401 access denied in /order/placeorder

I am using /order/placeorder and this is what my request body looks like
{"accountSpec": "DEMO312394", "accountId": ID, "action": "Buy", "symbol": "ESH22", "orderQty": 1, "orderType": "Limit", "price": 4570, "isAutomated": true, "timeInForce": "GTC"}
I am getting the following back
{'failureReason': 'UnknownReason', 'failureText': 'Access is denied'}

I have already given full permission to orders in the api

I have tried getting token from both demo.tradovateapi.com/v1/auth/accesstokenrequest and demo-api.tradovate.com/v1/auth/accesstokenrequest

All ready apis are working but write apis are not working

If you are getting a 401 error, it most likely has something to do with your authorization token.

Try cloning this git repo and entering your user credentials. There is a boilerplate placeOrder template that should give you a 200 response.

As for the startOrderStrategy endpoint (productFind too!), it looks like there is a bug in submitting orders through the WebSocket. But you should be fine with orders fetched via POST through the REST URL.

Hopefully they will fix the bracket order bug soon, because it looks like it’s been an issue for several months now.

Edit:

After looking at it again, productFind actually is functional, but should be queried using GET from the REST API and not through the WebSocket. Also, it is very sensitive to product strings, which is why I was getting errors. It only takes in the prices name of the product, not the contract type.

For example, it will return an error if you search for ESH2, and only accept ES.

You would think that productSuggest would have some error checking and return a list of suggestions (I don’t know what else you would use it for), but I implemented my own error checker to clean the strings being submitted to productFind, so that works for me.

Thanks, using contractid instead of ESH22 worked for me. They need better error handling.

I am not able to put two brackert in /order/placeoso, only 1 bracket works

I read some where else you were having some issue in placing sso with brackets.

Any suggested work around for the above issue?

Haha only orders are going through in demo environment but not in live environment

I haven’t tried it yet, but from what you are asking, you will probably need to put it in as two separate orders.

Edit:

I think I misunderstood what you meant. Like I said, I haven’t tried it, but the issue I was having was placing orders through the web socket, which doesn’t even look like it is functioning right now. No quote stream or user sync events coming through. Won’t be able to check anything it is up again.

Got it, thanks for the help, finally I was able to get the live end point working
live-api.tradovate.com worked for me but live.tradovateapi.com wasn’t working for some reason

Glad to hear, didn’t even know that URL existed!

Also, an update, that the web socket was fine… it was my brain that was not functioning then.

EDITED

I had a similar error which was pretty baffling.

Error: 401 Access Denied
When placing and order in LIVE mode.
When I run the EXACT same code in demo it placed the order without error.

The only difference between code was the URL.

It worked in Demo… Failed Live.

I traced this back to a device-id being incorrect. Apparently demo is not concerned with ensuring that the device id is correct… and live enforces it.

I hope this helps someone.

Developer note:

1. Demo behavior should always match Live/Prod. Perhaps fix demo to enforce the device-id?
2. Why is id device id required only for orders after allowing login, quotes, and a number of other endpoints to function?
3. Thank goodness the API was still functioning during non-market hours (denying/allowing orders but not sending them)…or I would have wasted money sending orders into the live market just to test/debug this.

It sure helped me, thanks for the tip!