Tradier APIs use the OAuth 2.0 protocol for authentication and authorization. Publicly we support the
Authorization Code flow (server-side application). OAuth 2.0 is a simple protocol and a developer can integrate with Tradier’s OAuth 2.0 endpoints easily, especially using client libraries.
In its most basic form, you will register your application with Tradier, redirect a browser to a URL, parse a token from the responding redirect, then send the token to whichever Tradier API you wish to access.
Authorization codes are short-lived (they expire in 10 minutes). A code is provided after an investor authorizes your application for access to their account. These codes are exchanged for access tokens which can be used to make API requests.
Access tokens (or Bearer tokens) are provided after a successful authorization code exchange. These tokens expire every 24 hours – no questions asked. Once a token expires you’ll need to exchange another authorization code to receive another access token.
Tradier Inc. and its corresponding technology services (including API services) are distinct and separate from the services provided by Tradier Brokerage Inc. For more information regarding the services of Tradier, Inc., please contact email@example.com. For more information regarding the services of Tradier Brokerage, Inc. please contact firstname.lastname@example.org. Tradier Brokerage Inc. Member FINRA/SIPC