CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. -- % of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

Get the Access Token

Good afternoon,

I wanted to ask how can I get the Access Token with a service call? There is a way to obtain the Access Token with any service sending a username and password??

Thanks in advance

You should not be able to get an access token with your username and password directly via Service Calls BUT in the DARWIN API section of the web you can:

  • request an access token to access DARWIN Info API / Websocket / DARWIN Quotes for a period of almost 6 months.
    AND / OR
  • get an access token to access all the APIs for your accounts and then use the refresh token grant to renew the access token and keep the access to the APIs for your accounts ( https://help.darwinex.com/api-walkthrough#refresh3 ).
2 Likes

I have followed these steps to get the access token:

But I get in response to the service:
{
“error_description”: “The authenticated client is not authorized to use this authorization grant type”,
“error”: “unauthorized_client”
}

Hi @pablo2010,
I’m afraid that video was made when we were in private beta testing and selected clients were able to access the API this way, using OAuth2 Password Flow. But, due to the risks and vulnerabilities of this method we decided to don’t allow OAuth2 Password flow to anyone.

The current ways of obtaining access are through the website, the public access token without permission to any investor account, and/or the details to access all APIs with a token having a short expiration time using Refresh Token Grant.

We know this way is more complicated for ourselves and for the clients but it’s more secure for everyone.

2 Likes

Hi @pablo2010,

In addition to my colleague @jesusbc’s response above, just dropping you a line here that we’ll be recording an update to the OAuth2 authentication video in due course.

In the meantime, you can bypass the OAuth2 functionality in the scripts available on our GitHub repo, by simply commenting out the DWX_OAuth2 calls and either hard-coding (not recommended) or securely loading in access tokens you retrieve as per my colleague’s post above.

Link to Python script:

Hope this helps!

Stay tuned :+1:

2 Likes

Hi, I also came across the same issue and still don’t really understand how to solve it based on the solutions presented above. I am new to all this so any further assistance would be appreciated. Thanks.

A post was split to a new topic: Question regarding historic one minute candles through API

Hi @xrpto and welcome to the :darwinex: community forum!

The Darwinex API Walkthrough explains how to authenticate and use the APIs.

If you know Python, we encourage you to use the code repository available on our GitHub profile here:

The accompanying videos for the same can be found here:

At the present time, you’ll need to bypass the “Password Flow” implementation in the code, which also lets you update class objects with your access token (as retrieved from the Darwinex Platform) instead of going with password flow.

We’ll be updating the videos and the codebase soon to reflect these changes

1 Like

Thank you for your speedy response, I did as you said and went thru the ‘Darwinex API Walkthrough’. I then proceeded to embed the Access token in the Authorization header within the code (made available in the Github repository) following the format described. I assume that is what you meant when you said to “bypass the Password Flow Implementation in the code”. But after which I still get this message when I run it:

–±-±-
[KERNEL] Access & Refresh Tokens Retrieved Successfully
–±-±-
{‘error_description’: ‘Client Authentication failed.’, ‘error’: ‘invalid_client’}

I believe I may be missing something cus Im getting both positive and negative responses.

Hi @xrpto,

Brilliant, yes that is what I meant :+1:

You’ll also need to pass in the latest API version to the class constructor depending on the API you’re using.

e.g. The code defaults to older API versions and there have been several API updates since the code was released.

Setting version numbers was kept configurable via function arguments in anticipation of this - could you try again with the latest version numbers?

2 Likes

It worked, thanks alot!! Im now getting a “Type: JSONDecodeError, Args: (‘Expecting value: line 1 column 1 (char 0)’,)” error when making an API call but thats progress nonetheless.

Thanks again.

2 Likes

You’re most welcome @xrpto, no worries :slightly_smiling_face: