Module skeleton. The Auth module already has a complete guide — this page orients you and points to it. Everything in the Orders, Account, and Market Data modules depends on having a valid access token first.
Where to go
OAuth2 overview
Plain-English walkthrough: terms, scopes, and which flow to pick.
Authorization Code flow
For apps with a backend that can hold a
client_secret.PKCE flow
For browser SPAs and mobile apps with no server secret.
Token endpoint
Exchange codes and refresh tokens at
POST /v1/oauth2/token.Using the token
Once you have anaccess_token:
- REST: send it as a header —
Authorization: Bearer YOUR_ACCESS_TOKEN. - WebSocket: authenticate within 5 seconds of connecting by sending it in the auth request.
order:execution to place orders, account:information to read balances and positions.
Quick Start
Get a working authenticated API call in a few minutes.