OAuth Reference #

OAuth allows you to request market data and manage portfolios on behalf of your end-users. For further details on the OAuth functionality, please see the OAuth documentation.

Note: Each endpoint may have different base URLs.

Redirect user for authorization

GET /oauth/authorize

Redirect your user from your application to this endpoint with the following query parameters.

Use the following base URL: https://app.alpaca.markets.

Example Request URL: https://app.alpaca.markets/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URL&state=SOMETHING_RANDOM&scope=account:write%20trading

Parameters

Query Parameters

Attribute	Type	Requirement	Description
`response_type`	string	Required	Must be `code` to request an authorization code.
`client_id`	string	Required	The Client ID you received when you registered the application.
`redirect_uri`	string	Required	The URL where the user will be sent after authorization. It must match one of the whitelisted redirect URIs for your application.
`state`	string	Optional	An unguessable random string, used to protect against request forgery attacks.
`scope`	string	Optional	A space-delimited list of scopes your application requests access to. Read-only endpoint access is assumed by default.

Response

Redirect to Alpaca authorization page.

Allowed Scopes #

Attribute	Notes
`account:write`	Write access for account configurations and watchlists.
`trading`	Place, cancel or modify orders.
`data`	Access to the Data API.

Retrieve an access token

POST /oauth/token

Exchange your temporary code for an access token.

Use the following base URL: https://api.alpaca.markets.

Parameters

Body Parameters

Attribute	Type	Requirement	Description
`grant_type`	string	Required	Must be set to `authorization_code` for an access token request.
`code`	string	Required	The temporary authorization code received from redirection request.
`client_id`	string	Required	The Client ID you received when you registered the application.
`client_secret`	string	Required	The Client Secret you received when you registered the application.
`redirect_uri`	string	Required	The redirect URI you used for the authorization code request.

Response

The access token

Note: this request should take place behind-the-scenes from your backend server and shouldn’t be visible to the end users for security purposes.

The content type must be application/x-www-form-urlencoded as defined in RFC.

Example Response #

{
  "access_token": "79500537-5796-4230-9661-7f7108877c60",
  "token_type": "bearer",
  "scope": "account:write trading"
}

Disclosures

Brokerage services are provided by Alpaca Securities, member FINRA/SIPC, a wholly-owned subsidiary of AlpacaDB, Inc.

Technology and services are offered by AlpacaDB, Inc.

Brokerage services are provided to customers who can write automated investment code and self-direct their own investments. Alpaca brokerage services are only provided to customers who agree to electronically sign agreements and agree to receive messages, confirmations, and statements electronically. Is Alpaca right for me?

This is not an offer, solicitation of an offer, or advice to buy or sell securities or cryptocurrencies, or open a brokerage account or cryptocurrency account in any jurisdiction where Alpaca Securities or Alpaca Crypto respectively, are not registered or licensed, as applicable.

The Paper Trading API is offered by AlpacaDB, Inc. and does not require real money or permit a user to transact in real securities in the market. Providing use of the Paper Trading API is not an offer or solicitation to buy or sell securities, securities derivative or futures products of any kind, or any type of trading or investment advice, recommendation or strategy, given or in any manner endorsed by AlpacaDB, Inc. or any AlpacaDB, Inc. affiliate and the information made available through the Paper Trading API is not an offer or solicitation of any kind in any jurisdiction where AlpacaDB, Inc. or any AlpacaDB, Inc. affiliate (collectively, "Alpaca") is not authorized to do business.

You should know that the use or granting of any third party access to your account information or place transactions in your account at your direction is solely at your risk. Alpaca does not warrant against loss of use or any direct, indirect or consequential damages or losses to you caused by your assent, expressed or implied, to a third party accessing your account or information, including access provided through any other third party apps, systems, or sites.

Market prices, data and other information available through Alpaca are not warranted as to completeness or accuracy and are subject to change without notice. System response and account access times may vary due to a variety of factors, including trading volumes, market conditions, system performance, and other factors. A more complete description of the impact these factors may have can be found in our risks of automated trading systems section.

All investments involve risk and the past performance of a security, or financial product does not guarantee future results or returns. Keep in mind that while diversification may help spread risk it does not assure a profit, or protect against loss, in a down market. There is always the potential of losing money when you invest in securities, or other financial products. Investors should consider their investment objectives and risks carefully before investing.

There are risks unique to automated trading algorithms that you should know about and plan for. You should setup a method or system of continuous monitoring or alerting to let you know if there is a mechanical failure, such as connectivity issues, power loss, a computer crash, or system quirk. You should also monitor for instances where your automated trading system experiences anomalies that could result in errant, missing, or duplicated orders. A more complete description of these and other risks can be found in our FAQ section.

Conditional orders may have increased risk as a result of their reliance on trigger processing, market data, and other internal and external systems. Such orders are not sent to the market until specified conditions are met. During that time, issues such as system outages with downstream technologies or third parties may occur. Conditional orders triggering near the market close may fail to execute that day. Furthermore, our executing partner may impose controls on conditional orders to limit erroneous trades triggering downstream orders. Alpaca Securities may not always be made aware of such changes to external controls immediately, which may lead to some conditional orders not being executed. As such, it is important to monitor conditional orders for reasonability. Conditional orders are “Not Held” orders whose execution instructions are on a best efforts basis upon being triggered. Furthermore, conditional orders may be subject to the increased risks of stop orders and market orders outlined above. Given the increased potential risk of using conditional orders, the client agrees that Alpaca Securities cannot be held responsible for losses, damages, or missed opportunity costs associated with market data problems, systems issues, and user error, among other factors. By using conditional orders the client understands and accepts the risks outlined above. Alpaca Securities encourages leveraging the use of Paper accounts to become more comfortable with the intricacies associated with these orders.

ETFs can entail risks similar to direct stock ownership, including market, sector, or industry risks. Some ETFs may involve international risk, currency risk, commodity risk, and interest rate risk. Trading prices may not reflect the net asset value of the underlying securities.

All accounts are opened as limited purpose margin accounts. You should know that margin trading involves interest charges and risks, including the potential to lose more than deposited or the need to deposit additional collateral in a falling market. Before using margin, customers must determine whether this type of trading strategy is right for them given their specific investment objectives, experience, risk tolerance, and financial situation. For more information please see Alpaca's Margin Disclosure Statement and Margin Agreement. These disclosures contain information on Alpaca Securities's lending policies, interest charges, and the risks associated with margin accounts.

Commission-Free trading means that there are no commission charges for Alpaca Securities self-directed individual brokerage accounts that trade U.S. listed securities through an API. Relevant regulatory fees may apply.

Commission free trading is available for Alpaca's retail customers. Alpaca reserves the right to charge additional fees if it is determined that orders flow is non-retail in nature.

Cryptocurrency is highly speculative in nature, involves a high degree of risks, such as volatile market price swings, market manipulation, flash crashes, and cybersecurity risks. Cryptocurrency is not regulated or is lightly regulated in most countries. Cryptocurrency trading can lead to large, immediate and permanent loss of financial value. You should have appropriate knowledge and experience before engaging in cryptocurrency trading. For additional information please click here.

Cryptocurrency services are made available by Alpaca Crypto, a FinCEN registered money services business (NMLS # 2160858), and a wholly-owned subsidiary of AlpacaDB, Inc. Alpaca Crypto is not a member of SIPC or FINRA. Cryptocurrencies are not stocks and your cryptocurrency investments are not protected by either FDIC or SIPC. Please see the Disclosure Library for more information.