OAuth + nodejs through REST API #56
Comments
|
Hey @gikeberyfinn sorry can you explain what are you trying to accomplish in more detail? Would you like to be calling Python script with IBind code from NodeJS?
IBind pretty much does exactly that already, hence I'm not sure if I'm following. Could you elaborate? |
|
@Voyz Yes, I am considering how to integrate IBind instead of my current use of IBeam. Right now, I use code in the following format like:
From what I understand, if I simply install IBind + OAuth module, changing localhost:5000 to api.ibkr.com in my code won’t be enough. Instead, I would need to rewrite my entire NodeJS project, integrating calls in Python. Or am I misunderstanding something? |
That is correct, IBind won't work in NodeJS. It will probably be easier for you to integrate OAuth and needed endpoints in your NodeJS project. |
|
@Voyz I about as good a programmer as a bullet made of poop. I’ve spent a whole day trying to port IBind OAuth flow to Node.js. The basic auth steps (like /v1/api/oauth/live_session_token) work fine, and Im getting a valid live_session_token. But I keep hitting a 401 Invalid signature wall at /v1/api/iserver/auth/ssodh/init, and I out of ideas. Could you shed some light on how the oauth_signature is formed for this request? Here what Im dying to know: Is the request body ({"compete": true}) included in the base string when Content-Type is application/json? Are only the OAuth params (oauth_consumer_key, oauth_nonce, etc.) used in the base string, or is there anything sneaky (like prepend) sneaking in? Is the live_session_token used directly as the HMAC-SHA256 key, or is it processed somehow? Does the base string encoding follow any quirks (e.g., specific URI escaping rules beyond RFC 3986)? Any chance the server expects a specific Content-Type or body format that I might be missing? Are there any undocumented headers or params that need to be included for this endpoint? Base String for https://api.ibkr.com/v1/api/iserver/auth/ssodh/init: POST&https%3A%2F%2Fapi.ibkr.com%2Fv1%2Fapi%2Fiserver%2Fauth%2Fssodh%2Finit&oauth_consumer_key%...%26oauth_nonce%...%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1740150284%26oauth_token%... Authorization Header for https://api.ibkr.com/v1/api/iserver/auth/ssodh/init: OAuth realm="limited_poa", oauth_consumer_key="...", oauth_nonce="...", oauth_signature="qEHBgJHU...i6%2BX0Wk...HX61C...2D69MlL4...AEs%3D", oauth_signature_method="HMAC-SHA256", oauth_timestamp="1740150284", oauth_token="..." Sending POST to https://api.ibkr.com/v1/api/iserver/auth/ssodh/init with headers: { Error from IB: { error: 'Invalid signature', statusCode: 401 } A code snippet or a quick breakdown would save my sanity. Thanks a ton for your help |
|
@gikeberyfinn I'm sorry but the OAuth PR has been authored and almost fully implemented by other users, please see: #34. I don't know the answers to your questions. I'd recommend you reach out to IBKR with these same questions and they should be able to help you find answers. Good luck 👍 |
Hello!
OAuth integration seems to be the holy grail for avoiding gateway-related issues. However, my trading system is built on NodeJS, and it relies on simple requests like:
https://localhost:5000/v1/api/iserver/account/U.../orders
I would be thrilled if ibind could support requests in the format:
https://api.ibkr.com/v1/api/iserver/account/U.../orders
Alternatively, what would be the best way to structure the connection to my NodeJS system? Thank you.
The text was updated successfully, but these errors were encountered: