7

I was trying to do some simple authorization for ameritrade's developer platform. I was attempting.

According to the platform, the Endpoint I need to access is is: https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP

https://developer.tdameritrade.com/content/simple-auth-local-apps

When looking at the client_id, for the dev application, I was noticing that they may actually be referencing the Applications, Consumer Key instead? So i did just that, but when attempting to query the information, it returns: A third-party application may be attempting to make unauthorized access to your account. The reason why i think it is the consumer key, is listed at: https://developer.tdameritrade.com/content/getting-started

So I ended up doing something like:

from urllib.parse import urlencode, quote_plus
url = "https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP".format(
  uri=urlencode("http://localhost", quote_via=quote_plus), 
  client_id="JHBDFGJH45OOUDFHGJKSDBNG"  #Sample
  )

I dont think this is because I am currently in a different country currently, I think that something else is wrong here.

It doesnt follow through with it, but instead returns a 400 error with that information. Im not sure whats wrong though.

Fallenreaper
  • 10,222
  • 12
  • 66
  • 129
  • I dont want to define the answer, but there is an ameritrade Python package you can install with PIP which will handle a lot of this. I can dissect the code a bit to see whats going on with validation and then maybe get an answer inplace – Fallenreaper Jan 02 '20 at 17:16
  • did you fix it? – mrp Mar 22 '20 at 04:16
  • I did not yet. I ended up pushing it off to the side because the contract was terminated early. I didnt mind, still paid out, but i think the client had something else they needed to do. – Fallenreaper Mar 22 '20 at 21:13

4 Answers4

7

This happens when you copied the callback URI incorrectly. Imagine if this were a client application, and TD detected that the application is trying to send the user to a different URL than the app is configured with. If they send the callback request to that application, it will receive the token and gain full control over your account.

Have you double and triple checked that you're copying the callback URL correctly, protocol name, ports, and trailing slashes and everything? Also, consider using an API library instead of writing your own. You can find documentation about this specific error here.

alexgolec
  • 26,898
  • 33
  • 107
  • 159
5

I had this issue and I solved it using simply using http://127.0.0.1 on the call back URI of the App.

I then used below URL and it worked as expected.

https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1&client_id={MyConsumerKey}%40AMER.OAUTHAP

user15119516
  • 51
  • 1
  • 1
  • I think that if u would add 's' so that it will be https://127.0.0.1 instead of http://127.0.0.1, the original link will work (which the only differ from ur link is the 's' in http) – Adar Cohen Apr 24 '23 at 23:06
3

Just in case anyone is still having this problem, make sure the callback URI is spelled EXACTLY the same as you specified when creating the app. I was having this problem because I set the callback on the TD developer website to "https://localhost/" and used "https://localhost" in the URL instead (missing the slash at the end). As soon as I added the slash at the end, it worked.

Nate Boxer
  • 31
  • 2
  • There are no clear instructions, so I create a spring boot app with a Get("/") endpoint in which I was making public ResponseEntity home(){ var aUrl = "https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2F&client_id=LJABCFDHOYABCFGJSKOPJYTFR%40AMER.OAUTHAP"; String result = restTemplate.getForObject(aUrl, String.class); System.out.println(result); return ResponseEntity.ok().body(result); } but all get is the same error as mentioned in this question How did you solve it – vamsi-vegi Jan 23 '21 at 22:10
  • Thank you for saving the day! – William Aug 18 '22 at 21:19
2

I found out that the issue is caused by the way the callback URL is set. It have to be exactly the same as the callback URL you have typed in at the apps details on the TD developer API page. I tried several permutations and indeed to get the authorization to work both have to be the same. eg. https or http.. end with '/' or does not, it matters. There is also no need to URL encode it.

gobassky
  • 21
  • 1