User/syncrequest WS request returns 401:Access is denied

The access token I get back from the /auth/accesstokenrequest endpoint returns a 401:Access is denied frame after sending a frame with user/syncrequest. I’m sending this request to wss://demo.tradovateapi.com/v1/websocket

Here is the payload to get the access token:

        "name": *username*,
		"password":    *password*,
		"appId":       *name of my app*,
		"appVersion":  1.0,
		"cid":         *CID from api key in TV account dashboard*,
		"sec":         *api key from tv account dashboard*,
		"environment": "demo",

This does return an access token and not an error but the access token returns that 401 frame.

If I use the access token that TV uses to authenticate the ws connection (using dev tools to monitor the frame that gets sent for that) instead of the access token that gets returned from my request, everything works. What is different from how I am getting the access token for the demo account vs how TV is getting it? What am I doing wrong?

Any help would be greatly appreciated!

Sorry @nomnomcameron, somehow this got marked as spam by the system.

Anyhow, are you attempting to request an access token through the WebSocket itself? If so, you must request the access token from the REST API (not the WebSocket) using https://live.tradovateapi.com/v1/auth/accessTokenRequest (live) or https://demo.tradovateapi.com/v1/auth/accessTokenRequest (sim). You then must provide the access token in the response to the 'o' open frame from the WebSocket.

The other possibility is with your API Key itself - please ensure you have set the permissions on your key appropriately. For dev, it’s usually best to use the highest permissions for each option and scale back for features you don’t need.

Also drop the "environment" portion of the request - that’s not an accepted parameter for the accessTokenRequest operation. And you’ll ultimately need to add the deviceId parameter and determine how to create the device ID, but for demo you’ll be OK. Once you move to LIVE trading, deviceId is strictly enforced so you won’t be able to trade without assigning one to your app.