api-docs/spec/swagger.yaml at master · tradestation/api-docs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
---
swagger: "2.0"
info:
  title: Tradestation API
  description: |
    This document describes the resources that make up the official TradeStation
    API. If you have any problems or requests please contact [support](mailto:ClientExperience@tradestation.com).

    Overview
    ========

    The TradeStation API is reachable at the base-url:
    ```
    https://api.tradestation.com/v2
    ```

    Current Version
    ---------------

    The latest version is 20160101, but currently we are in transition, so by
    default all requests receive the 20101026 version for backwards compatibility.

    Always explicitly request this version by adding the `APIVersion`
    querystring parameter as shown below:

    ```
    https://api.tradestation.com/v2/data/quote/msft?APIVersion=20160101
    ```

    Note: This will ensure your application will not be broken when we deprecate
    the 20101026 version in favor of 20160101 or newer versions.

    SIM vs LIVE
    -----------

    We also offer a Simulator(SIM) API for "Paper Trading" that is identical
    to the Live API in all ways except it uses fake trading accounts seeded with
    fake money and orders are not actually executed - only simulated executions
    occur with instant "fills".

    To access the SIM environment, you must change your base-url to:
    ```
    https://sim-api.tradestation.com/v2
    ```

    **WARNING:** TradeStation is not liable for mistakes made by applications
    that allow users to switch between SIM and Live environments.

    ### Why offer a Simulator?

    Transactional API calls such as Order Execution offers users or applications
    the ability to experiment within a Simulated trading system so that real
    accounts and money are not affected and trades are not actually executed.

    Other potential use-cases:
    - Learning how to use applications via Paper Trading.
    - Exploring TradeStation API behavior without financial ramifications
    - Testing apps and websites before making them Live to customers
    - Enabling users to "Try-before-they-buy" with apps that use the TradeStation API
    - Hosting trading competitions or games


    HTTP Requests
    -------------

    All API access is over HTTPS, and accessed from the https://api.tradestation.com.
    All data is sent and received as JSON, with some limited support for XML.

    Example Request:
    ```
    curl -i https://api.tradestation.com/v2/data/quote/msft?APIVersion=20160101

    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Length: 1545
    Content-Type: application/default+json; charset=utf-8
    Access-Control-Allow-Origin: *
    APIVersion: 20160101
    Date: Wed, 30 Nov 2016 01:51:45 GMT

    [
    ...json...
    ]
    ```

    ### Common Conventions

    - Blank fields may either be included as null or omitted, so please support both.
    - All timestamps are returned in [Epoch time](https://en.wikipedia.org/wiki/Unix_time) format unless stated otherwise.


    HTTP Streaming
    --------------

    The TradeStation API offers HTTP Streaming responses for some specialized
    resources including barcharts, quote changes, option chains, and option spread quotes (including single options).
    These streams conform to RFC2616 for HTTP/1.1 Streaming with some slight
    modifications.

    > The HTTP streaming mechanism keeps a request open indefinitely.  It
    > never terminates the request or closes the connection, even after the
    > server pushes data to the client.  This mechanism significantly
    > reduces the network latency because the client and the server do not
    > need to open and close the connection.
    >
    > The basic life cycle of an application using HTTP streaming is as
    > follows:
    >
    > 1.  The client makes an initial request and then waits for a
    >     response.
    >
    > 2.  The server defers the response to a poll request until an update
    >     is available, or until a particular status or timeout has
    >     occurred.
    >
    > 3.  Whenever an update is available, the server sends it back to the
    >     client as a part of the response.
    >
    > 4.  The data sent by the server does not terminate the request or the
    >     connection.  The server returns to step 3.
    >
    > The HTTP streaming mechanism is based on the capability of the server
    > to send several pieces of information in the same response, without
    > terminating the request or the connection.

    Source: [RFC6202, Page 7](https://tools.ietf.org/html/rfc6202#page-7).

    HTTP Streaming resources are identified under in this documentation as such,
    all other resources conform to the HTTP Request pattern instead.

