Access Denied for Place Order API

I am running into Access Denied for my place order API request.

def __init__(self) -> None:
    self.contracts = int(os.environ.get("CONTRACTS","2"))
    self.access_token = ""
    self.route_access_token = "/v1/auth/accesstokenrequest"
    self.route_place_order = "/v1/order/placeorder"
    self.route_contractFind = "/v1/contract/find"

def open_long_position(self):
    payload = {
        "accountSpec" : ***,
        "accountId" : ***,
        "action" : "Buy",
        "symbol" : "MESM2",
        "orderQty" : self.contracts,
        "orderType" : "Market",
        "isAutomated": True 
    headers = {
        "Content-Type" : "application/json",
        "Authorization": f"Bearer {self.access_token}",
        response ="{self.url}{self.route_place_order}",data=json.dumps(payload),headers=headers)
        if response.status_code == 200:
            print(f"Response {response.status_code} : {response.json()}")
            print(f"Response {response.status_code} : {response.text}")
    except Exception as e:
        self.access_token = ""

Response :- Response 200 : {‘failureReason’: ‘UnknownReason’, ‘failureText’: ‘Access is denied’}

Please check on the permissions for your API Key - check to see that Orders has full access. The other thing that you should make sure you do is generate a device ID for your application and use it when you request access in the deviceId field. SHA-256 hashes are a great way to identify a device but you need to ensure that your device ID is the same every time for the same device - eg. when I log in on PC A I want the device ID to be the same every time, but unique compared to PC B.

I think have all the permissions setup correctly. Regarding the “deviceId”, I dont see any field in the place order payload for the deviceId field.

I am able to get the access_token fine just not able to place the trade

Typically it’s more of an issue when users change from sim to live, but the device ID often contributes to this issue. deviceId is a field that you can include as part of the request body to /auth/accessTokenRequest. Its purpose is to identify the device using the current access token. This is very strictly enforced in the LIVE environment, but can still come up in the simulation mode. Just pass an ID that is the same for a given device each time, but unique from device to device.

One other thing to check on - make sure you are using your account entity ID for the accountId field. You need to call /account/list or some other account-retrieving operation to find your account’s entity ID, it doesn’t come with the access token.

Thank you for your help.

I have the similar issue. Response :- Response 200 : {‘failureReason’: ‘UnknownReason’, ‘failureText’: ‘Access is denied’}

am using demo api url. All permission setting are done, accountId was taken from /account/list.

“accountSpec”: “DEMO******”,

“accountId”: 7****,

“action”: “Buy”,

“symbol”: “MNQM2022”,

“orderQty”: 1,

“orderType”: “Market”,

“isAutomated”: true

what should be in the place of accountSpec: yourUserName. I tired with my Trodovate login username, it didn’t work. is any other suggestion to consider?

Appreciate your help!

You can use the name field from the accessTokenRequest response for accountSpec.

Sorry it didn’t help, still failure message. name which i am getting from accesstokenrequest is the same username which am using to login.

any other suggestion please?

got it fixed, the issue was with the symbol. changed from MNQM2022 to MNQM2.

Thank you for your help!

1 Like

:man_facepalming: I should’ve seen that right away, my apologies. That’s how we format the symbols, with a single trailing digit for the year.