How to call our API

Alpaca's APIs are available under different domain names, and you first need to make sure that you are calling the right one. This page describes the machine-to-machine authentication types available in the following scenarios:

• If you are a live broker partner, you can call:
  • Broker API endpoints on broker-api.giftcity.in.alpaca.markets
  • Market Data API endpoints on data.giftcity.in.alpaca.markets
  • Stream Data API on stream.data.giftcity.sandbox.in.alpaca.markets
  • Authentication endpoints on authx.giftcity.in.alpaca.markets
  • India / GIFT City Specific APIs (like blocked symbols): ext-api.giftcity.in.alpaca.markets
• If you are a sandbox broker partner, you can call:
  • Broker API endpoints on broker-api.giftcity.sandbox.in.alpaca.markets
  • Market Data API endpoints on data.giftcity.sandbox.in.alpaca.markets
  • Stream Data API on stream.data.giftcity.in.alpaca.markets
  • Authentication endpoints on authx.giftcity.sandbox.in.alpaca.markets
  • India / GIFT City Specific APIs (like blocked symbols): ext-api.giftcity.sandbox.in.alpaca.markets

If you have more than one correspondent, each of those have separate credentials. As an example, you cannot use your live account's credentials with the sandbox API, or vice versa.

Authentication flows

Client credentials

When using this flow, you first need to exchange your credentials for a short-lived access token, then use that token to authenticate with our API. Do not request a new access token for each API call. Access tokens issued by our token endpoint are valid for 15 minutes.

We offer two types of credentials you can use with this flow:

• Use a client ID and a client secret (client_secret) - this is easier, as you can simply pass the secret that was generated when you created your credentials to our token endpoint. Note that we only support passing the client secret in the request body (client_secret_post), not in the Authorization header (client_secret_basic).

As an example, here is how a Broker API user would request an access token from our token endpoint using the first method:

curl -X POST "https://authx.giftcity.in.alpaca.markets/v1/oauth2/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "grant_type=client_credentials" \
     -d "client_id={YOUR_CLIENT_ID}" \
     -d "client_secret={YOUR_CLIENT_SECRET}"

The response will contain an access token:

{
    "access_token": "{TOKEN}",
    "expires_in": 899,
    "token_type": "Bearer"
}

The returned token can be used to authenticate with Broker API:

curl -X GET "https://broker-api.giftcity.in.alpaca.markets/v1/accounts" \
     -H "Authorization: Bearer {TOKEN}"