Access Token Response 200

I’m getting the (“errorText”:“Incorrect username or password. Please try again.”) response. My credentials are the correct values that sign me on to the Tradovate platform no problem. I included the CID and SEC as well. I don’t really understand why this is occuring.

Hello @joeltholton,

Please send an example of the JSON data you are sending (omitting your personal data, of course), or the code that you are using to construct the request. Also double check the URL that you are using is correct - https://demo.tradovateapi.com for demo account use, https://live.tradovateapi.com for live account use.

I appreciate the help. I solved the issue. I am using the requests module in Python so things were a tad out of place. This is the correct method in Python for anyone who is curious.

response = requests.post(‘https://demo.tradovateapi.com/v1/auth/accesstokenrequest’, headers=headers, data=data)

1 Like

Hi @Alexander, i have this same problem.
I am using the same credentials I use to login to trader.tradovate.com.
It pops the error “incorrect username or password” for both the live and demo endpoints.

public static AccessTokenResponse GetAccessToken(string basePath, string username, string password)
        {
            var apiInstance = new AuthenticationApi(basePath);
            var body = new AccessTokenRequest(name: username, password: password, appId: "SampleApp", appVersion: "0.1.0", cid: "8", sec: "f03741b6-f634-48d6-9308-c8fb871150c2");
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            AccessTokenResponse result = apiInstance.AccessTokenRequest(body);
            Debug.WriteLine(result);
            return result;
        }

I am constructing the request with the above code

I’m not exactly sure because I haven’t run the code myself, but the issue may have something do with how you’re passing the parameters into your AccessTokenRequest instantiation.

Try wrapping the string inside { } and see what happens.

Also, for security, you should edit your post so that your API secret and CID are not visible.

Thanks @arthur .
Those are actually the credentials from the API docs, but your answer led me to understand I needed to replace them with mine.