{"id":7925,"date":"2025-09-04T15:13:18","date_gmt":"2025-09-04T20:13:18","guid":{"rendered":"https:\/\/librarytestdev.wpenginepowered.com\/?post_type=doc&#038;p=7925"},"modified":"2025-09-04T15:34:06","modified_gmt":"2025-09-04T20:34:06","slug":"authentication-and-request-ids","status":"publish","type":"doc","link":"https:\/\/library-staging.tradingtechnologies.com\/apis\/tt-rest-api-2-0\/getting-started-tt-rest-api-2-0\/authentication-and-request-ids\/","title":{"rendered":"Authentication and request IDs"},"content":{"rendered":"\n<div class=\"row ttdoc-maincontent-row\">\n \t<h1>Authentication and request IDs<\/h1>\n  <p>All requests using the TT REST API must include:<\/p>\n<ul>\n\t<li>An <a href=\"#application_keys\">Application Key<\/a> in the header<\/li>\n\t<ul>\n\t\t<li><code>x-api-key=&lt;application key&gt;<\/code><\/li>\n\t<\/ul>\n\t\n<\/ul>\n\n<p>Additionally, most requests also require:<\/p>\n<ul>\n\t<li>A <a href=\"#token\">Token<\/a> in the header.<\/li>\n\t<ul>\n\t\t<li><code>Authorization=Bearer &lt;token&gt;<\/code><\/li>\n\t<\/ul>\n\t<li>\n\t\tA <a href=\"#requestId\">request ID<\/a> passed as a query string\n\t\t<ul>\n\t\t\t<li><code>requestId=&lt;app_name&gt;-&lt;company_name&gt;--&lt;new_guid&gt;<\/code><\/li>\n\t\t<\/ul>\n\t<\/li>\n<\/ul>\n\n<p><strong>Note<\/strong>: The TT REST API documentation provides the ability to <a href=\"#test_calls\">create and send\n\t\ttest requests<\/a>. These test requests also need the above-mentioned parameters where required by the endpoint.\n<\/p>\n\n<h2 id=\"application_keys\">Application keys<a class=\"anchorjs-link \" aria-label=\"Anchor\" data-anchorjs-icon=\"\ue9cb\" href=\"#application_keys\" style=\"opacity: 1; font: 1em \/ 1 anchorjs-icons; margin-left: 0.1875em; padding-right: 0.1875em; padding-left: 0.1875em;\"><\/a><\/h2>\n\n<p><strong>Application Keys<\/strong> are created using the <strong>Setup<\/strong> application. An <strong>Application\n\t\tKey<\/strong> is associated with the login used to create it and the key will inherit the login&#8217;s permissions and\n\taccess to data for the environment in which the key was created. Separate <strong>application keys<\/strong> are\n\trequired for making requests from the UAT and Live environments.<\/p>\n\n<p>Consult the documentation for more information on the <a href=\"gs-intro.html#environments\">environments<\/a> used by\n\tthe TT REST API as well as <a href=\"gs-before.html\">creating application keys<\/a>.<\/p>\n\n<h2 id=\"token\">Tokens<a class=\"anchorjs-link \" aria-label=\"Anchor\" data-anchorjs-icon=\"\ue9cb\" href=\"#token\" style=\"opacity: 1; font: 1em \/ 1 anchorjs-icons; margin-left: 0.1875em; padding-right: 0.1875em; padding-left: 0.1875em;\"><\/a><\/h2>\n\n<p>For all TT REST endpoints, users must obtain a token.<\/p>\n\n<p>To request a token, you send your application key and application secret within a POST request to the &#8216;\/token&#8217;\n\tendpoint. <a href=\"#token_requests\">Full documentation<\/a> can be found at the bottom of this page.\n\n<\/p><p>When using the token in subsequent requests, <code>Bearer<\/code> is added to the front of the token you receive.<\/p>\n\n<p><strong>Note:<\/strong> Tokens are set to expire after a given period of time. This period of time is communicated in\n\tthe response to your token request as the &#8220;seconds_until_expiry&#8221; value. Your application will need to generate a new\n\ttoken before its token expires.<\/p>\n\n<h2 id=\"requestId\">Providing a Request ID<a class=\"anchorjs-link \" aria-label=\"Anchor\" data-anchorjs-icon=\"\ue9cb\" href=\"#requestId\" style=\"opacity: 1; font: 1em \/ 1 anchorjs-icons; margin-left: 0.1875em; padding-right: 0.1875em; padding-left: 0.1875em;\"><\/a><\/h2>\n\n<p>All endpoints require a query parameter named <strong>requestId<\/strong>. Its value must be of the form:<\/p>\n\n<p style=\"text-indent: 20px\">\n\t&lt;<em>app_name<\/em>&gt;-&lt;<em>company_name<\/em>&gt;&#8211;&lt;<em>new_guid<\/em>&gt;\n<\/p>\n\n<p>where:<\/p>\n<ul>\n\t<li>\n\t\t&lt;<em>app_name<\/em>&gt; is a user-generated string used to identify the specific application making the call.