Authorization API

Overview

Returns an access token.

Description

This method returns an access token, which confirms that the user has authorized the application to access user data. All calls to the E*TRADE API (e.g., accountlist, placeequityorder, etc.) must include this access token along with the consumer key, timestamp, nonce, signature method, and signature. This can be done in the query string, but is typically done in the HTTP header. By default, the access token expires at the end of the current calendar day, US Eastern time. Once the token has expired, no requests will be processed for that token until the OAuth process is repeated - i.e., the user must log in again and the application must secure a new access token. During the current day, if the application does not make any requests for two hours, the access token is inactivated. In this inactive state, the access token is not valid for authorizing requests. It must be reactivated using the Renew Access Token API.

HTTP Method: GET

Live URL

                    https://api.etrade.com/oauth/access_token
                

Sandbox URL

                    https:///access_token
                

Request

Property Type Required? Description Allowable Values
oauth_consumer_key header yes The value used by the consumer to identify itself to the service provider.
oauth_timestamp header yes The date and time of the request, in epoch time. Must be accurate to within five minutes.
oauth_nonce header yes A nonce, as described in the authorization guide - roughly, an arbitrary or random value that cannot be used again with the same timestamp.
oauth_signature_method header yes The signature method used by the consumer to sign the request. The only supported value is HMAC-SHA1.
oauth_signature header yes Signature generated with the shared secret and token secret using the specified oauth_signature_method, as described in OAuth documentation.
oauth_token header yes The consumer’s request token to be exchanged for an access token.
oauth_verifier header yes The code received by the user to authenticate with the third-party application.

Response

Status Code Reason Response Model Error Code
200 Successful Operation. Access Token
400 There is issue with input
500 An unexpected error has occurred. The error has been logged and is being investigated.
Property Type Description Possible Values
oauth_token string The consumer’s access token
oauth_token_secret integer The token secret

Get Access Token Request URL

https://api.etrade.com/oauth/access_token
                

HTTP header

Authorization: OAuth realm="",oauth_signature="FjoSQaFDKEDK1FJazlY3xArNflk%3D",oauth_nonce="LTg2ODUzOTQ5MTEzMTY3MzQwMzE%3D",
         oauth_signature_method="HMAC-SHA1",oauth_consumer_key= "282683cc9e4b8fc81dea6bc687d46758",oauth_timestamp="1273254425",
         oauth_verifier="Y27X25F",oauth_token=%2FiQRgQCRGPo7Xdk6G8QDSEzX0Jsy6sKNcULcDavAGgU%3D
                

Response

                   
oauth_token=%3TiQRgQCRGPo7Xdk6G8QDSEzX0Jsy6sKNcULcDavAGgU%3D&oauth_token_secret=%7RrC9scEpzcwSEMy4vE7nodSzPLqfRINnTNY4voczyFM%3D
                  
                

Notes

  • The production access token expires by default at midnight US Eastern time.
  • Technically, the access token and related parameters can be passed with HTTP requests as part of the URL, but we recommend this information be passed in the header of the request instead.