    The HTTP Streaming response is returned with the following headers:

      ```
      Transfer-Encoding: chunked
      Content-Type: application/vnd.tradestation.streams+json
      ```

    Note: The `Content-Length` header is typically omitted since the response
    body size is unknown.

    Streams consist of a series of chunks that contain individual JSON objects
    to be parsed separately rather than as a whole response body.

    One unique thing about TradeStation's HTTP Streams is they also can terminate
    unlike a canonical HTTP/1.1 Stream.

    Streams terminate with a non-JSON string prefixed with one of the following:

      - `END`
      - `ERROR`

    In the case of `ERROR`, it will often be followed by an error message like:

    ```
    ERROR - A Timeout Occurred after waiting 15000ms
    ```

    In either case, the HTTP client must terminate the HTTP Stream and end the
    HTTP Request lifetime as a result of these messages. In the case of `ERROR`
    the client application may add a delay before re-requesting the HTTP Stream.

    ### How to handle HTTP Chunked Encoded Streams

    Healthy chunked-encoded streams emit variable length chunks that contain
    parsable JSON.

    For example:
    ```
    GET https://sim.api.tradestation.com/v2/stream/barchart/$DJI/1/Minute/12-26-2016/01-24-2017

    HTTP/1.1 200 OK
    Date: Wed, 14 Jun 2017 01:17:36 GMT
    Content-Type: application/vnd.tradestation.streams+json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: private

    114
    {"Close":19956.09,"DownTicks":26,"DownVolume":940229,"High":19961.77,"Low":19943.46,"Open":19943.46,"Status":13,"TimeStamp":"\/Date(1482849060000)\/","TotalTicks":59,"TotalVolume":3982533,"UnchangedTicks":0,"UnchangedVolume":0,"UpTicks":33,"UpVolume":3042304,"OpenInterest":0}


    112
    {"Close":19950.82,"DownTicks":32,"DownVolume":440577,"High":19959.15,"Low":19947.34,"Open":19955.64,"Status":13,"TimeStamp":"\/Date(1482849120000)\/","TotalTicks":60,"TotalVolume":761274,"UnchangedTicks":0,"UnchangedVolume":0,"UpTicks":28,"UpVolume":320697,"OpenInterest":0}


    END
    ```

    Typically this will stream forever, unless a network interruption or service
    disruption occurs. It is up to the client to properly handle stream lifetime
    and connection closing.

    ### How to parse JSON chunks

    In order to process these chunks, API consumers should first read the
    response buffer, then de-chunk the plain-text strings, and finally identify
    new JSON objects by applying tokenizing techniques to the resulting text
    stream using either a streaming JSON parser, Regex, a lexer/parser, or
    brute-force string indexing logic.

    A simple but effective technique is after de-chunking to simply parse based
    upon the `\n` (newline character) delimiter written to the end of each
    JSON object. However, a more robust solution is less likely to break later.

    #### Variable Length JSON Chunking

    As a developer, be careful with how you parse HTTP Streams, because the
    API’s or intermediate proxies may chunk JSON objects many different ways.

    > Using HTTP streaming, several application
    > messages can be sent within a single HTTP response.  The
    > separation of the response stream into application messages needs
    > to be performed at the application level and not at the HTTP
    > level.  In particular, it is not possible to use the HTTP chunks
    > as application message delimiters, since intermediate proxies
    > might “re-chunk” the message stream (for example, by combining
    > different chunks into a longer one).  This issue does not affect
    > the HTTP long polling technique, which provides a canonical
    > framing technique: each application message can be sent in a
    > different HTTP response.