\n\t<\/li>\n\t<li>\n\t\t&lt;<em>company_name<\/em>&gt; is a user-generated string used to identify the user&#8217;s company.\n\t<\/li>\n\t<li>\n\t\t&lt;<em>new_guid<\/em>&gt; is the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Universally_unique_identifier\">globally\n\t\t\tunique identifier<\/a> for this request. Each separate request should have a distinct identifier so that it\n\t\tcan be traced. <a href=\"https:\/\/en.wikipedia.org\/wiki\/Universally_unique_identifier\">GUIDs<\/a> can be created\n\t\tusing a GUID generator.\n\t<\/li>\n<\/ul>\n\n<p>To avoid issues when submitting your request and <strong>requestId<\/strong>, you must adhere to the following format\n\trequirements:<\/p>\n\n<ul>\n\t<li>\n\t\t<p><b>Do not use special characters<\/b>: TT strongly recommends you avoid using special characters ($ &amp; + , \/ :\n\t\t\t; = ? @ &#8221; &lt;&gt; # % { } | \\ ^ ~ [ ] `) when creating your <strong>requestId<\/strong>. These characters may\n\t\t\t\tcause failures when passed to some TT backend components.<\/p>\n\t<\/li>\n\t<li>\n\t\t<p><b>Do not include spaces<\/b>: Your <strong>requestId<\/strong> cannot include blank spaces.<\/p>\n\t<\/li>\n\n\t<li>\n\t\t<p><b>Match the case sensitivity of the <strong>requestId<\/strong> parameter<\/b>: The request will only work if\n\t\t\tthe query parameter uses the appropriate &#8216;lower camelcase&#8217; format: <strong>requestId<\/strong>. Alternate\n\t\t\tcase structures (e.g., <strong>requestid<\/strong>, <strong>requestID<\/strong>, or\n\t\t\t<strong>requestiD<\/strong>) may result in a failed request.<\/p>\n\t<\/li>\n\n<\/ul>\n\n<p><span class=\"label-info label\">Note<\/span> Requests submitted without the <strong>requestId<\/strong> query parameter\n\twill be rejected.<\/p>\n\n<h3 id=\"creating-a-globally-unique-identifier\">Creating a Globally Unique Identifier<a class=\"anchorjs-link \" aria-label=\"Anchor\" data-anchorjs-icon=\"\ue9cb\" href=\"#creating-a-globally-unique-identifier\" style=\"opacity: 1; font: 1em \/ 1 anchorjs-icons; margin-left: 0.1875em; padding-right: 0.1875em; padding-left: 0.1875em;\"><\/a><\/h3>\n\n<p>To create a unique identifier, you can use an online GUID Generator like <a href=\"http:\/\/guid.one\">guid.one<\/a> or\n\tany other GUID generator available online.<\/p>\n<p>These tools generate completely random values (e.g., <strong>47a1e1c4-0c94-4fb3-94a9-d772382458a3<\/strong>) that meet\n\tthe criteria for creating a value used for identification.<\/p>\n\n<p><strong>Note: <\/strong>You must includes all characters, including hyphens, when using this value to access TT REST\n\tAPI.<\/p>\n\n<p>For additional information on GUID values, visit <a href=\"http:\/\/guid.one\/guid\">guid.one\/guid<\/a>.<\/p>\n\n<h2 id=\"test_calls\">Using Authentication and request IDs in test calls within documentation<a class=\"anchorjs-link \" aria-label=\"Anchor\" data-anchorjs-icon=\"\ue9cb\" href=\"#test_calls\" style=\"opacity: 1; font: 1em \/ 1 anchorjs-icons; margin-left: 0.1875em; padding-right: 0.1875em; padding-left: 0.1875em;\"><\/a><\/h2>\n<p>The TT REST API documentation lets you make test calls for endpoints for all services. The Ledger, Monitor and Risk\n\tservices require a token for addtional authentication. The documentation simplifies the process of authorizing your\n\trequests and for specifying a sample value for the new requestId parameter required for requests in these services.\n<\/p>\n\n<p>Rather than requiring you to authorize each request individually, the documentation provides an\n\t<strong>Authorize<\/strong> button that lets you enter the necessary authorization once for all calls in the service.