Authorization in Test environment
This article describes the main features of authorization in the Test environment. Step-by-step instructions for authorization and working with this environment are described in quick-start guide
Authorization of API requests requires a trading account on behalf of which operations will be performed. In the Production environment the ALOR Broker client account with real portfolios and positions in them is used as a trading account. Since the Test environment works with simulation data, it is impossible to use a real trading account in it.
Requests to this system environment must be authorized using a test trading account provided to users upon request. This creates differences in the authorization process compared to the Production environment.
Test environment supports authorization only using the JWT mechanism. OAuth service is not available for this environment.
Creating developer account
Creation of a developer account is necessary to authorize requests to the API regardless of which environment the requests are directed to.
The process of creating and managing a developer account is described in the related article.
Getting trading account
To get a test trading account or change the list of portfolios belonging to it, leave a request at support@alor.ru or contact us in telegram.
Test account cannot be bind to the developer account as it happens with real trading account. Keep the login and password from the provided account for the entire testing period.
Getting Refresh token
Refresh token is used to renew Access tokens authorizing API requests.
Test trading account is designed to test requests and therefore allows you to get only one Refresh token at a time without providing information about creation and expiration date.
Do the following steps to get a Refresh token for Test environment:
- Go to the API Access Tokens page
- Click the
Tokens for trading in Test environment can be obtained here.link in the “Test environment” section at the bottom of the page - Click the `Begin OAuth authorization flow' link on the next page
- Enter the credentials of the test trading account received from technical support in the fields and click
Login - Check the list of access rights granted for the test trading account and click
Allow - Save the displayed Access and Refresh tokens to a safe place
The validity period of Refresh token for Test environment is 1 month. The reason is that the test token is actually generated using the authorization procedure via the OAuth 2.0 service. The service also acts as an OAuth client, receiving and transferring tokens to the user with a standard lifetime for this method of obtaining tokens.
Getting Access token
Access tokens are used to authorize requests to the API as made using the specific trading account.
Test environment provides two options for getting a token:
- On the Refresh token page
- In response to the corresponding HTTP request
Regardless of the selected option, Access token is valid for 30 minutes from the moment of creation. In the first case, the countdown starts from the moment you access the token page, in the second case — from the moment you receive a response from the authorization server.
When working with the system regularly, it is recommended to use the second option, which allows you to automate token renewal. To use this option, send a POST-request to the authorization server available at https://oauthdev.alor.ru.
https://oauthdev.alor.ru/refresh?token=12b...cac
Where 12b...cac is Refresh Токен.
As a response, the authorization server will return a JSON object containing the Access Token:
{
"AccessToken": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.eyJzdWIiOiJMb2dpblNhbXBsZSIsImVudCI6ImNsaWVudCIsImVpbiI6IjAxMjM0IiwiY2xpZW50aWQiOiIwMTIzNDU2IiwiYXpwIjoiMDEyMzQ1Njc4OWFiY2RlZjAxMjMiLCJhZ3JlZW1lbnRzIjoiQWdyZWVtZW50U2FtcGxlMSBBZ3JlZW1lbnRTYW1wbGUyIEFncmVlbWVudFNhbXBsZTMiLCJwb3J0Zm9saW9zIjoiUG9ydGZvbGlvU2FtcGxlMSBQb3J0Zm9saW9TYW1wbGUyIFBvcnRmb2xpb1NhbXBsZTMiLCJzY29wZSI6Ik9yZGVyc1JlYWQgT3JkZXJzQ3JlYXRlIFRyYWRlcyBQZXJzb25hbCBTdGF0cyIsImV4cCI6Mjg3MTc2MzE5OSwiaWF0IjowLCJpc3MiOiJBbG9yLklkZW50aXR5IiwiYXVkIjoiQ2xpZW50IFdBUlAgV2FycEFUQ29ubmVjdG9yIHN1YnNjcmlwdGlvbnNBcGkgQ29tbWFuZEFwaSBJbnN0cnVtZW50QXBpIFRyYWRpbmdWaWV3UGxhdGZvcm0ifQ.QOQVMIAoZ6SnF5urnIzJ0EvtQd9P5Sx355069kXoID207wHOTW0wkKNMcrIKXmENEQQ_0yDjqH_kjeqWLBJuqA"
}
An interactive description is available for the Access token update request on the JWT Token page.
Features and limitations
- The role of a test trading account is to provide the ability to test API requests and applications based on them. All operations and transactions performed using this account are temporary and will be cleared with the restart of the trading session
- Test account cannot be bound to the Developer account, as it happens with a real trading account. Keep the login and password of the provided trading account for the whole testing period
- Test account is not personalized and can be provided to multiple API users simultaneously
- If user activity threatens the performance of the Test environment of the system (e.g., sending dozens of requests per second), access to the test account may be terminated
- Account portfolios and starting positions depend on settings manually set in the system. If certain conditions are required for API testing, please specify them when requesting access
- Test account supports the ability to create only one Refresh token at a time without the possibility to revoke it
- Test Environment tokens have a different validity period than Production tokens: 1 month for Refresh and 30 minutes for Access token. When expired, a new Refresh token can be obtained by repeating the process described above