    Source: [RFC6202, Section 3.2](https://tools.ietf.org/html/rfc6202#section-3.2)

    Translation: Be prepared for JSON objects that span chunks. You may see
    chunks with varying numbers of JSON objects, including:

    - "exactly 1" JSON object per chunk
    - “at least 1” JSON object per chunk
    - 1 JSON object split across 2 or more chunks

    Example of 2 JSON objects in 1 chunk:
    ```
    GET https://sim.api.tradestation.com/v2/stream/barchart/$DJI/1/Minute/12-26-2016/01-24-2017

    HTTP/1.1 200 OK
    Date: Wed, 14 Jun 2017 01:17:36 GMT
    Content-Type: application/vnd.tradestation.streams+json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: private

    22d
    {"Close":19956.09,"DownTicks":26,"DownVolume":940229,"High":19961.77,"Low":19943.46,"Open":19943.46,"Status":13,"TimeStamp":"\/Date(1482849060000)\/","TotalTicks":59,"TotalVolume":3982533,"UnchangedTicks":0,"UnchangedVolume":0,"UpTicks":33,"UpVolume":3042304,"OpenInterest":0}
    {"Close":19950.82,"DownTicks":32,"DownVolume":440577,"High":19959.15,"Low":19947.34,"Open":19955.64,"Status":13,"TimeStamp":"\/Date(1482849120000)\/","TotalTicks":60,"TotalVolume":761274,"UnchangedTicks":0,"UnchangedVolume":0,"UpTicks":28,"UpVolume":320697,"OpenInterest":0}
    END
    ```

    Example of 1 JSON objects split across 2 chunks:
    ```
    GET https://sim.api.tradestation.com/v2/stream/barchart/$DJI/1/Minute/12-26-2016/01-24-2017

    HTTP/1.1 200 OK
    Date: Wed, 14 Jun 2017 01:17:36 GMT
    Content-Type: application/vnd.tradestation.streams+json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: private

    40
    {"Close":71.65,"DownTicks":45,"DownVolume":5406,"High":71.67,"Lo
    C2
    w":71.65,"Open":71.66,"Status":13,"TimeStamp":"\/Date(1497016260000)\/","TotalTicks":77,"TotalVolume":17270,"UnchangedTicks":0,"UnchangedVolume":0,"UpTicks":32,"UpVolume":11864,"OpenInterest":0}

    END
    ```

    This is allowed by the HTTP/1.1 specification, but can be confusing or lead
    to bugs in client applications if you try to depend parsing JSON along
    the HTTP chunk-boundaries because even if it works during testing, later if
    users connect from a different network, it may change the chunking behavior.

    For example, if you are at a coffee shop with wifi which employs an
    HTTP Proxy, then it may buffer the stream and change the chunking boundary
    from 1 JSON object per chunk, to splitting each JSON object across 2 or 3.

    In fact, the HTTP/1.1 spec clearly advises developers of proxies to always
    “re-chunk” HTTP Streams, so this is almost a guarantee to happen in the wild.

    HTTP Streaming API consumers should be prepared to support all variations.


    Rate Limiting
    -------------

    The TradeStation API Rate Limits on the number of requests a given user &
    client can make to the API in order to ensure fairness between users and
    prevent abuse to our network. Each API Key is allocated quota settings upon
    creation. These settings are applied on a per-user basis. If the quota is
    exceeded, an HTTP response of `403 Quota Exceeded` will be
    returned. Quotas are reset on a 5-minute interval based on when the user
    issued the first request.

    ## Resource Categories

    The rate limit applies to the following resource-categories:

    | Resource-Category                             | Quota | Interval |
    | --------------------------------------------- | ----- | -------- |
    | Accounts                                      | 250   | 5-minute |
    | Order Details                                 | 250   | 5-minute |
    | Balances                                      | 250   | 5-minute |
    | Positions                                     | 250   | 5-minute |
    | Data Quotes                                   | 250   | 5-minute |
    | Quote Change Stream                           | 500   | 5-minute |
    | Quote Snapshot Stream                         | 500   | 5-minute |
    | Barchart Stream                               | 500   | 5-minute |
    | TickBar Stream                                | 500   | 5-minute |


    ## Intervals

    Quotas have "Windows" that last for a limited time interval
    (generally 5-minutes). Once the user has exceeded the maximum request count,
    all future requests will fail with a `403` error until the interval expires.
    Rate Limit intervals do not slide based upon the number of requests, they are
    fixed at a point in time starting from the very first request for that
    category of resource.  After the interval expires, the cycle will
    start over at zero and the user can make more requests.

