Interactive Brokers OAuth

Project description

IBKR Authentication Workflow

Interactive Brokers provides an extensive API that can be used for trading and account management.

It's also possible to authenticate for the API via OAuth.

ibauth is a Python client for handling the full Interactive Brokers (IBKR) Web API authentication flow. It wraps the OAuth2 + session lifecycle steps (access_token, bearer_token, ssodh_init, tickle, etc.) into a simple, reusable interface.

🔑 Features:

Obtain and refresh IBKR OAuth2 tokens.
Manage brokerage sessions (ssodh_init, validate_sso, tickle, logout).
YAML-based configuration (easy to keep credentials outside of code).
Logging of requests and responses for troubleshooting.

Documentation for the IBKR Web API can be found in the official reference.

API Gateway

https://www.interactivebrokers.com/campus/ibkr-api-page/cpapi-v1/#gw-step-one

Basically during the process the java app creates a local address to which you use as the base URL. The java app then handles all the encrypted stuff between it and IBKR. Once the portal is setup, then you need to go to it, and there will be a loing page, you need to input your details and submit, I used Python believe it or not, with Selenium. At that stage the warning bells should have rung that Matlab could not do this, hence having to do Python. And no ChatGPT back then, it was shit hard figure it out. Dunno how I did it, must have been all thos monkeys typing random stuff on those keyboards. Anyhow, then when you submite, they requre authentication. Forpaper trading account you could use and SMS code, and this could be achieved through google messages, no hardware needed. BUT, when it came to live acounts, that is 2FA, straight through their app and it pops up asking you to click, then to ask if you want to proceed, then provide your fingerprint. That is where the robot came in.

When OAuth is selected as an authentication method with IBKR, this is typically allocated to a FA (Financial Advisor) account, which may have 1 or more client accounts under its control. Typically the FA account will have have paid data subscriptions which provide real-time market data, and this may be applied in the trading functions on all the client accounts. The FA account directs trading on behalf of the client accounts, with their allocated capital.

Requirements

Python 3.11+
A valid IBKR account with Web API access enabled.
An RSA private key (.pem) registered with IBKR.

Dependencies are listed in requirements.txt.

Installation

You can install either from PyPI (preferred) or GitHub (which may give access to updates not yet published on PyPI).

# Install from PyPI.
pip install ibauth

# Install from GitHub.
pip install git+https://github.com/datawookie/ibkr-oauth-flow

Configuration

Authentication parameters are supplied via a YAML configuration file:

client_id: "your-client-id"
client_key_id: "your-client-key-id"
credential: "your-credential"
private_key_file: "/path/to/privatekey.pem"
domain: "api.ibkr.com"

client_id: Application client ID from IBKR.
client_key_id: Key identifier associated with your private key.
credential: IBKR credential string.
private_key_file: Path to your RSA private key (.pem).
domain: Usually api.ibkr.com, but IBKR supports numbered subdomains (1.api.ibkr.com, 5.api.ibkr.com, …).

Setting us RSA Keys

To register for OAuth 2.0 access you'll need to generate a RSA key pair.

First create a private key.

openssl genrsa -out privatekey.pem 3072

That'll write the private key to a file named privatekey.pem. The key size will be 3072 bits. This is a reasonable choice for a relatively secure key and is stronger than the common 2048 bit size. You can choose a larger key size (for example, 4096 bits) if you want.

The file contains a PEM-encoded text representation of the key and will look something like this (for illustration only!):

As the name implies, this is a private key and so should not be shared. You should keep this somewhere secure.

Next create the corresponding public key.

openssl rsa -pubout -in privatekey.pem -out publickey.pem -outform PEM

The contents of the public key will look something like this:

Again, as the name implies, this is a public key and can be shared freely.

You'll need to upload this public key onto the IBKR platform.

Login to www.ibkr.com.
Click the 🔔 (bell) icon.
Select the Messages option.
Compose a New Ticket.
Select API as topic.
Select REST/Web API as sub-topic.
Paste the contents of your RSA public key.
Notify IBKR of the ticket.
Wait patiently.