\n\tWhen you click the Authorize button, you can enter the API key and token in the dialog box, as shown.<\/p>\n<p><img decoding=\"async\" class=\"img-responsive\" src=\"Content\/gs-authorize-dialog-new.png\" alt=\"\"><\/p>\n<ol>\n\t<li>\n\t\tEnter your TT REST API Application Key from Setup.\n\t<\/li>\n\t<li>\n\t\tEnter &#8220;<strong>Bearer <\/strong>&#8221; followed by the token (include a space, but do not include the quotes).\n\t<\/li>\n<\/ol>\n<p><\/p>\n\n<p>For any endpoint, you can click the <strong>Try it out<\/strong> button, populate the parameters, and execute the test\n\trequest. While using the documentation to test your requests, a sample requestId parameter, in the proper format, is\n\tautomatically populated so you need not generate a new GUID for each test request.<\/p>\n<p><img decoding=\"async\" class=\"img-responsive\" src=\"Content\/gs-swagger-requestId.png\" alt=\"\"><\/p>\n\n<p><strong>Note<\/strong>: The sample <strong>requestId<\/strong> is valid only for test calls made from the\n\tdocumentation. When making requests from your application, you must generate a new and unique GUID for every\n\trequest.<\/p>\n\n<h2 id=\"token_requests\">Token Requests<a class=\"anchorjs-link \" aria-label=\"Anchor\" data-anchorjs-icon=\"\ue9cb\" href=\"#token_requests\" style=\"opacity: 1; font: 1em \/ 1 anchorjs-icons; margin-left: 0.1875em; padding-right: 0.1875em; padding-left: 0.1875em;\"><\/a><\/h2>\n<p>To get a token, you send your application key and application secret within a POST request to generate a token.\n\tExpand the &#8216;\/token&#8217; documentation below to view the required parameters for generating a token.<\/p>\n \n\n\n<div id=\"swagger-ui-0b900e7e-3871-4ae1-b451-b91916765842\" class=\"swagger-ui-container-manual hide-options hide-topbar hide-info hide-server hide-default-tag\" data-swagger-config=\"{&quot;spec&quot;:{&quot;swagger&quot;:&quot;2.0&quot;,&quot;info&quot;:{&quot;version&quot;:&quot;2017-12-05T17:44:15Z&quot;,&quot;title&quot;:&quot;TTID&quot;},&quot;host&quot;:&quot;ttrestapi.trade.tt&quot;,&quot;basePath&quot;:&quot;\\\/ttid\\\/ext_uat_cert&quot;,&quot;schemes&quot;:[&quot;https&quot;],&quot;paths&quot;:{&quot;\\\/token&quot;:{&quot;post&quot;:{&quot;summary&quot;:&quot;Gets a token given an application key&quot;,&quot;produces&quot;:[&quot;application\\\/json&quot;],&quot;parameters&quot;:[{&quot;name&quot;:&quot;x-api-key&quot;,&quot;in&quot;:&quot;header&quot;,&quot;description&quot;:&quot;Set to your application key.&quot;,&quot;default&quot;:&quot;00000000-0000-0000-0000-000000000000&quot;,&quot;required&quot;:true,&quot;type&quot;:&quot;string&quot;},{&quot;name&quot;:&quot;Content-Type&quot;,&quot;in&quot;:&quot;header&quot;,&quot;description&quot;:&quot;Must be set to &#039;application\\\/x-www-form-urlencoded&#039;.&quot;,&quot;required&quot;:false,&quot;default&quot;:&quot;application\\\/x-www-form-urlencoded&quot;,&quot;type&quot;:&quot;string&quot;},{&quot;required&quot;:true,&quot;in&quot;:&quot;query&quot;,&quot;name&quot;:&quot;requestId&quot;,&quot;schema&quot;:{&quot;type&quot;:&quot;string&quot;},&quot;example&quot;:&quot;myApp-myCompany--4037847b-de40-46c8-b55e-66186d657614&quot;,&quot;default&quot;:&quot;myApp-myCompany--4037847b-de40-46c8-b55e-66186d657614&quot;,&quot;description&quot;:&quot;Unique ID for this request. For more information about the format of this value, see [Providing a Request ID](gs-token.html#requestId).&lt;br\\\/&gt; The TT REST API documentation pre-populates a sample    &lt;code&gt;requestId&lt;\\\/code&gt; which can only be used when making test calls.