    ### Example A

    A user logs into the TradeStation WebAPI with your application and issues a
    request to `/v2/EliteTrader/accounts`. As a result, the request
    quota is incremented by one for the `Accounts` resource-category. The user
    then issues 250 more requests immediately to `/v2/EliteTrader/accounts`.
    The last request fails with `403 Quota Exceeded`. All subsequent requests
    continue to fail until the 5-minute interval expires from the time of the
    very first request.

    ### Example B

    A user logs into the TradeStation WebAPI with your application and issues a
    request to `/v2/data/quote/IBM,NFLX,MSFT,AMZN,AAPL`. As a result, the
    request quota is incremented by one for the `Data Quotes`
    resource-category. The user then immediately issues the same request 250 more
    times. The last request fails with `403 Quota Exceeded`. All
    subsequent requests continue to fail until the 5-minute interval expires
    from the time of the first request.

    **Example Throttled Request**
    ```
    GET https://api.tradestation.com/v2/data/quotes/IBM,NFLX,MSFT,AMZN,AAPL HTTP/1.1
    Host: api.tradestation.com
    Authorization: bearer eE45VkdQSnlBcmI0Q2RqTi82SFdMSVE0SXMyOFo5Z3dzVzdzdk
    Accept: application/json
    ```
    **Example Failed Response**
    ```
    HTTP/1.1 403 Quota Exceeded
    Content-Length: 15
    Server: Microsoft-IIS/7.5
    X-AspNet-Version: 4.0.30319
    Date: Tue, 06 Dec 2011 20:50:32 GMT

    <html><body>Quota Exceeded</body></html>
    ```

# Parameters
# ----------

# HTTP Errors
# -----------

# HTTP Redirects
# --------------

# HTTP Verbs
# ----------

# REST Flavor
# -----------

# Cross Origin Resoure Sharing
# ----------------------------

# Timezones
# ---------


  version: "20160101"
  x-logo:
    url: 'ts-logo.png'

  contact:
    name: TradeStation API Team
    email: ClientExperience@tradestation.com
    url: https://developer.tradestation.com/webapi

##############################################################################
host: api.tradestation.com
basePath: /
schemes:
  - https
consumes:
  - application/json; charset=utf-8
produces:
  - application/json; charset=utf-8
##############################################################################
securityDefinitions:
  OAuth2-Auth-Code:
    description: |
      The authorization code grant type is used to obtain both access tokens
      and refresh tokens and is optimized for confidential clients. Since
      this is a redirection-based flow, the client must be capable of
      interacting with the resource owner’s user-agent (typically a web browser)
      and capable of receiving incoming requests (via redirection) from the
      authorization server.

      #### Implementation Guide

      The authorization code grant type allows the end users to authenticate
      with TradeStation directly and authorize the Client application to make
      calls on their behalf. Access Tokens obtained via the authorization code
      Grant Type can be refreshed, they will expire in 20 minutes of the time
      issued. These access tokens are accepted in the HTTP `Authorization` header.

      **Step-by-Step**

      **1. Redirect user for authentication/authorization**

      The client application will route the end-user to our MFA (multi-factor
      authentication) login page web page.

      *Authorize Uri:*
      - https://api.tradestation.com/v2/authorize

      *Required query string parameters:*
      - redirect_uri
      - client_id = the client application’s API key
      - response_type = code

      *Example Authorization Page Url:*
      ```
      https://api.tradestation.com/v2/authorize/?redirect_uri=https://exampleclientapp.com/authcode.aspx&client_id=D7635234&response_type=code
      ```

      The URL will take you to a TradeStation login page.

