This guide will help you get started with authentication without the need to run a Web server. This is especially useful for running a local application for personal use. Note that you will need your Redirect URI and Consumer Key - see the Getting Started guide for more information on creating apps. Included below are some example values
- Go to your auth URL (capitalization does matter) at https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={URLENCODED REDIRECT URI}&client_id={URLENCODED Consumer Key}%40AMER.OAUTHAP
-
Example: https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=https%3A%2F%2F127.0.0.1&client_id=EXAMPLE%40AMER.OAUTHAP
-
- Authenticate with a TD Ameritrade account and it will redirect you to a 404, but in the address bar, copy the part that comes after “code=”
- URL decode what you copied and then copy and paste that value in to the code param on https://developer.tdameritrade.com/authentication/apis/post/token-0
-
Example: If the authorization code was 03%40A%2FB (it's longer), I would URL decode it to get 03@A/B - this is because the developer site automatically urlencodes values - your app would be able to use the code exactly as it comes back
-
- Fill out the other values
-
grant_type: authorization_code access_type: offline client_id: {Consumer Key} (e.g. EXAMPLE@AMER.OAUTHAP) redirect_uri: {REDIRECT URI} (e.g. https://127.0.0.1)
-
- Hit SEND
That will give you a refresh token that you can use for 90 days to request access tokens and allow you to authenticate without needing a server. Note that you will need to update your app's refresh token at least once every 90 days to keep it functioning.
To make authenticated requests, simply include the Authorization header and set it to "Bearer {ACCESS TOKEN}".
To request a new access token, make a Post Access Token request with your refresh token using the following parameter values:
grant_type: refresh_token
refresh_token: {REFRESH TOKEN}
client_id: {Consumer Key}