&quot;},{&quot;name&quot;:&quot;app_key and grant_type&quot;,&quot;in&quot;:&quot;body&quot;,&quot;description&quot;:&quot;The body of your token request must contain the &lt;b&gt;grant_type&lt;\\\/b&gt; parameter set to &lt;b&gt;user_app&lt;\\\/b&gt; as well as the &lt;b&gt;app_key&lt;\\\/b&gt; parameter set to your application key secret. This hexadecimal value equals the combination of your &lt;b&gt;appKey&lt;\\\/b&gt; and &lt;b&gt;secret&lt;\\\/b&gt; in the format &lt;b&gt;appKey:secret&lt;\\\/b&gt; &lt;br\\\/&gt;&lt;br\\\/&gt;for example: &lt;b&gt;grant_type=user_app&amp;app_key=00000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000&lt;\\\/b&gt;. &lt;br\\\/&gt;&lt;br\\\/&gt;To send a test request, click &#039;Try it out&#039; and paste in your application secret at below.&quot;,&quot;example&quot;:&quot;grant_type=user_app&amp;app_key=your app key:your secret&quot;,&quot;required&quot;:true}],&quot;responses&quot;:{&quot;200&quot;:{&quot;description&quot;:&quot;200 response&quot;,&quot;schema&quot;:{&quot;$ref&quot;:&quot;#\\\/definitions\\\/Empty&quot;},&quot;headers&quot;:{&quot;Access-Control-Allow-Origin&quot;:{&quot;type&quot;:&quot;string&quot;}}},&quot;400&quot;:{&quot;description&quot;:&quot;400 response&quot;,&quot;headers&quot;:{&quot;Access-Control-Allow-Origin&quot;:{&quot;type&quot;:&quot;string&quot;}}},&quot;500&quot;:{&quot;description&quot;:&quot;500 response&quot;,&quot;headers&quot;:{&quot;Access-Control-Allow-Origin&quot;:{&quot;type&quot;:&quot;string&quot;}}}},&quot;security&quot;:[{&quot;api_key&quot;:[],&quot;Token&quot;:[]}]},&quot;options&quot;:{&quot;consumes&quot;:[&quot;application\\\/json&quot;],&quot;produces&quot;:[&quot;application\\\/json&quot;],&quot;responses&quot;:{&quot;200&quot;:{&quot;description&quot;:&quot;200 response&quot;,&quot;schema&quot;:{&quot;$ref&quot;:&quot;#\\\/definitions\\\/Empty&quot;},&quot;headers&quot;:{&quot;Access-Control-Allow-Origin&quot;:{&quot;type&quot;:&quot;string&quot;},&quot;Access-Control-Allow-Methods&quot;:{&quot;type&quot;:&quot;string&quot;},&quot;Access-Control-Allow-Headers&quot;:{&quot;type&quot;:&quot;string&quot;}}}}}}},&quot;securityDefinitions&quot;:{&quot;api_key&quot;:{&quot;type&quot;:&quot;apiKey&quot;,&quot;name&quot;:&quot;x-api-key&quot;,&quot;in&quot;:&quot;header&quot;},&quot;Token&quot;:{&quot;type&quot;:&quot;apiKey&quot;,&quot;name&quot;:&quot;Authorization&quot;,&quot;in&quot;:&quot;header&quot;}},&quot;definitions&quot;:{&quot;Empty&quot;:{&quot;type&quot;:&quot;object&quot;,&quot;title&quot;:&quot;Empty Schema&quot;}}},&quot;docExpansion&quot;:&quot;list&quot;,&quot;defaultModelRendering&quot;:&quot;example&quot;,&quot;operationsSorter&quot;:&quot;alpha&quot;,&quot;deepLinking&quot;:true,&quot;displayOperationId&quot;:false,&quot;filter&quot;:false,&quot;tryItOutEnabled&quot;:false,&quot;defaultModelsExpandDepth&quot;:-1,&quot;validatorUrl&quot;:&quot;none&quot;}\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Authentication and request IDs All requests using the TT REST API must include: An Application Key in the head [&hellip;]<\/p>\n","protected":false},"author":2,"template":"","meta":{"_acf_changed":true,"footnotes":""},"docs-category":[733],"class_list":["post-7925","doc","type-doc","status-publish","hentry","docs-category-getting-started-tt-rest-api-2-0"],"acf":[],"_links":{"self":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/doc\/7925","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/doc"}],"about":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/types\/doc"}],"author":[{"embeddable":true,"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":0,"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/doc\/7925\/revisions"}],"wp:attachment":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/media?parent=7925"}],"wp:term":[{"taxonomy":"docs-category","embeddable":true,"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/docs-category?post=7925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}