      **2. Client receives authorization code**

      Upon successful authentication; The user agent(browser) will be redirected
      to the URL provided and include an Authorization Code in the query string.

      *Example Redirect:*
      ```
      HTTP 301 Redirect
      RedirectURL = https://exampleclientapp.com/authcode.aspx?code=AFF345CD12B
      ```

      *Note:*

      - This redirect URL can be anything that the user agent can understand.
      In the case of an embedded browser it could be a URL to a native view,
      i.e.: device://viewname
      - The Authorization Code is only valid for 30 seconds

      **3. Exchange Authorization Code for Access Token**

      The Client uses the Authorization Code to request an Access Token via the
      `/security/authorize` service method using the authorization_code grant type;

      *Required Header:*
      - Content-Type: application/x-www-form-urlencoded
      - Content-Length = Length of body information in UTF8

      *Required form parameters:*
      - grant_type = authorization_code
      - client_id = The client application’s API key
      - redirect_uri = The redirect uri used when obtaining the Authorization
      Code being provided
      - code = The Authorization Code value
      - client_secret = The secret for the client application’s API Key

      *Example Request*
      ```
      POST https://api.tradestation.com/v2/Security/Authorize HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: api.tradestation.com
      Content-Length: 630

      grant_type=authorization_code&client_id=11111111-1111-1111-1111-111111111111&redirect_uri=test.aspx&client_secret=11111111-1111-1111-1111-111111111111&code=YjlkWDRqVmxlRXphaZzM1NWQ1MzZtVVFJQXFkcmk3eldOSjRUSDJHSklqN1dMNkk=&response_type=token
      ```

      *Example Response*
      ```
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Length: 927
      Content-Type: application/json; charset=utf-8
      Server: Microsoft-IIS/7.5
      X-AspNet-Version: 4.0.30319
      X-Powered-By: ASP.NET
      Date: Tue, 06 Dec 2011 20:50:32 GMT

      {

          "refresh_token": "eGlhc2xvTTVJaEdXMWs4VjhraWx4bk5QMHJMaA==",
          "expires_in": 1200,
          "access_token": "eGlhc2xvozT2IxWnVITmdwGVFPQ==",
          "token_type": "AccessToken",
          "userid": "testUser"
      }
      ```
    type: oauth2
    flow: accessCode
    authorizationUrl: "https://api.tradestation.com/v2/security/authorize"
    tokenUrl: "https://api.tradestation.com/v2/security/authorize"
    scopes:
      marketdata: |
        Requests access to lookup or stream Market Data
      readaccount: |
        Requests access to view Brokerage Accounts belonging to the End-User
      trade: |
        Requests access to execute orders on behalf of the End-User
    #   news: |
    #     Requests access to view Market News
    #   hotlists: |
    #     Requests access to be allowed to execute HotList symbol scans
    # grant_type=authorization_code&code=K29qbmpGSEFDMLS0c=&client_id=42545245&redirect_uri=/webapi/authorize/authcodetest.aspx&client_secret=2452345

  OAuth2-Refresh-Token:
    description: |
      After an access token has expired or it becomes invalid,
      the Refresh token grant type can be used in order to obtain a new access token.
      Refresh tokens are valid indefinitely, unless the API key has been removed.

      A refresh token is specifically asigned for one API key and cannot be used to request new access tokens for a differet API key.


      *Required Header:*
      - Content-Type: application/x-www-form-urlencoded
      - Content-Length = Length of body information in UTF8

      *Required form parameters:*
      - grant_type:  "refresh_token" is the expected value for this grant type
      - client_id: The client application’s API key
      - refresh_token: The Refresh Token value generated when to original Access token was requested.
      - client_secret: The secret for the client application’s API Key
      - response_type: "token" is the expected value for the response type.

