderNum>
<clientOrderId>1507910303000001</clientOrderId>
<accountId>xxx</accountId>
<quantity>1</quantity>
<orderAction>BUY</orderAction>
<priceType>LIMIT</priceType>
<marketSession>REGULAR</marketSession>
<orderTerm>GOOD_FOR_DAY</orderTerm>
<symbol>TEUM</symbol>
<limitPrice>0.61</limitPrice>
</changeEquityOrderRequest>
</placeChangeEquityOrder>
But the change is rejected with
> <Error><ErrorCode>1028</ErrorCode><ErrorMessage>You have an existing
> open order for this security on the same side of the market. If you
> did not intend to place a second order for this security, please click
> Cancel Order ; otherwise, click Trade to
> proceed.</ErrorMessage></Error> ---> System.Net.WebException: The
> remote server returned an error: (400) Bad Request.
I tried including and not including clientOrderId, it made no difference. I'm going nuts because the same code worked fine once earlier in the day, then it never worked again.
If you are able to submit changes to orders using the ETrade API, please let me know. ETrade API forum seems to have disappeared :(
One needs to submit a new clientOrderId with every change request. I had assumed that one was supposed to keep sending the original clientOrderId (the one used when first submitting the order).
Related
I tried to create a profile in Data Scan, a PRE-OFFERING in Dataplex, but even having the Admin permisssions, an error occured making it impossible to test data scan. I submitted a feedback but I still have no answer about it. Can anyone help?
I would like to test data scan in a client that has a data-lake active.
are few days that we are experiencing trouble with revolut api.
We use that library: https://github.com/useme-com/revolut-python
Now when we try to retrive a list of transactions we receive:
root## python3 transactions.py
HTTP 400 for https://b2b.revolut.com/api/1.0/transactions: Duplicate key User#XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX (attempted merging values XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX and YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYY)
The code is pretty straightforward, to debug basically:
[...]
# Enable Session
session = RenewableSession(refreshtoken,clientid,jwttoken)
# Create API Client
revolut = Client(session)
# Transactions Display
for transaction in revolut.transactions():
print(transaction)
[...]
The same code, from our side, worked until 3 days ago, without errors.
Any ideas on what's going on?
Possible that exist a failure from revolut side?
They are not responding on this (already opened a ticket about).
ty
I got this issue while using a high count param
https://b2b.revolut.com/api/1.0/transactions?count=1000
Reducing count to 100 or 200 made me get a good response. I think Revolut has some issues when sending API response that includes a very old historical transaction due to changes in data structure/merging etc at their end
im using errbit 0-3 stable and its working really good .
but the problem is sometimes it start spamming me emails for the same error but different hashes like the following :
Mongo::Error::NoServerAvailable: No server is available matching preference: #<Mongo::ServerSelector::Primary:0x007fdba42891f0 #tag_sets=[], #options={:database=>"db_test", :max_pool_size=>200, :wait_queue_timeout=>5, :write=>{"w"=>0}}, #server_selection_timeout=30>
Mongo::Error::NoServerAvailable: No server is available matching preference: #<Mongo::ServerSelector::Primary:0x007fdbb8148e30 #tag_sets=[], #options={:database=>"db_test", :max_pool_size=>200, :wait_queue_timeout=>5, :write=>{"w"=>0}}, #server_selection_timeout=30>
How can i filter them so it would group them into 1 error only ?
There's two ways to deal with this.
Option 1) Catch the errors in your application and scrub the uniqueness out of the error messages before sending them to Errbit.
Option 2) Errbit supports configurable "fingerprinting" so you can actually tell Errbit what attributes contribute to the uniqueness of error notifications. This can be done system-wide or on individual Errbit apps. In your case, you could toggle off the error message as part of the Error fingerprint.
From the Errbit README:
The way Errbit arranges notices into error groups is configurable. By
default, Errbit uses the notice's error class, error message, complete
backtrace, component (or controller), action and environment name to
generate a unique fingerprint for every notice. Notices with identical
fingerprints appear in the UI as different occurences of the same
error and notices with differing fingerprints are displayed as
separate errors.
Changing the fingerprinter (under the 'config' menu) applies to all
apps and the change affects only notices that arrive after the change.
If you want to refingerprint old notices, you can run rake
errbit:notice_refingerprint.
I need to clear/reset the external ID on a record in NetSuite, but nothing I do is working.
Some of the InventoryItem records are incorrectly mapped to records in another system. I have an application that can sync up the two systems, but I need to clear NetSuite's external IDs first.
Responses don't really need to be SOAP-specific. If you know how to do it with some specific NetSuite/SuiteTalk client, that might point me in the right direction.
What I've Tried
First up, I tried using the nullFieldList... but maybe it doesn't work because externalId is an attribute, not an element?
<messages:update>
<messages:record internalId="7777" xsi:type="accounting:InventoryItem">
<core:nullFieldList xsi:type="core:NullField">
<core:name>externalId</core:name>
</core:nullFieldList>
</messages:record>
</messages:update>
The external ID is just a string, so I tried just setting it to blank. Didn't work either.
