Authorization API


Returns an access token.


This method returns an access token, which confirms that the user has authorized the application to access user data. All calls to the E*TRADE API (e.g., accountlist, placeequityorder, etc.) must include this access token along with the consumer key, timestamp, nonce, signature method, and signature. This can be done in the query string, but is typically done in the HTTP header. By default, the access token expires at the end of the current calendar day, US Eastern time. Once the token has expired, no requests will be processed for that token until the OAuth process is repeated - i.e., the user must log in again and the application must secure a new access token. During the current day, if the application does not make any requests for two hours, the access token is inactivated. In this inactive state, the access token is not valid for authorizing requests. It must be reactivated using the Renew Access Token API.

HTTP Method: GET

Live URL


Sandbox URL



Property Type Required? Description Allowable Values
oauth_consumer_key header yes The value used by the consumer to identify itself to the service provider.
oauth_timestamp header yes The date and time of the request, in epoch time. Must be accurate to within five minutes.
oauth_nonce header yes A nonce, as described in the authorization guide - roughly, an arbitrary or random value that cannot be used again with the same timestamp.
oauth_signature_method header yes The signature method used by the consumer to sign the request. The only supported value is HMAC-SHA1.
oauth_signature header yes Signature generated with the shared secret and token secret using the specified oauth_signature_method, as described in OAuth documentation.
oauth_token header yes The consumer’s request token to be exchanged for an access token.
oauth_verifier header yes The verification code received by the user to authenticate with the third-party application.


Status Code Reason Response Model Error Code
200 Successful Operation. Access Token
400 There is issue with input
500 An unexpected error has occurred. The error has been logged and is being investigated.
Property Type Description Possible Values
oauth_token string The consumer’s access token
oauth_token_secret integer The token secret

Get Access Token Request URL

HTTP header

Authorization: OAuth realm="",oauth_signature="FjoSQaFDKEDK1FJazlY3xArNflk%3D",oauth_nonce="LTg2ODUzOTQ5MTEzMTY3MzQwMzE%3D",
         oauth_signature_method="HMAC-SHA1",oauth_consumer_key= "282683cc9e4b8fc81dea6bc687d46758",oauth_timestamp="1273254425",




  • The production access token expires by default at midnight US Eastern time.
  • Technically, the access token and related parameters can be passed with HTTP requests as part of the URL, but we recommend this information be passed in the header of the request instead.