Authorization API

Overview

Returns a temporary request token, initiating the OAuth process.

Get Request Token 
link

Description

This API returns a temporary request token that begins the OAuth process. The request token must accompany the user to the authorization page, where the user will grant your application limited access to the account. The token expires after five minutes.

HTTP Method: GET

Live URL

                    https://api.etrade.com/oauth/request_token

Sandbox URL

                    https:///request_token

Request

Property Type Required? Description Allowable Values
oauth_consumer_key header yes The value used by the consumer to identify itself to the service provider.
oauth_timestamp header yes The date and time of the request, in epoch time. Must be accurate within five minutes.
oauth_nonce header yes A nonce, as described in the authorization guide - roughly, an arbitrary or random value that cannot be used again with the same timestamp.
oauth_signature_method header yes The signature method used by the consumer to sign the request. The only supported value is HMAC-SHA1.
oauth_signature header yes Signature generated with the shared secret and token secret using the specified oauth_signature_method, as described in OAuth documentation.
oauth_callback header yes Callback information, as described elsewhere. Must always be set to 'oob', whether using a callback or not.

Response

Status Code Reason Response Model Error Code
200 Successful Operation. OAuthResponse
400 There is issue with input
500 An unexpected error has occurred. The error has been logged and is being investigated.

RequestToken Response 
link

Property Type Description Possible Values
oauth_token string The consumer's request token
oauth_token_secret string The token secret
oauth_callback_confirmed string Returns true if a callback URL is configured for the current consumer key, otherwise false. Callbacks are described under the Authorize Application API.

Example

Get Request Token Request URL

https://api.etrade.com/oauth/request_token

HTTP header

Authorization: OAuth realm="",oauth_callback="oob",
oauth_signature="FjoSQaFDKEDK1FJazlY3xArNflk%3D", oauth_nonce="LTg2ODUzOTQ5MTEzMTY3MzQwMzE%3D",
oauth_signature_method="HMAC-SHA1",oauth_consumer_key="282683cc9e4b8fc81dea6bc687d46758",
oauth_timestamp="1273254425"

Response

                   
oauth_token=%2FiQRgQCRGPo7Xdk6G8QDSEzX0Jsy6sKNcULcDavAGgU%3D&oauth_token_secret=%2FrC9scEpzcwSEMy4vE7nodSzPLqfRINnTNY4voczyFM%3D&oauth_callback_confirmed=true

Notes

  • The request token is only valid for 5 minutes..