<messages:update>
<messages:record internalId="7777" xsi:type="accounting:InventoryItem">
<accounting:externalId></accounting:externalId>
</messages:record>
</messages:update>
I even tried setting the external ID to 0, but I get back a "not unique identifier" error
<messages:update>
<messages:record internalId="7777" xsi:type="accounting:InventoryItem">
<accounting:externalId>0</accounting:externalId>
</messages:record>
</messages:update>
Other Info
I'm using NetSuite's SOAP API v.2013_1
When I say "it doesn't work", I mean: after I do the update, I get a success response similar to the following:
<readResponse>
<platformCore:status isSuccess="true" xmlns:platformCore="urn:core_2013_1.platform.webservices.netsuite.com"/>
<record internalId="7777" externalId="42" xsi:type="listAcct:InventoryItem" xmlns:listAcct="urn:accounting_2013_1.lists.webservices.netsuite.com">
<!-- snip -->
</record>
</readResponse>
If you are using scripts in netsuite you can run a scheduled script to clear records in NS by loading each record and setting the externalid to '' using the following simple code:
var rec= nlapiLoadRecord(type,id);
rec.setFieldValue('externalid','');
nlapiSubmitRecord(rec);
This seemed to work for me in my enviornment which was on 2015.2.
Unfortunately my understanding is that once you set an externalid you cannot clear it, you can set it to another value, but not back to null. I have experienced this both using SuiteScript as well as a Boomi process that uses the 2014.1 endpoint. This may have changed in the recent releases, as I have not tried it recently with SuiteScript nor with a newer endpoint.
You can eliminate the externalId on a record once it's been set. Here's an example using the NetSuite gem:
ns_customer = NetSuite::Records::Customer.get external_id: 'ext_id'
ns_customer.external_id = ''
ns_customer.update
Here's the corresponding XML for update:
<env:Body>
<platformMsgs:update>
<platformMsgs:record xsi:type="listRel:Customer" platformMsgs:internalId="199113" platformMsgs:externalId=""/>
</platformMsgs:update>
</env:Body>
I have had to attempt this before as well. I know the pains you describe. I ended up putting a "-" in front of my external ID to unlink it between my systems. You can do this in SOAP or even as a simple one time csv upload. As it was one time, I did csv.
Here's a basic plan. I'm happy to produce anything resembling success, it's a Uni project. Pseudo code is great.
Spider the site.
Search for forms on each page.
Submit each form without filling in the details to elicit a guaranteed fail.
Fill in the first field on the form with '-- .
Submit the form and compare the response to the fail (elicited by 3).
If response (elicited by 5) is different (than fail) then assume vulnerability.
If same (response = fail) then return to 4. but move to the next field.
If no more fields remain, move to another page.
...
However, 6. is clearly both the critical part of the application and wrong. For example, a page might respond like this
Error: '-- is not a valid user name.
Where in stage 4. the response was
Error: is not a valid user name.
Or
Error: username must be a minimum of 6 characters.
It seems like at (4), you want to try sending some benign values first so you can see what type of page is returned under normal conditions.
For example, generate a random three-letter "user name" and submit it. You'll probably get a response like "Error: bfw is not a valid user name". or "Error: username too short".
Once you've done that, you can send your string attempting SQL injection and see if the result is qualitatively different. So if you send '-- and get the same result as you did when you sent your random benign "username", it's probably not vulnerable. On the other hand, if you get a response back that's different and includes text like "Warning, you have an error in your SQL at line 1..." then it's probably vulnerable. (It doesn't have to spit out warnings for you to conclude it's vulnerable, though. Even a generic error page might indicate vulnerability if it's substantially different to the response you got from your benign data.)
"SQL Injection Attacks and Defense" by Justin Clarke.
Offers a number of tests to discover and confirm SQL injection vulnerabilities, here's my summary of page 65.
Error triggering
"Send ' or '-- and expect to receive an error."
An error message or 500 server error indicates vulnerability. Responses tidily containing ' or '-- (as in user ' or '-- is not available with that password...) probably aren't vulnerable unless its a stack-trace.
Always true condition
"Send 1' or '1'='1 or 1') or ('1'='1 and expect to receive every entry in the database."
A site can be assumed to be vulnerable when the response code is 200 and the attack string is not received in the response. Pages containing the word 'error' or the attack string indicate resistance, as does a 500.
No condition
"Send value' or '1'='2 or value') or ('1'='2 and expect a vulnerable app to respond as though it had only received value."
Always false condition
"1' and '1'='2 or 1') and ('1'='2. If successful, it returns no rows from the table."
Microsoft SQL Server concatenation
"1' or 'ab'='a'+'b or 1') or ('ab'='a'+'b. If successful, it returns the same
information as an always true condition"
MySQL concatenation
"1' or 'ab'='a' 'b or 1') or ('ab'='a' 'b. If successful, it returns the same
information as an always true condition"
Oracle concatenation
"1' or 'ab'='a'||'b or 1') or ('ab'='a'||'b. If successful, it returns the same
information as an always true condition"
Further examples are included throughout the book.