Get An Authorization Code

  • Available in Sandbox
  • Available in Production
  • Available to Advisors
  • Supported

This is the first step in the OAuth process. Authorization codes are created when a user authorizes your application for access to their account. On success, this API will send customers to the Tradier Brokerage site to authorize your application.


Scopes are used to give a level of access control to our customers. When a customer approves access to an application, they will be prompted to approve the scope of your application. The scope is enforced at the access token level and cannot be changed without asking a user to authorize your application again.

Scope Description
read Read-only access to account data
write Write access to account data (does not include placing or updating trades)
market Access market data (does not include streaming)
trade Update, cancel and place trades
stream Create streaming sessions for use with the Streaming API


If the user authorizes your application, a call will be made to the callback URL registered with your application. That callback will look something like:{authcode}&state={state}

  • code - Your authorization code
  • state - The same unique string you sent in the request above

Note: The reason the state is sent back to you is to make sure no-one is tampering with this exchange. If it’s different than the original you should abort the exchange and start over.

If everything checks out, you’ve got an authorization code you can exchange for an access token (Congrats!).




Parameter Type Param Type Required Values/Example Default
client_id Query String Required 098f6bcd4621d373cade4e832627b4f6
The client ID of your application, also known as Consumer Key
scope Query String Required read, write, trade, market, stream
A comma-delimited list of scopes
state Query String Required
Any unique string generated by your application


Since this call should be made in a browser, a successful response will be a 302 redirect to Tradier Brokerage’s web site where the user can log in and authorize.

HTTP/1.1 302
Content-Length: 0