Authorization API


Allows the user to authorize the consumer application.


Once your application has the request token, it should redirect the user to an E*TRADE authorization page, as shown in the Authorize Application Request URL below. Note that this URL includes the request token and the consumer key as parameters. Running the URL opens up a page which asks the user to authorize the application. Once the user approves the authorization request, E*TRADE generates a verification code and displays it the Authorization Complete page. The user may then manually copy the code and paste it into the application. However, we recommend that the verification code be passed directly to the application via a preconfigured callback URL; in order to do this, the callback URL must be associated with the consumer key. Follow the instructions in the Authorization guide chapter to do this( The callback URL may be just a simple address or may also include query parameters. Once the callback is configured, users are automatically redirected to the specified URL with the verification code appended as a query parameter. Examples are shown in the Sample Response below.

HTTP Method: GET

Live URL


Sandbox URL



Property Type Required? Description Allowable Values
oauth_consumer_key header yes The value used by the consumer to identify itself to the service provider.
oauth_token header yes The consumer’s request token.


Status Code Reason Response Model Error Code
302 Redirect url for Authorization. Authorize Response
400 There is issue with input
500 An unexpected error has occurred. The error has been logged and is being investigated.
Property Type Description Possible Values
oauth_verifier string (uri) verification code

Authorize Application Request URL
The authorize call is not a REST API in the usual sense, and does not return a "response" in the usual way. If the user authorizes your application on the E*TRADE authorization site, the result is either the display of a verification code at that site or, if a callback is used, a redirect to your callback URL. In the callback scenario, the verification code is appended to your callback URL as an oauth_verifier parameter. Here are two examples:




  • If using the default approach - letting the user copy and paste the verification code - we recommend opening a separate browser window for the authorization, leaving the application open in the original window. Once the user has authorized the application and copied the verification code, the user can simply close the authorization window and return to the application in the original window.
  • If using the callback approach, we recommend redirecting to the authorization page in the current window. Once the user has authorized the application, E*TRADE redirects the user to the callback page; the verification code is included as a URL parameter (as in the sample response above).