Production environment

tip

This guide describes interaction with the Production environment of the system and requires a valid ALOR Broker trading account. Guide for a Test environment that does not require a valid trading account is described here.

Step 1: Registering a developer account

Developer account is required to get access to the request authorization mechanisms of the trading system.

Already done?

If the developer account has been registered earlier, go to next step.

Follow the steps below to create a developer account:

1. Go to Developer Portal and click the Authorize button in the upper right corner
2. Click the Register link below the authorization form
3. Fill in the required fields and click `Register' button
4. Confirm the e-mail address used for registration by clicking on the link from the automatically sent e-mail.
5. Go to authorization page and log in to the created developer account with the data specified during registration

Registration of a developer account is a one-time process and will not be needed to be repeated each API request.

Details

More information about the developer account is provided in related article.

---

Step 2: Binding a trading account

Most API requests require execution using a specific trading account for authorization purposes. To create authorization tokens linked to the selected trading account, it must be specified in the developer account.

tip

If the correct trading account was bound to the developer account earlier, go to next step.

Follow the steps below to bind a trading account to a developer account:

1. Go to the API Access Tokens page.
2. Enter the login and password of the trading account in the corresponding fields and click Bind button.

Binding of a trading account is a one-time process and will not be needed to be repeated each API request.

Details

More information about binding a trade account is available in related article.

---

Step 3: Getting Refresh token

For most API use cases, we recommend authorizing requests using JWT tokens.

This option allows authorizing submitted requests with a short-term Access token, for creating which you must first obtain a Refresh token.

tip

If Refresh token was already created earlier and has not expired, proceed to next step.

Do the following to create a new Refresh token for a real trading account:

1. Go to the [API Access Tokens] page(https://alor.dev/open-api-tokens)
2. Create a new Refresh token by clicking on the `Create Token' button
3. View the created token by finding it in the list below and clicking the Show button

Created Refresh token is valid for 1 year from the moment of creation. If the token expires or you manually revoke it, repeat the same steps to get a new one.

Details

More information about Refresh tokens is available in related article.

---

Step 4: Getting Access token

Most of the private system resources require the user to have respective access rights. When proving permissions with JWT, each request must contain an Access token created with the previously created Refresh token.

tip

If Access token was already created earlier and has not expired, proceed to next step.

To get an Access token, send a POST request to the /refresh endpoint of the authorization server. In the Production environment, this server is accessible at https://oauth.alor.ru.

Submitted request must contain a valid Refresh token associated with the needed trade account.

Example

https://oauth.alor.ru/refresh?token=12b...cac

Where 12b...cac is Refresh Token.

In response, the authorization server will return a JSON object containing the Access Token:

{
  "AccessToken": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.eyJzdWIiOiJMb2dpblNhbXBsZSIsImVudCI6ImNsaWVudCIsImVpbiI6IjAxMjM0IiwiY2xpZW50aWQiOiIwMTIzNDU2IiwiYXpwIjoiMDEyMzQ1Njc4OWFiY2RlZjAxMjMiLCJhZ3JlZW1lbnRzIjoiQWdyZWVtZW50U2FtcGxlMSBBZ3JlZW1lbnRTYW1wbGUyIEFncmVlbWVudFNhbXBsZTMiLCJwb3J0Zm9saW9zIjoiUG9ydGZvbGlvU2FtcGxlMSBQb3J0Zm9saW9TYW1wbGUyIFBvcnRmb2xpb1NhbXBsZTMiLCJzY29wZSI6Ik9yZGVyc1JlYWQgT3JkZXJzQ3JlYXRlIFRyYWRlcyBQZXJzb25hbCBTdGF0cyIsImV4cCI6Mjg3MTc2MzE5OSwiaWF0IjowLCJpc3MiOiJBbG9yLklkZW50aXR5IiwiYXVkIjoiQ2xpZW50IFdBUlAgV2FycEFUQ29ubmVjdG9yIHN1YnNjcmlwdGlvbnNBcGkgQ29tbWFuZEFwaSBJbnN0cnVtZW50QXBpIFRyYWRpbmdWaWV3UGxhdGZvcm0ifQ.QOQVMIAoZ6SnF5urnIzJ0EvtQd9P5Sx355069kXoID207wHOTW0wkKNMcrIKXmENEQQ_0yDjqH_kjeqWLBJuqA"
}

The received token is valid for 30 minutes from the moment of creation. If the token expires, repeat the action described above to create a new token.

Interactive description

The request to update Access Token has an interactive description on the JWT Token.

Details

More information about Access Tokens is available in related article.

---

Step 5: Sending requests

Interaction with ALOR Broker API is possible both via HTTP API and WebSocket API. Some operations supported by the trading system are available in both options of interaction.

Getting order book

HTTP API

The HTTP API gives the ability to interact with the system within a short-term connection designed for one-time messaging — one response per request. The response returned by the server contains information that is up to date for the moment the request is submitted. To update the received data after a while, you will need to repeat the same request on your own.

To get information about the order book of the requested instrument on the desired exchange via HTTP API, send a GET request to the /md/v2/orderbooks/{exchange}/{symbol} endpoint of the API server. Note that:

• Production environment API server is available at https://api.alor.ru;
• {exchange} must contain the actual code of the exchange;
• {symbol} must contain the actual code (ticker) of the instrument.

Request parameters

Make sure that all necessary path-, query-, and header-parameters are filled in before executing the query.

Example of URL

https://api.alor.ru/md/v2/orderbooks/MOEX/SBER

If required, add supported query-parameters to the URL:

• depth is the desired data depth. Standard value is 20 (20x20), maximum — 50 (50x50).
• format is the format of the JSON object returned by the server: Simple, Slim, Heavy. Standard value: Simple.

Example URL with query parameters

https://api.alor.ru/md/v2/orderbooks/MOEX/SBER?depth=1&format=Simple

The /md/v2/orderbooks/ endpoint is a protected resource and requires authorization to execute requests. Add the Authorization parameter to the request header with the value Bearer <Token>, where <Token> is the previously obtained Access token.

Example of HEAD parameter

Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.eyJzdWIiOiJMb2dpblNhbXBsZSIsImVudCI6ImNsaWVudCIsImVpbiI6IjAxMjM0IiwiY2xpZW50aWQiOiIwMTIzNDU2IiwiYXpwIjoiMDEyMzQ1Njc4OWFiY2RlZjAxMjMiLCJhZ3JlZW1lbnRzIjoiQWdyZWVtZW50U2FtcGxlMSBBZ3JlZW1lbnRTYW1wbGUyIEFncmVlbWVudFNhbXBsZTMiLCJwb3J0Zm9saW9zIjoiUG9ydGZvbGlvU2FtcGxlMSBQb3J0Zm9saW9TYW1wbGUyIFBvcnRmb2xpb1NhbXBsZTMiLCJzY29wZSI6Ik9yZGVyc1JlYWQgT3JkZXJzQ3JlYXRlIFRyYWRlcyBQZXJzb25hbCBTdGF0cyIsImV4cCI6Mjg3MTc2MzE5OSwiaWF0IjowLCJpc3MiOiJBbG9yLklkZW50aXR5IiwiYXVkIjoiQ2xpZW50IFdBUlAgV2FycEFUQ29ubmVjdG9yIHN1YnNjcmlwdGlvbnNBcGkgQ29tbWFuZEFwaSBJbnN0cnVtZW50QXBpIFRyYWRpbmdWaWV3UGxhdGZvcm0ifQ.QOQVMIAoZ6SnF5urnIzJ0EvtQd9P5Sx355069kXoID207wHOTW0wkKNMcrIKXmENEQQ_0yDjqH_kjeqWLBJuqA

If all parameters are correct, the server will return a JSON object with the requested information.

Response body

{
  "snapshot": true,
  "bids": [
    {
      "price": 281.98,
      "volume": 36
    }
  ],
  "asks": [
    {
      "price": 281.99,
      "volume": 11
    }
  ],
  "timestamp": 1701105939,
  "ms_timestamp": 1701105939395,
  "existing": true
}

Schema

Response Body Parameters

snapshotbooleandeprecated

Deprecated field, will be removed in future updates. Use existing field instead

Example: true

bids

object

Bid data

pricedecimal

Price of lot on the orderbook level

Example: 115820

volumeinteger

Amount of lots on the orderbook level

Example: 23

asks

object

Ask data

pricedecimal

Price of lot on the orderbook level

Example: 116030

volumeinteger

Amount of lots on the orderbook level

Example: 31

timestampdecimaldeprecated

Deprecated field, will be removed in future updates. Use ms_timestamp field instead

Example: 1610982677

ms_timestampdecimal

Time (UTC) in Unix Time Milliseconds format

Example: 1610982677578

existingboolean

True will return the response including data from snapshot, i.e. from history. False will return only new events

Example: true

If the request syntax is invalid or incorrect values are specified, the server will return a JSON object corresponding to the error.

Details

More information about the order book request is available on the interactive request description page.

WebSocket API

To get order book via the WebSocket API, a subscription mechanism is used to get real-time data updates without breaking the connection and repeating the request.

All subscription-related requests use the /ws interface. Establish a WebSocket connection to this interface before sending subscription requests.

Example of URL

wss://api.alor.ru/ws

Example of setting up a connection in Postman

To create an order book subscription, send a request to the established WebSocket connection with the OrderBookGetAndSubscribe operation code and all the details of the subscription to be created.

Request body

{
  "opcode": "OrderBookGetAndSubscribe",
  "code": "SBER",
  "depth": 10,
  "exchange": "MOEX",
  "format": "Simple",
  "frequency": 0,
  "guid": "f35a2373-612c-4518-54af-72025384f59b",
  "token": "eyJhbGciOiJ..."
}

Schema

Request Body Parameters

opcodestringrequired

Operation code:

• OrderBookGetAndSubscribe — Subscription to order book
• BarsGetAndSubscribe — Subscription to price history (candlesticks)
• QuotesSubscribe — Subscription to quotes
• InstrumentsGetAndSubscribeV2 — Subscription to security information updates on the selected exchange
• AllTradesGetAndSubscribe — Subscribe to all trades
• PositionsGetAndSubscribeV2 — Subscription to information about current positions on securities and money
• SummariesGetAndSubscribeV2 — Subscription to portfolio summary information
• RisksGetAndSubscribe — Subscription to consolidated information on portfolio risks
• SpectraRisksGetAndSubscribe — Subscription to information on derivatives market risks (FORTS)
• TradesGetAndSubscribeV2 — Subscription for information on trades
• OrdersGetAndSubscribeV2 — Subscription to information about current orders on the market for the selected exchange and security
• StopOrdersGetAndSubscribeV2 — Subscription to information about current conditional orders in the market for the selected exchange and security
• Unsubscribe — Cancelation of previously created subscription

Example: OrderBookGetAndSubscribe

codestringrequired

Security code (Ticker)

Example: SBER

depthint32required

Order Book depth. The standard value is 20 (20x20) and maximum value is 50 (50x50).

Example: 20

exchangestringrequired

Exchange code:

• MOEX — Moscow Exchange
• SPBX — SPB Exchange

Example: MOEX

formatstringrequired

Representation format of returned data: Simple, Slim, Heavy

Example: Simple

frequencyint32required

Maximum frequency of server data output in milliseconds

Example: 0

guidstringrequired

The unique identifier of the operation. All incoming messages corresponding to this operation will have this guid field value

Example: f35a2373-612c-4518-54af-72025384f59b

tokenstringrequired

Access Token for request authorization

Example: eyJhbGciOiJ...

caution

The value of the guid parameter passed in the message must be unique for each request within the connection. If a previously used value is sent, the server will replace the previously created subscription with the specified identifier with a new one.

If the message is successfully processed, the server will return a single message with the code 200 to the established connection, confirming that the subscription has been created.

Response body

{
  "message": "Handled successfully",
  "httpCode": 200,
  "requestGuid": "c328fcf1-e495-408a-a0ed-e20f95d6b813"
}

Schema

Response Body Parameters

messagestring

Text representation of the returned message

Example: Handled successfully

httpCodestring

Returned message code

Example: 200

requestGuidstring

The unique identifier of the operation. All incoming messages corresponding to this operation will have this guid field value

Example: c328fcf1-e495-408a-a0ed-e20f95d6b813

After confirmation of subscription creation, the server will start transmitting the requested data in a series of messages with the code 100.

Response body

{
  "data": {
    "snapshot": true,
    "bids": [
      {
        "price": 257.70,
        "volume": 157
      }
    ],
    "asks": [
      {
        "price": 257.71,
        "volume": 288
      }
    ],
    "timestamp": 1702631123,
    "ms_timestamp": 1702631123780,
    "existing": true
  },
  "guid": "c328fcf1-e495-408a-a0ed-e20f95d6b813"
}

Schema

Response Body Parameters

data

object

Data unit from the information channel

snapshotbooleandeprecated

Deprecated field, will be removed in future updates. Use existing field instead

Example: true

bids

object

Bid data

pricedecimal

Price of lot on the orderbook level

Example: 115820

volumeinteger

Amount of lots on the orderbook level

Example: 23

asks

object

Ask data

pricedecimal

Price of lot on the orderbook level

Example: 116030

volumeinteger

Amount of lots on the orderbook level

Example: 31

timestampdecimaldeprecated

Deprecated field, will be removed in future updates. Use ms_timestamp field instead

Example: 1610982677

ms_timestampdecimal

Time (UTC) in Unix Time Milliseconds format

Example: 1610982677578

existingboolean

True will return the response including data from snapshot, i.e. from history. False will return only new events

Example: true

guidstring

The unique identifier of the operation. All incoming messages corresponding to this operation will have this guid field value

Example: f35a2373-612c-4518-54af-72025384f59b

The subscription can be canceled by terminating the connection or by sending a message to it with the code unsubscribe and the guid of the subscription being canceled.

If the request syntax is invalid or incorrect values are specified, the server will return a JSON object corresponding to the error.

Details

More information about WebSocket subscriptions to the order book is available on the request description page.

---

Creating a market order

HTTP API

Request parameters

Make sure that all necessary path-, query-, and header-parameters are filled in before executing the query.

To create a market order to buy a security on the selected exchange via HTTP API, send a POST request to the /commandapi/warptrans/TRADE/v2/client/orders/actions/market endpoint of the API server. Note that:

• Production environment API server is available at https://api.alor.ru;
• All order parameters must be passed in the request body.

Example of URL

https://api.alor.ru/commandapi/warptrans/TRADE/v2/client/orders/actions/market

The /commandapi endpoints are private resources and require authorization to execute requests. Add the Authorization parameter to the request header with the value Bearer <Token>, where <Token> is the previously obtained access-token.

Example of HEAD parameter

Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.eyJzdWIiOiJMb2dpblNhbXBsZSIsImVudCI6ImNsaWVudCIsImVpbiI6IjAxMjM0IiwiY2xpZW50aWQiOiIwMTIzNDU2IiwiYXpwIjoiMDEyMzQ1Njc4OWFiY2RlZjAxMjMiLCJhZ3JlZW1lbnRzIjoiQWdyZWVtZW50U2FtcGxlMSBBZ3JlZW1lbnRTYW1wbGUyIEFncmVlbWVudFNhbXBsZTMiLCJwb3J0Zm9saW9zIjoiUG9ydGZvbGlvU2FtcGxlMSBQb3J0Zm9saW9TYW1wbGUyIFBvcnRmb2xpb1NhbXBsZTMiLCJzY29wZSI6Ik9yZGVyc1JlYWQgT3JkZXJzQ3JlYXRlIFRyYWRlcyBQZXJzb25hbCBTdGF0cyIsImV4cCI6Mjg3MTc2MzE5OSwiaWF0IjowLCJpc3MiOiJBbG9yLklkZW50aXR5IiwiYXVkIjoiQ2xpZW50IFdBUlAgV2FycEFUQ29ubmVjdG9yIHN1YnNjcmlwdGlvbnNBcGkgQ29tbWFuZEFwaSBJbnN0cnVtZW50QXBpIFRyYWRpbmdWaWV3UGxhdGZvcm0ifQ.QOQVMIAoZ6SnF5urnIzJ0EvtQd9P5Sx355069kXoID207wHOTW0wkKNMcrIKXmENEQQ_0yDjqH_kjeqWLBJuqA

Additionally, all requests related to orders must contain a unique request identifier created by the sender. The X-REQID header parameter is used to pass the identifier.

Example of HEAD parameter

X-REQID: d3c886f1-ea1e-4634-aff4-119c902ad926

The value of the X-REQID parameter can be any as long as the following requirements are met:

• The value must be unique. If a previously used value is sent, the server will reject the request
• The value must not break the JSON schema. For example, escape special characters (if used) when generating values

Order conditions are passed as a JSON object in the request body:

Request body

{
  "side": "buy",
  "type": "market",
  "quantity": 1,
  "instrument": {
    "symbol": "SBER",
    "exchange": "MOEX"
  },
  "comment": "Note no.451",
  "user": {
    "portfolio": "D39004"
  }
}

Schema

Request Body Parameters

sidestringrequired

Trade side:

• buy - Buying asset
• sell - Selling asset

Example: buy

typestringrequired

Type of order

Example: market

quantityint32required

Number of lots

Example: 1

instrument

object

Security data

symbolstringrequired

Security code (Ticker)

Example: SBER

exchangestringrequired

Exchange code:

• MOEX - Moscow Exchange
• SPBX - SPB Exchange

Example: MOEX

commentstring

Custom comment

Example: Note no.451

user

object

User data

portfoliostringrequired

Client portfolio ID

Example: D39004

If the URL, body and header of the request are filled in correctly, the server will return a JSON object with the number of the created order.

Example of response body

{
  "message": "success",
  "orderNumber": "409...153"
}

If the request syntax is invalid or incorrect values are specified, the server will return a JSON object corresponding to the error.

The created order can then be viewed, modified or canceled using the corresponding requests.

Details

More information about the market order request is available on the interactive request description page.

WebSocket API

All order-related requests to the WebSocket API are made through the /cws interface. Establish a WebSocket connection to this interface before sending requests.

Example of URL

wss://api.alor.ru/cws

Example of setting up a connection in Postman

To create a market order, send to the established WebSocket connection a message with the operation code create:market and all the details of the order.

Request body

{
  "opcode": "create:market",
  "guid": "c328fcf1-e495-408a-a0ed-e20f95d6b813",
  "side": "buy",
  "quantity": 1,
  "instrument": {
    "symbol": "SBER",
    "exchange": "MOEX"
  },
  "comment": "First order",
  "board": "TQBR",
  "user": {
    "portfolio": "D39004"
  },
  "checkDuplicates": true
}

Schema

Request Body Parameters

opcodestringrequired

Operation code:

• authorize — Authorization of WebSocket connection
• create:market — Creation of market order
• create:limit — Creation of limit order
• create:stop — Creation of stop order
• create:stopLimit — Creation of stop limit order
• update:market — Modification of market order
• update:limit — Modification of limit order
• update:stop — Modification of stop order
• update:stopLimit — Modification of stop limit order
• delete:market — Cancelation of market order
• delete:limit — Cancelation of limit order
• delete:stop — Cancelation of stop order
• delete:stopLimit — Cancelation of stop limit order

Example: create:market

guidstringrequired

The unique identifier of the operation. All incoming messages corresponding to this operation will have this guid field value

Example: c328fcf1-e495-408a-a0ed-e20f95d6b813

sidestringrequired

Trade side:

• buy - Buying lots
• sell - Selling lots

Example: buy

quantityint32required

Number of lots

Example: 1

instrument

object

Security data

symbolstring

Security code (Ticker)

Example: SBER

exchangestring

Exchange:

• MOEX — Moscow Exchange
• SPBX — SPB Exchange

Example: MOEX

commentstring

Custom comment

Example: First order

boardstring

Trading mode code (Board)

Example: TQBR

user

object

User data

portfoliostringrequired

Client portfolio ID

Example: D39004

checkDuplicatesboolean

Flag for checking the uniqueness of commands. It is enabled by default, preventing spamming with similar commands. When disabled, speeds up application acceptance.

Example: true

caution

The value of the guid parameter passed in the message must be unique for each request within the connection. If a previously used value is sent, the server will reject the request with a corresponding error and then terminate the connection.

If the message is successfully processed, the server will return a single message with the code 200 to the established connection, confirming the creation of the request.

Response body

{
  "requestGuid": "c328fcf1-e495-408a-a0ed-e20f95d6b813",
  "httpCode": 200,
  "message": "An order '12345' has been created.",
  "orderNumber": 12345
}

Schema

Response Body Parameters

requestGuidstring

The unique identifier of the operation. All incoming messages corresponding to this operation will have this guid field value

Example: c328fcf1-e495-408a-a0ed-e20f95d6b813

httpCodestring

Returned message code

Example: 200

messagestring

Text representation of the returned message

Example: An order '12345' has been created.

orderNumberint64

Unique order ID

Example: 12345

If the request syntax is invalid or incorrect values are specified, the server will return a JSON object corresponding to the error and terminate the connection.

The created order can then be viewed, modified or canceled using the corresponding requests.

Details

More information about WebSocket command for market order creation is available on the request description page.

---

What's next?

Additionally, we recommend reading the following related articles:

• System environments
• Developer account
• Trading account
• Refresh token
• Access token
• HTTP API
• WebSocket API
• Frequently asked questions