CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. -- % of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

Get the Access Token

Good afternoon,

I wanted to ask how can I get the Access Token with a service call? There is a way to obtain the Access Token with any service sending a username and password??

Thanks in advance

You should not be able to get an access token with your username and password directly via Service Calls BUT in the DARWIN API section of the web you can:

  • request an access token to access DARWIN Info API / Websocket / DARWIN Quotes for a period of almost 6 months.
    AND / OR
  • get an access token to access all the APIs for your accounts and then use the refresh token grant to renew the access token and keep the access to the APIs for your accounts ( ).

I have followed these steps to get the access token:

But I get in response to the service:
“error_description”: “The authenticated client is not authorized to use this authorization grant type”,
“error”: “unauthorized_client”

Hi @pablo2010,
I’m afraid that video was made when we were in private beta testing and selected clients were able to access the API this way, using OAuth2 Password Flow. But, due to the risks and vulnerabilities of this method we decided to don’t allow OAuth2 Password flow to anyone.

The current ways of obtaining access are through the website, the public access token without permission to any investor account, and/or the details to access all APIs with a token having a short expiration time using Refresh Token Grant.

We know this way is more complicated for ourselves and for the clients but it’s more secure for everyone.


Hi @pablo2010,

In addition to my colleague @jesusbc’s response above, just dropping you a line here that we’ll be recording an update to the OAuth2 authentication video in due course.

In the meantime, you can bypass the OAuth2 functionality in the scripts available on our GitHub repo, by simply commenting out the DWX_OAuth2 calls and either hard-coding (not recommended) or securely loading in access tokens you retrieve as per my colleague’s post above.

Link to Python script:

Hope this helps!

Stay tuned :+1:


Hi, I also came across the same issue and still don’t really understand how to solve it based on the solutions presented above. I am new to all this so any further assistance would be appreciated. Thanks.

A post was split to a new topic: Question regarding historic one minute candles through API

Hi @xrpto and welcome to the :darwinex: community forum!

The Darwinex API Walkthrough explains how to authenticate and use the APIs.

If you know Python, we encourage you to use the code repository available on our GitHub profile here:

The accompanying videos for the same can be found here:

At the present time, you’ll need to bypass the “Password Flow” implementation in the code, which also lets you update class objects with your access token (as retrieved from the Darwinex Platform) instead of going with password flow.

We’ll be updating the videos and the codebase soon to reflect these changes

1 Like

Thank you for your speedy response, I did as you said and went thru the ‘Darwinex API Walkthrough’. I then proceeded to embed the Access token in the Authorization header within the code (made available in the Github repository) following the format described. I assume that is what you meant when you said to “bypass the Password Flow Implementation in the code”. But after which I still get this message when I run it:

[KERNEL] Access & Refresh Tokens Retrieved Successfully
{‘error_description’: ‘Client Authentication failed.’, ‘error’: ‘invalid_client’}

I believe I may be missing something cus Im getting both positive and negative responses.

Hi @xrpto,

Brilliant, yes that is what I meant :+1:

You’ll also need to pass in the latest API version to the class constructor depending on the API you’re using.

e.g. The code defaults to older API versions and there have been several API updates since the code was released.

Setting version numbers was kept configurable via function arguments in anticipation of this - could you try again with the latest version numbers?


It worked, thanks alot!! Im now getting a “Type: JSONDecodeError, Args: (‘Expecting value: line 1 column 1 (char 0)’,)” error when making an API call but thats progress nonetheless.

Thanks again.


You’re most welcome @xrpto, no worries :slightly_smiling_face:

HI Everybody

After a few days already figthing with a Darwinex API connectivity issue I am getting in touch with all of you to ask for your quick feedback and support

I am getting the following ERROR MESSAGE:

[KERNEL] Access & Refresh Tokens Retrieved Successfully

{‘error_description’: ‘A valid OAuth client could not be found for client_id: 2000065552’, ‘error’: ‘invalid_client’}
Traceback (most recent call last):

File “”, line 1, in
api = DWX_API()

File “C:\Darwinex\darwin-api-tutorials-master\PYTHON\API\”, line 46, in init
self._auth_headers = {‘Authorization’: ‘Bearer {}’.format(self._auth._data[‘access_token’])}

KeyError: ‘access_token’

In addtion to getting several times in touch with since base on Darwinex API Walkthrough post the configuration for the application might need to be updated by the Darwinex Administrator I am not really sure if the Client ID and Client_Secret keys are correct or not in the creds.cfg configuration file being read and loaded by the load_config() function in the file

Any thougths about this issue? thank all in advanced

Hey @jdelcarm66!

Thanks for bringing this to our attention.

The package you are using has been updated with the new darwinexapis Python package.

You can check it out in our GitHub page if you want to migrate to it. It includes a new module to better handle authentication matters.

However, the example you are using should be working without problem.

The error seems to point out to the dictionary that holds the authentication data that doesn’t have the key “access_token”, maybe because it is not loaded or changed in the .cfg file; without seeing your whole code I cannot debug more.

Can you please post a minimal working example so that we can further help? Also bringing @integracore2 here to help.

Best and waiting for your response,