Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is my API call to TDA's API not returning a refresh token?

so I've followed the steps here to the letter: https://www.reddit.com/r/algotrading/comments/c81vzq/td_ameritrade_api_access_2019_guide/ in an effort to get a refresh token so that I can build a client app in C# to use TD Ameritrade's API, to conduct special stock and option screening and trading. I got to the end before reaching any trouble.

In the very last step in getting my refresh token, where you fill out the fields on https://developer.tdameritrade.com/authentication/apis/post/token-0, it fails, I just get the following response in an HTTP 401 error:

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Headers: origin
Access-Control-Allow-Methods:
GET
Access-Control-Allow-Origin:
https://developer.tdameritrade.com
Access-Control-Max-Age: 3628800
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 31
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/json;charset=UTF-8
Date: Sat, 04 Apr 2020 16:07:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Application-Context: OAUTH_SERVICE:run:8080
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
{
  "error": "invalid_grant"
}

What could the problem be? I've double and triple checked each step and the values in the text boxes (imaged below) to receive a refresh token, but I can't get it to work. The code and client ID are properly done, as well, based on the guide's steps - I double and triple checked.

This doesn't work!

I followed the steps in the Reddit guide, and from a linked guide by TDA Ameritrade themselves, to ensure I was putting the proper values in the proper fields, so I really have no clue what's going on.

Any help is appreciated.

like image 240
Codefun64 Avatar asked Apr 04 '20 16:04

Codefun64


1 Answers

"code" or "authorization code" is only a one-time pass-key that expires after 30 minutes. It allows you to get the "access token", which, although it has a similar name, seems to be different. So make sure you URL-decode the auth code reasonably rapidly, then get your first response correctly in before 30 minutes.

Also try on weekends, as TDAmeritrade's SMS gateway has been frustratingly slow recently during the GameStop raids, and it's possible their authentication handshaking could be having problems as well during trading hours.

Note that appending "@AMER.OAUTHAP" does not seem to be necessary for the client_id slot of the manual Post Access Token form.

like image 60
DragonLord Avatar answered Oct 01 '22 20:10

DragonLord