Once you establish a web socket connection, your client has 30 seconds to complete the login process. Otherwise, the socket will be closed. The Symbridge platform supports a secure key pair authentication model.

The Secure Token Authentication flow is as follows:

Initial Setup (requires login with username and password)

  • Create an RSA keypair (public and private RSA keypair)
  • Follow the standard logon process
  • Call AddDeviceAccess registration (see below) with the public key component of your key pair
  • Once the device is added you can use your keypair for subsequent logins

Secure Login

  • Open WSS Connection
  • Send a RequestSecureToken request for a secure token (which will be encrypted with your public key – that was used in the registration above)
  • Decrypt the secure token (from the Secure Token request above) with your private key
  • Send Challenge message - you can ignore the token contained in this challenge response
  • Send Login request (see below) with the decrypted token

Note
Symbridge will send current open orders and position information upon a successful login

Add Device Access


Request

Key

Type

Value

Required

type

string

adddeviceaccess

Yes

devid

string

Unique registration ID for your keypair

Yes

key

string, base64

Base64 encoded public key of the keypair

Yes

nickname

string

Display name for your keypair registration

Optional

delete

boolean

Set this to true to delete an existing device

Optional

Response

Key

Type

Value

type

string

adddeviceaccess

devid

string

Unique registration id for your keypair

key

string, base64

Base64 encoded public key of the keypair

nickname

string

Display name for your keypair registration

result

string

"OK" for successful registration of your public key, otherwise an error message will be returned

# AddDeviceAccess Request
{
  "type":"adddeviceaccess",
  "devid":"device-to-add",
  "key":"MIIBIjANBgkqhkiG832w0BAQEFAAOCAQ8AMIIBCgKCAQEAjegN8Aq0jTi92Wy0E+Bs62U26yz4qH8wz+wf/TFkBLFWOEUZx9BGAw7iXwgWbfpWuNuRmEVIW6b2iUBW/k+FvZcbCjVnLkJ2WGuJdJyGojOvprGgfltLyGJaGuvbkHZeNJKV6x2zFyq+qikVL07K1+6t0ZQtUv973fHiycECdoocXal05Wf86OW+CtFdLzceuFN3K2c5yyCdpUr3+qkiuyP8jHRYFXKp9V8GS3YipEBCf2MyO9tPve6t5w52CGyvIx6D3ieJ5fowLQpJkBH2igyFG/3Sm9TX+3X+kwsj/asZtqRudQINkwsB4CgBa2LDFj8VZ5ZqaNTiWxgi6nebmQIDAQAB"
}

# AddDeviceAccess Response
{
  "type":"adddeviceaccess",
  "result":"OK",
  "devid":"device-to-add",
  "key":"MIIBIjANBgkqhkiG832w0BAQEFAAOCAQ8AMIIBCgKCAQEAjegN8Aq0jTi92Wy0E+Bs62U26yz4qH8wz+wf/TFkBLFWOEUZx9BGAw7iXwgWbfpWuNuRmEVIW6b2iUBW/k+FvZcbCjVnLkJ2WGuJdJyGojOvprGgfltLyGJaGuvbkHZeNJKV6x2zFyq+qikVL07K1+6t0ZQtUv973fHiycECdoocXal05Wf86OW+CtFdLzceuFN3K2c5yyCdpUr3+qkiuyP8jHRYFXKp9V8GS3YipEBCf2MyO9tPve6t5w52CGyvIx6D3ieJ5fowLQpJkBH2igyFG/3Sm9TX+3X+kwsj/asZtqRudQINkwsB4CgBa2LDFj8VZ5ZqaNTiWxgi6nebmQIDAQAB"
}

Request Secure Token


Request

Key

Type

Value

Required

type

string

requestsecuretoken

Yes

userid

string

UserID of the user authenticating to the platform

Yes

devid

string

Unique registration id for your keypair

Yes

Response

Key

Type

Value

type

string

requestsecuretoken

devid

string

Unique registration id for your keypair

userid

string

UserID of the user authenticating to the platform

securetoken

string, base64

Base64 encoded token (encrypted with your public key)

result

string

"OK" for successful retrieval of your encrypted token

# Request Secure Token
{
  "devid":"device-to-add",
  "type":"requestsecuretoken",
  "userid":"[email protected]"
}

# Response - Request Secure Token

{
  "devid":"device-to-add",
  "result":"OK",
  "type":"requestsecuretoken",
  "userid":"[email protected]",
  "securetoken":"Zt2VY8HnQU1sO1T4X3hVdRafcaZh1Dl9mxskPy3PldYqj10AZqRkDIqvqDdeUI1Mj0sugqLEOaLhCn+SXO0PJhSF9ny9D6uy8JCaF/fxKa16oj7BBFAhb8ZDQkGdp14uBU9wTDJFobh1GGi+OB+B3aKeW4zUEsnoa2rVDfJDyvNOEz+E0H9YD/4VZgoHkaBtMazgfGZJwttTvhzu8Ie0L2OgedxszrP17Xv7nY6MQmZAADEsn3ivLcZfuTwf0BduLUrQylxx0SMztoR/O9O9bNhcL/SbcobwOQRuwzleSoPvZ5KHzu3NBfJQLrYgLQtTdwWT3bujRYEElBGURdAjGw=="
}

Secure Login


Request

Key

Type

Value

Required

type

string

login

Yes

token

string

Decrypted token from the secure token sequence (using your private key). Note: not base64 encoded

Yes

Response

Key

Type

Value

type

string

login

result

string

"OK" if successful. If not successful, this field will contain the reject reason.

firm

string

The firm account associated with the login user

need2FA

boolean

Whether or not the user is required to use 2FA at login

roles

string

The role string associated with the login user

active

string

Whether the user is active or not.

secondary_account

string

The user's secondary account.

attr

json

Contains user level attributes.

use2fa

boolean

userid

string

The userid associated with the login user.

restricted_attr

json

Contains user level attributes that display sensitive fields (which are not included).

# Send Secure Login
{
  "type":"login",
  "token":"^Aa&yoB%Isz44w:i(t^/N,tQ=x#X.*mDPP6yE=ejL^J[_Q?y>g'iVy*Ll1TEeRG"
}

# Response - Secure Login

{
  "result":"OK",
  "firm":"SYMB",
  "roles":"OOOOO",
  "active":"Y",
  "secondary_account":"JOHNDOEMAILCOM", 
  "type":"login",
  "userid":"[email protected]"
  "attr":{
    "country":"",
    "tax_code":"",
    "use2fa":true,
    "last_name":"Doe",
    "first_name":"John",
    "email":"[email protected]"
  },
  "use2fa":"N",
  "restricted_attr":{
    "dev_list":[{"devid":"device-to-add"}]
  },
}