This guide explains how to authenticate with the TradeStation API using this TypeScript wrapper.
The TradeStation API uses OAuth 2.0 for authentication. This wrapper handles all the OAuth complexity for you, including:
- Token management using refresh tokens
- Automatic token refresh
- Token rotation (handling new refresh tokens)
- Environment selection (Simulation/Live)
- Go to the TradeStation API Portal
- Create or log into your account
- Create a new application
- Note your Client ID and Client Secret (if applicable)
TradeStation uses OAuth 2.0 with refresh tokens for authentication. You'll need to:
- Use the TradeStation OAuth flow to get an initial refresh token
- Set up the refresh token in your environment configuration
The refresh token is a long-lived credential that allows your application to obtain new access tokens without requiring user interaction each time.
Create a .env file in your project root:
CLIENT_ID=your_client_id
CLIENT_SECRET=your_client_secret # Optional for public clients
REFRESH_TOKEN=your_refresh_token
ENVIRONMENT=Simulation # or 'Live'import { TradeStationClient } from 'tradestation-api-ts';
// Using environment variables
// Automatically reads CLIENT_ID, CLIENT_SECRET (optional), REFRESH_TOKEN, and ENVIRONMENT from .env
const client = new TradeStationClient();
// Or with explicit configuration
const client = new TradeStationClient({
refresh_token: 'your_refresh_token',
environment: 'Simulation' // or 'Live'
});-
When you create a new
TradeStationClient, it initializes the authentication system but doesn't authenticate immediately. -
The first time you make an API request, the client will:
- Use the refresh token to obtain a new access token
- Store the access token
- Set up automatic token refresh
-
Subsequent requests will:
- Use the stored access token
- Automatically refresh when needed
- Handle token rotation (if API returns a new refresh token)
The wrapper handles tokens automatically:
// Authentication happens automatically on first request
const accounts = await client.brokerage.getAccounts();
// Token refresh happens automatically when needed
const positions = await client.brokerage.getPositions('account_id');
// The client automatically handles new refresh tokens if provided by the APIThe wrapper supports both Simulation and Live environments:
// Simulation environment (default)
const simClient = new TradeStationClient({
refresh_token: 'your_refresh_token',
environment: 'Simulation'
});
// Live environment
const liveClient = new TradeStationClient({
refresh_token: 'your_refresh_token',
environment: 'Live'
});Authentication-related errors are handled consistently:
try {
const data = await client.marketData.getBars('AAPL');
} catch (error) {
if (error.name === 'AuthenticationError') {
console.error('Authentication failed:', error.message);
// Handle invalid credentials or expired refresh token
} else if (error.name === 'NetworkError') {
console.error('Network error:', error.message);
// Handle network issues
} else {
console.error('Other error:', error.message);
}
}Common authentication errors:
- Invalid refresh token
- Expired refresh token
- Network issues
- Rate limiting
- Invalid scope
- Never commit credentials to source control
- Use environment variables for sensitive data
- Keep your Client Secret (if used) and Refresh Token secure
- Use the Simulation environment for testing
- Monitor token usage and refresh patterns
- Implement proper error handling
- Close unused streams to manage resources
-
"Invalid Refresh Token"
- Make sure your refresh token is correct
- Refresh tokens may expire after long periods of inactivity
- You may need to generate a new refresh token through the OAuth flow
-
"Token Expired"
- This should be handled automatically
- If persistent, check your system clock
- Verify network connectivity
-
"Rate Limit Exceeded"
- Reduce request frequency
- Check for infinite loops
- Verify stream cleanup
Enable debug logging for authentication issues:
const client = new TradeStationClient({
debug: true,
refresh_token: 'your_refresh_token'
// ... other config
});