Young man smiling

Documentation

The Questrade API allows developers to create their own fully featured trading and analytical applications through their brokerage account.

Security

The security measures implemented by Questrade support the OAuth 2.0 version security protocol. Any OAuth library can be used to make requests against the Questrade API.

Questrade only allows API requests via HTTPS (TLS) and refuse connections when accessed via HTTP. In addition, the required HTTP method (GET, POST etc.) must also be defined.

Obtaining a refresh token

To make an authenticated call via your API application:

  1. In the API section of the Questrade security center, register your API application and obtain a client ID (an alpha-numeric identifier that Questrade assigns to a registered application).
  2. Generate a refresh token for your API application.
  3. Redeem  the refresh token for an access token.

Obtaining an access token

Once you have a refresh token, you can redeem it for an access token to make authenticated calls through your API application. Redeeming the authorization code requires making a request to the access token endpoint using the following request parameters:

Request parameters

ParameterTypeDescription
grant_type
String
Always set to “refresh_token”.
refresh_token
String
Refresh token you receive from the security centre.

Response properties

PropertyTypeDescription
access_token
String
Access token for making authenticated calls.
token_type
String
Type of token (always set to “Bearer”).
expires_in
Integer
Duration of the time token in which it became active (in seconds).
api_server
String
URL of the API server that the client application should contact.
Sample request
 
  POST /oauth2/token HTTP/1.1
  Host: https://login.questrade.com
  grant_type=refresh_token&refresh_token=p4VTj45GhS8lY7aFoKDNZxB8yQHMOr+f
Sample JSON response

      {
         "access_token": "p4VTj45GhS8lY7aFoKDNZxB8yQHMOr+f",
         "token_type": "Bearer" ,
         "expires_in": 1800, 
         "refresh_token": "aSBe7wAAdx88QTbwut0tiu3SYic3ox8F" ,
         "api_server": "https://api01.iq.questrade.com/v1" 
      }

Revoking authorization

To revoke authorization, you can do one of the following:

  1. Go to API Centre > Personal applications, and click Revoke to immediately expire the token that was issued previously or click Delete to delete the personal app.

    2. OR

  2. Use the revoke endpoint to revoke the authorization from your application code as per the example below:
    Revoke endpoint URL: https://login.questrade.com/oauth2/revoke

Revoke endpoint example

 
  POST /oauth2/revoke HTTP/1.1
  Host: https://login.questrade.com
  Content-Type: application/x-www-form-urlencoded
  token=p4VTj45GhS8lY7aFoKDNZxB8yQHMOr+f

Making an authorized request

Authorized requestes can be made toward API servers. The URL of the API servers will be provided to your application as a response to every access token request you make. Once your application obtains an access token and URL of proxy server to contact, it can then make authenticated calls on behalf of the user that authorized the application using a number of REST endpoints.

Your API application must pass the access token in the “Authorization” HTTP header as described in the sample request below:

Sample authorized request

 
   GET /v1/accounts HTTP/1.1
   Host: https://api01.iq.questrade.com
   Authorization: Bearer p4VTj45GhS8lY7aFoKDNZxB8yQHMOr+f

IQ API OAuth scopes

As part of its OAuth 2.0 implementation, IQ API defines OAuth scopes – permissions that the account holders grants to the authorized API client application. Each API call belongs to one and only scope.

The following table describes scopes that the API provides and the mapping of API calls to these scopes.

Release notes:
ScopeScope identifierAPI calls
Read account information
read_acc
GET time GET accounts
GET accounts/:id/positions
GET accounts/:id/balances
GET accounts/:id/executions
GET accounts/:id/orders
GET symbols/:id
GET symbols/:id/options
GET markets
Read market data
read_md
GET markets/quotes/:id
GET markets/candles/:id
Trade (partner developers only)
trade
POST accounts/:id/orders[/:orderId]
POST accounts/:id/orders[:/orderId]/impact
DELETE accounts/:id/orders/:orderId

Downloads

C plus plus

C ++

Dec 18, 2015Version 1.1.0
Release notesDownload API
C sharp

C #/Active X

Dec 18, 2015Version 1.1.0
Release notesDownload API

Already a Questrade client?

Create your first application using your Questrade account.

Integrate your application with Questrade API

Support

Report an issue

Have questions about Questrade's API? Tell us how we can help, send us an email.

Get Started

Request a feature

We want your ideas on how we can improve our API. If you have a suggestion for a minor tweak, a major overhaul, or something brand new, please share it with us.

Get Started

If you are using an api app developed by a third party, you are required to read, understand and accept the end-user license agreement for application program interface. If you are utilizing api access for an api-enabled app you built, you are required to read, understand and accept the Questrade personal application program interface ("api") license agreement ("license agreement"). This agreement can be found below. You may be bound by both agreements.

See All