      *Example Request*
      ```
      POST https://api.tradestation.com/v2/security/authorize HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: api.tradestation.com
      Content-Length: 630

      grant_type=refresh_token&client_id=11111111-1111-1111-1111-111111111111&redirect_uri=http://www.myredirect.com&client_secret=11111111-1111-1111-1111-111111111111&refresh_token=YjlkWDRqVmxlRXphaZzM1NWQ1MzZtVdMNkk==&reponse_type=token
      ```

      *Example Response*
      ```
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Length: 927
      Content-Type: application/json; charset=utf-8
      Server: Microsoft-IIS/7.5
      Date: Tue, 06 Dec 2011 20:50:32 GMT

      {

          "access_token":"VUdLbE1RbTdCRUE4==",
          "expires_in":1200,
          "token_type":"AccessToken",
          "userid":"testUser"
      }
      ```


      *Possible Errors*
      - Invalid API Key: The API key sent as parameter does not match with the API key used to create the Refresh token.
      - API key failure: They API secret sent as parameter does not match with the API secret used to create the Refresh token.
      - Invalid refresh token: The refresh token used is not same that was sent to the user when the original access token was created.


    type: oauth2
    flow: application
    tokenUrl: "https://api.tradestation.com/v2/security/authorize"
    scopes:
      marketdata: |
        Requests access to lookup or stream Market Data
      readaccount: |
        Requests access to view Brokerage Accounts belonging to the End-User
      trade: |
        Requests access to execute orders on behalf of the End-User
    #   news: |
    #     Requests access to view Market News
    #   hotlists: |
    #     Requests access to be allowed to execute HotList symbol scans
    # grant_type=refresh_token&client_id=123456&redirect_uri=http://www.myredirect.com&client_secret=789456&refresh_token=1234myRefreshToken56789

##############################################################################
tags:
  - name: marketdata
    description: |
      Snapshots and live streams of market data from supported exchanges.
  - name: brokerage
    description: |
      Access to bank accounts, order transactions, and market positions for
      the given user account.
  - name: order-execution
    description: |
      Trading tools for order submission, cancellation, and pre-order confirmation.

##############################################################################
paths:
  '/v2/data/symbol/{symbol}':
    get:
      summary: |
        Get Symbol Info
      description: |
        Finds the given symbol and returns a collection of fields describing the
        symbol, its origin exchange, and other pertinant information.
      operationId: getSymbol
      tags:
        - marketdata
      parameters:
        - name: symbol
          in: path
          type: string
          description: Symbol to lookup.
          required: true
      security:
        - OAuth2-Auth-Code:
            - marketdata
        - OAuth2-Refresh-Token:
            - marketdata
      x-code-samples:
        - lang: shell
          source: |
            curl -H "Authorization: Bearer 1JUjFiNFFGWEdDM" "https://api.tradestation.com/v2/data/symbol/AMZN"
      responses:
        '200':
          description: Symbol Response
          schema:
            $ref: '#/definitions/SymbolDefinition'
        '400':
          description: Bad Request
          schema:
            $ref: '#/definitions/Error'
        '401':
          description: Unauthorized
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: Forbidden
          schema:
            $ref: '#/definitions/Error'
        '404':
          description: Symbol Not Found
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Unexpected Error
          schema:
            $ref: '#/definitions/Error'
        '502':
          description: Bad Gateway
          schema:
            $ref: '#/definitions/Error'
        '504':
          description: Gateway Timeout
          schema:
            $ref: '#/definitions/Error'

