Once you establish a web socket connection, your client has 30 seconds to complete the login process. Otherwise, the socket will be closed. The Symbridge platform supports a secure key pair authentication model.
The Secure Token Authentication flow is as follows:
Initial Setup (requires login with username and password)
- Create an RSA keypair (public and private RSA keypair)
- Follow the standard logon process
- Call AddDeviceAccess registration (see below) with the public key component of your key pair
- Once the device is added you can use your keypair for subsequent logins
Secure Login
- Open WSS Connection
- Send a RequestSecureToken request for a secure token (which will be encrypted with your public key – that was used in the registration above)
- Decrypt the secure token (from the Secure Token request above) with your private key
- Send Challenge message - you can ignore the token contained in this challenge response
- Send Login request (see below) with the decrypted token
Note
Symbridge will send current open orders and position information upon a successful login
Add Device Access
Request
Key | Type | Value | Required |
|---|---|---|---|
type | string | adddeviceaccess | Yes |
devid | string | Unique registration ID for your keypair | Yes |
key | string, base64 | Base64 encoded public key of the keypair | Yes |
nickname | string | Display name for your keypair registration | Optional |
delete | boolean | Set this to true to delete an existing device | Optional |
Response
Key | Type | Value |
|---|---|---|
type | string | adddeviceaccess |
devid | string | Unique registration id for your keypair |
key | string, base64 | Base64 encoded public key of the keypair |
nickname | string | Display name for your keypair registration |
result | string | "OK" for successful registration of your public key, otherwise an error message will be returned |
# AddDeviceAccess Request
{
"type":"adddeviceaccess",
"devid":"device-to-add",
"key":"MIIBIjANBgkqhkiG832w0BAQEFAAOCAQ8AMIIBCgKCAQEAjegN8Aq0jTi92Wy0E+Bs62U26yz4qH8wz+wf/TFkBLFWOEUZx9BGAw7iXwgWbfpWuNuRmEVIW6b2iUBW/k+FvZcbCjVnLkJ2WGuJdJyGojOvprGgfltLyGJaGuvbkHZeNJKV6x2zFyq+qikVL07K1+6t0ZQtUv973fHiycECdoocXal05Wf86OW+CtFdLzceuFN3K2c5yyCdpUr3+qkiuyP8jHRYFXKp9V8GS3YipEBCf2MyO9tPve6t5w52CGyvIx6D3ieJ5fowLQpJkBH2igyFG/3Sm9TX+3X+kwsj/asZtqRudQINkwsB4CgBa2LDFj8VZ5ZqaNTiWxgi6nebmQIDAQAB"
}
# AddDeviceAccess Response
{
"type":"adddeviceaccess",
"result":"OK",
"devid":"device-to-add",
"key":"MIIBIjANBgkqhkiG832w0BAQEFAAOCAQ8AMIIBCgKCAQEAjegN8Aq0jTi92Wy0E+Bs62U26yz4qH8wz+wf/TFkBLFWOEUZx9BGAw7iXwgWbfpWuNuRmEVIW6b2iUBW/k+FvZcbCjVnLkJ2WGuJdJyGojOvprGgfltLyGJaGuvbkHZeNJKV6x2zFyq+qikVL07K1+6t0ZQtUv973fHiycECdoocXal05Wf86OW+CtFdLzceuFN3K2c5yyCdpUr3+qkiuyP8jHRYFXKp9V8GS3YipEBCf2MyO9tPve6t5w52CGyvIx6D3ieJ5fowLQpJkBH2igyFG/3Sm9TX+3X+kwsj/asZtqRudQINkwsB4CgBa2LDFj8VZ5ZqaNTiWxgi6nebmQIDAQAB"
}
Request Secure Token
Request
Key | Type | Value | Required |
|---|---|---|---|
type | string | requestsecuretoken | Yes |
userid | string | UserID of the user authenticating to the platform | Yes |
devid | string | Unique registration id for your keypair | Yes |
Response
Key | Type | Value |
|---|---|---|
type | string | requestsecuretoken |
devid | string | Unique registration id for your keypair |
userid | string | UserID of the user authenticating to the platform |
securetoken | string, base64 | Base64 encoded token (encrypted with your public key) |
result | string | "OK" for successful retrieval of your encrypted token |
# Request Secure Token
{
"devid":"device-to-add",
"type":"requestsecuretoken",
"userid":"[email protected]"
}
# Response - Request Secure Token
{
"devid":"device-to-add",
"result":"OK",
"type":"requestsecuretoken",
"userid":"[email protected]",
"securetoken":"Zt2VY8HnQU1sO1T4X3hVdRafcaZh1Dl9mxskPy3PldYqj10AZqRkDIqvqDdeUI1Mj0sugqLEOaLhCn+SXO0PJhSF9ny9D6uy8JCaF/fxKa16oj7BBFAhb8ZDQkGdp14uBU9wTDJFobh1GGi+OB+B3aKeW4zUEsnoa2rVDfJDyvNOEz+E0H9YD/4VZgoHkaBtMazgfGZJwttTvhzu8Ie0L2OgedxszrP17Xv7nY6MQmZAADEsn3ivLcZfuTwf0BduLUrQylxx0SMztoR/O9O9bNhcL/SbcobwOQRuwzleSoPvZ5KHzu3NBfJQLrYgLQtTdwWT3bujRYEElBGURdAjGw=="
}
Secure Login
Request
Key | Type | Value | Required |
|---|---|---|---|
type | string | login | Yes |
token | string | Decrypted token from the secure token sequence (using your private key). Note: not base64 encoded | Yes |
Response
Key | Type | Value |
|---|---|---|
type | string | login |
result | string | "OK" if successful. If not successful, this field will contain the reject reason. |
firm | string | The firm account associated with the login user |
need2FA | boolean | Whether or not the user is required to use 2FA at login |
roles | string | The role string associated with the login user |
active | string | Whether the user is active or not. |
secondary_account | string | The user's secondary account. |
attr | json | Contains user level attributes. |
use2fa | boolean | |
userid | string | The userid associated with the login user. |
restricted_attr | json | Contains user level attributes that display sensitive fields (which are not included). |
# Send Secure Login
{
"type":"login",
"token":"^Aa&yoB%Isz44w:i(t^/N,tQ=x#X.*mDPP6yE=ejL^J[_Q?y>g'iVy*Ll1TEeRG"
}
# Response - Secure Login
{
"result":"OK",
"firm":"SYMB",
"roles":"OOOOO",
"active":"Y",
"secondary_account":"JOHNDOEMAILCOM",
"type":"login",
"userid":"[email protected]"
"attr":{
"country":"",
"tax_code":"",
"use2fa":true,
"last_name":"Doe",
"first_name":"John",
"email":"[email protected]"
},
"use2fa":"N",
"restricted_attr":{
"dev_list":[{"devid":"device-to-add"}]
},
}