This is the first step in the OAuth process. Authorization codes are created when a user authorizes your application for access to their account. On success, this API will send customers to the Tradier Brokerage site to authorize your application.
Scopes are used to give a level of access control to our customers. When a customer approves access to an application, they will be prompted to approve the scope of your application. The scope is enforced at the access token level and cannot be changed without asking a user to authorize your application again.
|read||Read-only access to account data|
|write||Write access to account data (does not include placing or updating trades)|
|market||Access market data (does not include streaming)|
|trade||Update, cancel and place trades|
|stream||Create streaming sessions for use with the Streaming API|
If the user authorizes your application, a call will be made to the callback URL registered with your application. That callback will look something like:
Note: The reason the state is sent back to you is to make sure no-one is tampering with this exchange. If it’s different than the original you should abort the exchange and start over.
If everything checks out, you’ve got an authorization code you can exchange for an access token (Congrats!).
|The client ID of your application|
|scope||Path||String||Required||read, write, trade, market, stream|
|A comma-delimited list of scopes|
|Any unique string generated by your application|
Since this call should be made in a browser, a successful response will be a 302 redirect to Tradier Brokerage’s web site where the user can log in and authorize.
HTTP/1.1 302 Location: https://brokerage.tradier.com/oauth/authorize?client_id=098f6bcd4621d373cade4e832627b4f6&scope=read,write,trade&state=ohai Content-Length: 0