  ##############################################################################
  '/v2/data/symbols/suggest/{text}':
    get:
      summary: |
        Suggest Symbols
      description: |
        Suggests symbols semantically based upon partial input of symbol name,
        company name, or description. Does not return Options symbols.
      operationId: suggestsymbols
      tags:
        - marketdata
      security:
        - OAuth2-Auth-Code:
            - marketdata
        - OAuth2-Refresh-Token:
            - marketdata
      x-code-samples:
        - lang: shell
          source: |
            curl -H "Authorization: Bearer 1JUjFiNFFGWEdDM" "https://api.tradestation.com/v2/data/symbols/suggest/A"
      parameters:
        - name: $top
          in: query
          type: integer
          description: The top number of results to return.
          required: false
        - name: $filter
          in: query
          type: string
          description: |-
            An OData filter to apply to the results. Supports the `eq` and `neq` filter opeators. E.g. `AAP?$filter=Category%20neq%20%27Stock%27`.
            Valid values are: `Category` (`Stock`, `Index`, `Future`, `Forex`), `Country` (E.g. `United States`, `GB`) `Currency` (E.g. `USD`, `AUD`),
            and `Exchange` (E.g. `NYSE`).
          required: false
        - name: text
          in: path
          type: string
          description: Symbol text for suggestion. Partial input of a symbol name, company name, or description.
          required: true
      responses:
        '200':
          description: Symbol Suggest
          schema:
            $ref: '#/definitions/SymbolSuggestDefinition'
        '400':
          description: Bad Request
          schema:
            $ref: '#/definitions/Error'
        '401':
          description: Unauthorized
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: Forbidden
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Unexpected Error
          schema:
            $ref: '#/definitions/Error'
        '502':
          description: Bad Gateway
          schema:
            $ref: '#/definitions/Error'
        '504':
          description: Gateway Timeout
          schema:
            $ref: '#/definitions/Error'

  ##############################################################################

  '/v2/data/symbols/search/{criteria}':
    get:
      summary: |
        Search for Symbols
      description: |
        Searches symbols based upon input criteria including Name, Category and
        Country.
      operationId: searchSymbols
      tags:
        - marketdata
      security:
        - OAuth2-Auth-Code:
            - marketdata
        - OAuth2-Refresh-Token:
            - marketdata
      x-code-samples:
        - lang: shell
          source: |
            curl -H "Authorization: Bearer 1JUjFiNFFGWEdDM" "https://api.tradestation.com/v2/data/symbols/search/N=MSFT&C=Stock&Cnt=US"
      parameters:
        - name: criteria
          in: path
          type: string
          description: |
            Criteria are represented as Key/value pairs (`&` separated):

            `N`: Name of Symbol. (Optional)

            `C`: Asset categories. (Optional) Possible values:
              - `Future` or `FU`
              - `FutureOption` or `FO`
              - `Stock` or `S` (Default)
              - `StockOption` or `SO` (If root is specified, default category)
              - `Index` or `IDX`
              - `CurrencyOption` or `CO`
              - `MutualFund` or `MF`
              - `MoneyMarketFund` or `MMF`
              - `IndexOption` or `IO`
              - `Bond` or `B`
              - `Forex` or `FX`

            `Cnt`: Country where the symbol is traded in. (Optional) Possible values:
              - `ALL` if not specified (Default)
              - `US`
              - `DE`
              - `CA`

            #### For Equities Lookups:

            `N`: partial/full symbol name, will return all symbols that contain the provided name value

            `Desc`: Name of the company

            `Flg`: indicates whether symbols no longer trading should be included in the results returned. (Optional) This criteria is not returned in the symbol data. Possible values:
              - `true`
              - `false` (Default)

            `Cnt`: Country where the symbol is traded in. (Optional) Possible values:
              - `ALL` if not specified (Default)
              - `US`
              - `DE`
              - `CA`

            #### For Options Lookups:
            (Category=StockOption, IndexOption, FutureOption or CurrencyOption)

            `R`: Symbol root. Required field, the symbol the option is a derivative of, this search will not return options based on a partial root.

            `Stk`: Number of strikes prices above and below the underlying price
              - Default value 3

            `Spl`: Strike price low

            `Sph`: Strike price high

            `Exd`: Number of expiration dates.
              - Default value 3

            `Edl`: Expiration date low, ex: 01-05-2011

            `Edh`: Expiration date high, ex: 01-20-2011

            `OT`: Option type. Possible values:
              - `Both` (Default)
              - `Call`
              - `Put`

            `FT`: Future type for FutureOptions. Possible values:
              - `Electronic` (Default)
              - `Pit`

            `ST`: Symbol type: Possible values:
              - `Both`
              - `Composite` (Default)
              - `Regional`

            #### For Futures Lookups:
            (Category = Future)

            `Desc`: Description of symbol traded

            `R`: Symbol root future trades

            `FT`: Futures type. Possible values:
              - `None`
              - `PIT`
              - `Electronic` (Default)
              - `Combined`

            `Cur`: Currency. Possible values:
              - `All`
              - `USD` (Default)
              - `AUD`
              - `CAD`
              - `CHF`
              - `DKK`
              - `EUR`
              - `DBP`
              - `HKD`
              - `JPY`
              - `NOK`
              - `NZD`
              - `SEK`
              - `SGD`

            `Exp`: whether to include expired contracts
              - `false` (Default)
              - `true`

            `Cnt`: Country where the symbol is traded in. (Optional) Possible values:
              - `ALL` if not specified (Default)
              - `US`
              - `DE`
              - `CA`

            #### For Forex Lookups:

            `N`: partial/full symbol name. Use all or null for a list of all forex symbols

            `Desc`: Description

            Note:
              - The exchange returned for all forex searches will be `FX`
              - The country returned for all forex searches will be `FOREX`
          required: true
      responses:
        '200':
          description: Symbol Search Response
          schema:
            $ref: '#/definitions/SymbolSearchDefinition'
        '400':
          description: Bad Request
          schema:
            $ref: '#/definitions/Error'
        '401':
          description: Unauthorized
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: Forbidden
          schema:
            $ref: '#/definitions/Error'
        '404':
          description: Symbol Not Found
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Unexpected Error
          schema:
            $ref: '#/definitions/Error'
        '502':
          description: Bad Gateway
          schema:
            $ref: '#/definitions/Error'
        '504':
          description: Gateway Timeout
          schema:
            $ref: '#/definitions/Error'

  ##############################################################################

  '/v2/data/quote/{symbols}':
    get:
      summary: |
        Get Quote
      description: |
        Gets the latest Level 1 Quote for the given Symbol.
      operationId: getQuotes
      tags:
        - marketdata
      security:
        - OAuth2-Auth-Code:
            - marketdata
        - OAuth2-Refresh-Token:
            - marketdata
      x-code-samples:
        - lang: shell
          source: |
            curl -H "Authorization: Bearer 1JUjFiNFFGWEdDM" "https://api.tradestation.com/v2/data/quote/AMZN"
      parameters:
        - name: symbols
          in: path
          description: 1 or more Symbol Names (comma-separated), limited to 50 symbols per request.
          type: array
          items:
            type: string
          collectionFormat: csv
          required: true
      responses:
        '200':
          description: Quote Response
          schema:
            $ref: '#/definitions/QuoteDefinition'
        '400':
          description: Bad Request
          schema:
            $ref: '#/definitions/Error'
        '401':
          description: Unauthorized
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: Forbidden
          schema:
            $ref: '#/definitions/Error'
        '404':
          description: Symbol Not Found
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Unexpected Error
          schema:
            $ref: '#/definitions/Error'
        '502':
          description: Bad Gateway
          schema:
            $ref: '#/definitions/Error'
        '504':
          description: Gateway Timeout
          schema:
            $ref: '#/definitions/Error'

  ##############################################################################

  '/v2/stream/quote/changes/{symbols}':
    get:
      summary: |
        Stream Quote Changes
      description: |
        Streams the latest Quote information for the given Symbols. The first chunk in the stream is a full quote snapshot - subsequent chunks only contain fields of the quote object that have changed since the last chunk.

        An invalid symbol name will result in a response of this form - {"Symbol":"BADEXAMPLESYMBOL","Error":"FAILED, EX_INVALID_SYMBOL"}

        If the user is not entitled for the symbol requested, response will be of this form - {"Symbol":"EXAMPLESYMBOL","Error":"FAILED, EX_NOT_ENTITLED"}
      operationId: streamQuotesChanges
      tags: