Authentication
There currently are two ways you can authenticate with IBKR CP Web API:
- Using Client Portal Gateway
- Using OAuth 1.0a
Few observations to help you chose:
- Client Portal Gateway has been available for longer and IBeam greatly simplifies its setup and maintenance, making this a quicker solution to get started than OAuth 1.0a.
- However, using the Gateway comes with quirks of its own, as you may need to automate 2FA for production, while the connection can sometimes become unstable.
- OAuth 1.0a is a more modern solution which removes the need to run the additional software.
- Basic setup is more involved than that of setting up the Gateway, requiring you to generate, upload and download a bunch of keys. You also need to enable it and wait approximately 24 hours for it to be approved.
- However, once set up correctly, it will likely be a more reliable solution.
Hence:
- Consider starting with IBeam to run some early paper trading tests if you want a quick pre-packaged solution.
- Use OAuth 1.0a if there is no urgency and you can set it up correctly.
You need to have a running Java-based Client Portal Gateway in order to successfully communicate with the IBKR CP Web API.
We recommend using IBeam to automate and simplify starting the Gateway and keeping it alive.
IBeam (the authentication tool) is also built and maintained by the authors of IBind (this Python client library), and the two projects are meant to support one another.
See OAuth 1.0a page for how to set it up with IBind.