How It Works

The IBKR Web API requires multiple steps to establish and maintain a brokerage session. ibauth automates these steps:

Access Token Exchange your client credentials + JWS for an access token. → auth.get_access_token()
Bearer Token Use the access token and your public IP to obtain a bearer token. → auth.get_bearer_token()
Session Initialisation Start a brokerage session using the bearer token. → auth.ssodh_init()
Session Validation (optional) Confirm that your session is active. → auth.validate_sso()
Keepalive ("Tickle") Periodically ping the API to keep the session alive. → auth.tickle()
Logout End the session when finished. → auth.logout()

    +--------------+        +--------------+        +---------------+
    |  Access      |        |  Bearer      |        |  Brokerage    |
    |  Token       | -----> |  Token       | -----> |  Session      |
    +--------------+        +--------------+        +---------------+
           |                        |                        |
           v                        v                        v
    get_access_token()     get_bearer_token()       ssodh_init() / tickle()

Quick Start

import logging
import time
import ibauth

logging.basicConfig(
    level=logging.INFO,
    format="%(asctime)s [%(levelname)7s] %(message)s",
)

logging.getLogger("urllib3").setLevel(logging.WARNING)
logging.getLogger("charset_normalizer").setLevel(logging.WARNING)

if __name__ == "__main__":
    auth = ibauth.auth_from_yaml("config.yaml")

    auth.get_access_token()
    auth.get_bearer_token()

    auth.ssodh_init()
    auth.validate_sso()

    # Keep session alive
    for _ in range(3):
        auth.tickle()
        time.sleep(10)

    # Dynamically change the API domain
    auth.domain = "5.api.ibkr.com"
    auth.tickle()

    auth.logout()

Testing

This project uses pytest. To run the test suite:

pytest

To include coverage:

pytest --cov=src/ibauth --cov-report=term-missing

Development

Clone the repo and install dependencies into a virtual environment:

git clone https://github.com/datawookie/ibkr-oauth-flow.git
cd ibkr-oauth-flow
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Deploy to PyPI

This requires UV_PUBLISH_TOKEN to be set to a PyPi token in environment.

Publishing requires a PyPI token (UV_PUBLISH_TOKEN) to be available in your environment.

make deploy

Testing

You can test the authentication workflow:

# Use config.yaml in current directory.
uv run ibauth
# Use config.yaml in home directory and include debugging output.
uv run ibauth --config ~/config.yaml --debug

Project details

Release history Release notifications | RSS feed

0.1.4

Feb 1, 2026

0.1.3

Feb 1, 2026

0.1.2

Jan 23, 2026

0.1.1

Sep 26, 2025

This version

0.1.0

Sep 19, 2025

0.0.12

Sep 17, 2025

0.0.11

Sep 13, 2025

0.0.10

Sep 13, 2025

0.0.9

Sep 9, 2025

0.0.8

Sep 7, 2025

0.0.7

Aug 30, 2025

0.0.6

Aug 25, 2025

0.0.5

Aug 24, 2025

0.0.4

Aug 20, 2025

0.0.2

Aug 18, 2025

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ibauth-0.1.0.tar.gz (22.7 kB view details)

Uploaded Sep 19, 2025 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

ibauth-0.1.0-py3-none-any.whl (15.2 kB view details)

Uploaded Sep 19, 2025 Python 3

File details

Details for the file ibauth-0.1.0.tar.gz.

File metadata

Download URL: ibauth-0.1.0.tar.gz
Upload date: Sep 19, 2025
Size: 22.7 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: uv/0.8.17

File hashes

Hashes for ibauth-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`97f2771ac6420375a36decf88c2439dd55365f004200eeb249a5a0017228aea5`
MD5	`39468f67ff730d9e5c3854ce2dc81806`
BLAKE2b-256	`5cfe751781eb1201db03649b3c063fd849fe9a442f5a4ccab60deb92030fad33`

See more details on using hashes here.

File details

Details for the file ibauth-0.1.0-py3-none-any.whl.

File metadata

Download URL: ibauth-0.1.0-py3-none-any.whl
Upload date: Sep 19, 2025
Size: 15.2 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: uv/0.8.17

File hashes

Hashes for ibauth-0.1.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`977eb03d423e63db15d8740a2bef10f1ac57438508feb3ef9bdcac052f89c6b1`
MD5	`fb6fa917c1a0f2e07e68082517f41f66`
BLAKE2b-256	`4c3324bae3359b53c9e04d2d699216ed59a2d42db971cdbd516c1594cbe2ab8f`

See more details on using hashes here.

ibauth 0.1.0

Navigation

Verified details

Maintainers

Unverified details

Meta

Project description

IBKR Authentication Workflow

API Gateway

Requirements

Installation

Configuration

Setting us RSA Keys

How It Works

Quick Start

Testing

Development

Deploy to PyPI

Testing

Project details

Verified details

Maintainers

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

File details

File metadata

File hashes