Secure Token Auth

Once you establish a web socket connection, your client has 30 seconds to complete the login process. Otherwise, the socket will be closed. The Symbridge platform supports a secure key pair authentication model.

The Secure Token Authentication flow is as follows:

Initial Setup (requires login with username and password)

Create an RSA keypair (public and private RSA keypair)
Follow the standard logon process
Call AddDeviceAccess registration (see below) with the public key component of your key pair
Once the device is added you can use your keypair for subsequent logins

Secure Login

Open WSS Connection
Send a RequestSecureToken request for a secure token (which will be encrypted with your public key – that was used in the registration above)
Decrypt the secure token (from the Secure Token request above) with your private key
Send Challenge message - you can ignore the token contained in this challenge response
Send Login request (see below) with the decrypted token

Note
Symbridge will send current open orders and position information upon a successful login

Add Device Access

Request

Key	Type	Value	Required
type	string	adddeviceaccess	Yes
devid	string	Unique registration ID for your keypair	Yes
key	string, base64	Base64 encoded public key of the keypair	Yes
nickname	string	Display name for your keypair registration	Optional
delete	boolean	Set this to true to delete an existing device	Optional

Response

Key	Type	Value
type	string	adddeviceaccess
devid	string	Unique registration id for your keypair
key	string, base64	Base64 encoded public key of the keypair
nickname	string	Display name for your keypair registration
result	string	"OK" for successful registration of your public key, otherwise an error message will be returned

# AddDeviceAccess Request
{
  "type":"adddeviceaccess",
  "devid":"device-to-add",
  "key":"MIIBIjANBgkqhkiG832w0BAQEFAAOCAQ8AMIIBCgKCAQEAjegN8Aq0jTi92Wy0E+Bs62U26yz4qH8wz+wf/TFkBLFWOEUZx9BGAw7iXwgWbfpWuNuRmEVIW6b2iUBW/k+FvZcbCjVnLkJ2WGuJdJyGojOvprGgfltLyGJaGuvbkHZeNJKV6x2zFyq+qikVL07K1+6t0ZQtUv973fHiycECdoocXal05Wf86OW+CtFdLzceuFN3K2c5yyCdpUr3+qkiuyP8jHRYFXKp9V8GS3YipEBCf2MyO9tPve6t5w52CGyvIx6D3ieJ5fowLQpJkBH2igyFG/3Sm9TX+3X+kwsj/asZtqRudQINkwsB4CgBa2LDFj8VZ5ZqaNTiWxgi6nebmQIDAQAB"
}

# AddDeviceAccess Response
{
  "type":"adddeviceaccess",
  "result":"OK",
  "devid":"device-to-add",
  "key":"MIIBIjANBgkqhkiG832w0BAQEFAAOCAQ8AMIIBCgKCAQEAjegN8Aq0jTi92Wy0E+Bs62U26yz4qH8wz+wf/TFkBLFWOEUZx9BGAw7iXwgWbfpWuNuRmEVIW6b2iUBW/k+FvZcbCjVnLkJ2WGuJdJyGojOvprGgfltLyGJaGuvbkHZeNJKV6x2zFyq+qikVL07K1+6t0ZQtUv973fHiycECdoocXal05Wf86OW+CtFdLzceuFN3K2c5yyCdpUr3+qkiuyP8jHRYFXKp9V8GS3YipEBCf2MyO9tPve6t5w52CGyvIx6D3ieJ5fowLQpJkBH2igyFG/3Sm9TX+3X+kwsj/asZtqRudQINkwsB4CgBa2LDFj8VZ5ZqaNTiWxgi6nebmQIDAQAB"
}

Request Secure Token

Request

Key	Type	Value	Required
type	string	requestsecuretoken	Yes
userid	string	UserID of the user authenticating to the platform	Yes
devid	string	Unique registration id for your keypair	Yes

Response

Key	Type	Value
type	string	requestsecuretoken
devid	string	Unique registration id for your keypair
userid	string	UserID of the user authenticating to the platform
securetoken	string, base64	Base64 encoded token (encrypted with your public key)
result	string	"OK" for successful retrieval of your encrypted token

# Request Secure Token
{
  "devid":"device-to-add",
  "type":"requestsecuretoken",
  "userid":"[email protected]"
}

# Response - Request Secure Token

{
  "devid":"device-to-add",
  "result":"OK",
  "type":"requestsecuretoken",
  "userid":"[email protected]",
  "securetoken":"Zt2VY8HnQU1sO1T4X3hVdRafcaZh1Dl9mxskPy3PldYqj10AZqRkDIqvqDdeUI1Mj0sugqLEOaLhCn+SXO0PJhSF9ny9D6uy8JCaF/fxKa16oj7BBFAhb8ZDQkGdp14uBU9wTDJFobh1GGi+OB+B3aKeW4zUEsnoa2rVDfJDyvNOEz+E0H9YD/4VZgoHkaBtMazgfGZJwttTvhzu8Ie0L2OgedxszrP17Xv7nY6MQmZAADEsn3ivLcZfuTwf0BduLUrQylxx0SMztoR/O9O9bNhcL/SbcobwOQRuwzleSoPvZ5KHzu3NBfJQLrYgLQtTdwWT3bujRYEElBGURdAjGw=="
}

Secure Login

Request

Key	Type	Value	Required
type	string	login	Yes
token	string	Decrypted token from the secure token sequence (using your private key). Note: not base64 encoded	Yes

Response

Key	Type	Value
type	string	login
result	string	"OK" if successful. If not successful, this field will contain the reject reason.
firm	string	The firm account associated with the login user
need2FA	boolean	Whether or not the user is required to use 2FA at login
roles	string	The role string associated with the login user
active	string	Whether the user is active or not.
secondary_account	string	The user's secondary account.
attr	json	Contains user level attributes.
use2fa	boolean
userid	string	The userid associated with the login user.
restricted_attr	json	Contains user level attributes that display sensitive fields (which are not included).

# Send Secure Login
{
  "type":"login",
  "token":"^Aa&yoB%Isz44w:i(t^/N,tQ=x#X.*mDPP6yE=ejL^J[_Q?y>g'iVy*Ll1TEeRG"
}

# Response - Secure Login

{
  "result":"OK",
  "firm":"SYMB",
  "roles":"OOOOO",
  "active":"Y",
  "secondary_account":"JOHNDOEMAILCOM", 
  "type":"login",
  "userid":"[email protected]"
  "attr":{
    "country":"",
    "tax_code":"",
    "use2fa":true,
    "last_name":"Doe",
    "first_name":"John",
    "email":"[email protected]"
  },
  "use2fa":"N",
  "restricted_attr":{
    "dev_list":[{"devid":"device-to-add"}]
  },
}