The developer portal allows you to create your own applications that can access TD Ameritrade & TD Ameritrade partner products and services. This guide will walk you through:
- Creating a Developer Account
- Registering an Application
- Navigating the Documentation
- Making Your First Request
Creating a Developer Account
- Click the Register link and complete all fields in the new user registration screen. Required fields are indicated with an asterisk.
- Click "Create new account"
- You will receive an email with a verification link and your new account details. Click the verification link from the email to activate your new account.
- After successful login, you can navigate TD Ameritrade for developers with the following menu bar links:
- Docs: Documentation for the APIs provided through TD Ameritrade for developers
- My Apps: Use to create, view, edit, and delete an application and its associated details
- Guides: Contains instructions on how to perform specific tasks with the APIs provided and other useful information to aid in your development
Registering an App
- To create a new app, go to My Apps and select Add a new App
- Complete the fields in the Add App screen and select Create App. Field details are:
- App Name: A unique application name.
- Callback URL: The URL to receive the auth code (used to retrieve a token from the Authentication API) after successful authentication. Separate URLs with a comma for multiple URLs. Localhost can be used here, as well.
- OAuth User ID: Your application's unique ID on the API. Enter up to 13 alphanumeric characters.
- App Description: Description of this application.
- Your new application will be displayed in My Apps once it is successfully registered.
Navigating the Documentation
In APIs, there is a list of available APIs which will each have documentation. Within each API, resources provided by that API are listed along with supported HTTP methods. Click on a method to get more information about using that method. The methods detail page includes the following information:
- The Resource URL is the location of the resource.
- Query Parameters detail the parameters that can be passed in the URL.
- The Send Request section allows you to try a request inside the browser to see an example of what is send and received. To send a request:
- Click OAuth 2.0 to launch the authentication window for your application and authenticate with a TD Ameritrade customer account.
- Fill in any variables in the Resource URL and Query Parameters sections.
- Click Send.
- Below Send, Request shows the request that was send, Response shows the response that was received, and cURL provides a cURL command to repeat the request using cURL.
- The Resource Summary section shows the method's security and category.
- The Response Summary section lists the response structure, including JSON and response Schema.
- The error codes associated with the method can be found in the Resource Error Codes section.
Click the Contact Us link at the bottom of the screen to send an email to TD Ameritrade API Support
Making Your First Request
Requests can be made by authenticating your application and a user in combination, or only authenticating your application (referred to as unauthenticated requests). Without user authentication and authorization, public resources like delayed data may be available.
Right now, APIs offering this generally only require the OAuth User ID passed in to a parameter. In the future, we will move toward only supporting the OAuth 2.0 Client Credentials flow described in section 1.3.4 of RFC 6749 for this type of request.
To authenticate a user, we use the OAuth 2.0 Authorization Code flow described in section 1.3.1 of RFC 6749. The best way to see this in action is to follow the steps on the simple auth guide
- Invoke the authentication window in the browser with the URL https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=
OAuth User ID@AMER.OAUTHAP.
- When the user has authenticated, a GET request will be made to your redirect URI with the authorization code passed as a parameter.
- This authorization code can then be passed as the code parameter to the Authentication API's Post Access Token method using the authorization_code grant type. To receive a refresh token which allows you to receive a new access token after the access token's expiration of 30 minutes, set the access type to offline.
- When you have POSTed details to the token endpoint and received your access token and refresh token, you can pass the access token as a bearer token by setting the Authorization header on all requests to "Bearer