Overview

Details about how to obtain access tokens using OAuth 2.0

Fetch positions, balances and other account related details.

Place equity and complex option trades including advanced orders.

Fetch quotes, chains and historical data via REST and streaming APIs.

Stream market data and account events in real-time.

Create and update custom watchlists.

Examples, response types, property details and explanations.

Create an Access Token

  • Available in Paper Trading
  • Available in Production
  • Available to Advisors
  • Supported

Access tokens are the keys used for API access. These tokens should be protected like passwords! You can obtain an access token by exchanging an authorization code. This call is authenticated using Basic Authentication implemented in HTTP specification. Your application client ID will serve as your username and the client secret the password.

Client Id: kaGA65sIl79IdXxr3lnGs7J2C9CywQtJ
Client secret: ueeKzJOEh0fh6Dh8

The Authorization header is constructed as follows:

  1. Client Id and client secret are combined into a string “client id:client secret”.
  2. The resulting string literal is then encoded using Base64.
  3. The authorization method and a space, i.e. “Basic “ is then put before the encoded string.

For example, if the user agent uses ‘kaGA65sIl79IdXxr3lnGs7J2C9CywQtJ’ as the client Id and ‘ueeKzJOEh0fh6Dh8’ as the client secret then the header is formed as follows:

1. kaGA65sIl79IdXxr3lnGs7J2C9CywQtJ:ueeKzJOEh0fh6Dh8
2. a2FHQTY1c0lsNzlJZFh4cjNsbkdzN0oyQzlDeXdRdEo6dWVlS3pKT0VoMGZoNkRoOA==
3. Authorization: Basic a2FHQTY1c0lsNzlJZFh4cjNsbkdzN0oyQzlDeXdRdEo6dWVlS3pKT0VoMGZoNkRoOA==

Unlike other requests to the Tradier API, this request only returns JSON due to the OAuth 2.0 specification and for compatibility with most OAuth clients.

Due to the OAuth specification, this API endpoint uses HTTP Basic Authentication. You can learn more about HTTP Basic Authentication on Wikipedia or directly reference the specification.

Request

POST

Headers

Header Required Values/Example Default
Content-Type Required application/x-www-form-urlencoded
Authorization Required Basic lhQOWo0RzJUOWc6Z==
Basic HTTP Authentication. Username: Application client Id, Password: Application client secret

Parameters

Parameter Type Param Type Required Values/Example Default
grant_type Body String Required authorization_code
Value MUST be set to "authorization_code".
code Body String Required PRpnf1o7
The authorization code from the authorization step.

Code Example

curl -X POST "https://api.tradier.com/v1/oauth/accesstoken" \
     -H 'Authorization: Basic <TOKEN>' \
     -H 'Accept: application/x-www-form-urlencoded' \
     -d 'grant_type=authorization_code&code=PRpnf1o7'
// Version 1.8.0_31
import static org.apache.http.entity.ContentType.APPLICATION_JSON;
import java.io.IOException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;

public class Main {
  public static void main(String[] args) throws IOException {
    final ObjectNode node = new ObjectMapper().createObjectNode();
    node.put("grant_type", authorization_code);
    node.put("code", PRpnf1o7);
    final HttpUriRequest request = RequestBuilder
        .post("https://api.tradier.com/v1/oauth/accesstoken")
        .addHeader("Authorization", "Basic <TOKEN>")
        .addHeader("Accept", "application/json")
        .setEntity(new StringEntity(node.toString(), APPLICATION_JSON))
        .build();

    final HttpResponse response = HttpClientBuilder.create().build().execute(request);
    final String jsonString = EntityUtils.toString(response.getEntity());
    final JsonNode json = new ObjectMapper().readTree(jsonString);

    System.out.println(response.getStatusLine().getStatusCode());
    System.out.println(json);
  }
}
# Version 2.5.0p0
require 'uri'
require 'net/http'

url = URI("https://api.tradier.com/v1/oauth/accesstoken")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Basic <TOKEN>'
request["Accept"] = 'application/json'
request["Content-Type"] = 'application/json'
request.body = '{ "grant_type": authorization_code,"code": PRpnf1o7 }'

response = http.request(request)
puts response.code
puts response.read_body
// Version go1.12
package main

import (
    "fmt"
    "net/http"
    "net/url"
    "io/ioutil"
    "log"
    "bytes"
)

func main() {
    apiUrl := "https://api.tradier.com/v1/oauth/accesstoken"
    u, _ := url.ParseRequestURI(apiUrl)
    urlStr := u.String()
    var jsonStr = []byte(`{ "grant_type": authorization_code,"code": PRpnf1o7 }`)
    client := &http.Client{}
    r, _ := http.NewRequest("POST", urlStr, bytes.NewBuffer(jsonStr))
    r.Header.Add("Authorization", "Basic <TOKEN>")
    r.Header.Add("Accept", "application/json")
    r.Header.Add("Content-Type", "application/json")

    resp, _ := client.Do(r)
    responseData, err := ioutil.ReadAll(resp.Body)

    if err != nil {
      log.Fatal(err)
    }

    fmt.Println(resp.Status)
    fmt.Println(string(responseData))
}
// Version 4.6.2.0
using System;
using System.Net;
using System.IO;
using System.Text;

public class MainClass {
  public static void Main (string[] args) {
    var request = (HttpWebRequest)WebRequest.Create("https://api.tradier.com/v1/oauth/accesstoken");
    var requestData = "{ \"grant_type\": authorization_code,\"code\": PRpnf1o7 }";
    var data = Encoding.ASCII.GetBytes(requestData);
    
    request.Method = "POST";
    request.Headers["Authorization"] = "Basic <TOKEN>";
    request.Accept = "application/json";
    request.ContentType = "application/json";
    request.ContentLength = data.Length;

    using (var stream = request.GetRequestStream())
     {
         stream.Write(data, 0, data.Length);
     }

    var response = (HttpWebResponse)request.GetResponse();

    Console.WriteLine (response.StatusCode);
    var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
    Console.WriteLine (responseString);
  }
}
// Version 10.15.2
const request = require('request');

request({
    method: 'post',
    url: 'https://api.tradier.com/v1/oauth/accesstoken',
    json: {
     'grant_type': authorization_code,
     'code': PRpnf1o7
    },
    headers: {
      'Authorization': 'Basic <TOKEN>',
      'Accept': 'application/json'
    }
  }, (error, response, body) => {
      console.log(response.statusCode);
      console.log(body);
  });
# Version 3.6.1
import requests

response = requests.post('https://api.tradier.com/v1/oauth/accesstoken',
    json={'grant_type': authorization_code, 'code': PRpnf1o7},
    headers={'Authorization': 'Basic <TOKEN>', 'Accept': 'application/json'}
)
json_response = response.json()
print(response.status_code)
print(json_response)
<?php
// Version 7.2.17-0ubuntu0.18.04.1
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://api.tradier.com/v1/oauth/accesstoken');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, '{ "grant_type": authorization_code,"code": PRpnf1o7 }');
curl_setopt($ch, CURLOPT_POST, 1);

$headers = array();
$headers[] = 'Authorization: Basic <TOKEN>';
$headers[] = 'Accept: application/json';
$headers[] = 'Content-Type: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
echo $http_code;
echo $result;

Response

Response Definition

{
  "access_token": "oG8RUzo33zKy3gghjkGh2au2LEWA8",
  "expires_in": 86399,
  "issued_at": "2014-05-28T09:33:35-04:00",
  "scope": "read write trade market stream",
  "status": "approved"
}