The Questrade API allows developers to create their own fully featured trading and analytical applications trough their brokerate account.
The security measures implemented by Questrade support the OAuth 2.0 version security protocol. Any OAuth library can be used to make requests against the Questrade API.
Questrade only allows API requests via HTTPS (TLS) and refuse connections when accessed via HTTP. In addition, the required HTTP method (GET, POST etc.) must also be defined.
To make an authenticated call via your API application:
Once you have a refresh token, you can redeem it for an access token to make authenticated calls through your API application. Redeeming the authorization code requires making a request to the access token endpoint using the following request parameters:
Always set to “refresh_token”.
Refresh token you receive from the security centre.
Access token for making authenticated calls.
Type of token (always set to “Bearer”).
Duration of the time token in which it became active (in seconds).
URL of the API server that the client application should contact.
Sample JSON response
"p4VTj45GhS8lY7aFoKDNZxB8yQHMOr+f""Bearer" 1800"aSBe7wAAdx88QTbwut0tiu3SYic3ox8F" "https://api01.iq.questrade.com/v1"
To revoke authorization, you can do one of the following:
Revoke endpoint example
Authorized requestes can be made toward API servers. The URL of the API servers will be provided to your application as a response to every access token request you make. Once your application obtains an access token and URL of proxy server to contact, it can then make authenticated calls on behalf of the user that authorized the application using a number of REST endpoints.
Your API application must pass the access token in the “Authorization” HTTP header as described in the sample request below:
Sample authorized request
IQ API OAuth scopes
As part of its OAuth 2.0 implementation, IQ API defines OAut scopes – permissions that the account holders grants to the authorized API client application. Each API call belongs to one and only scope.
The following table describes scopes that the API provides and the mapping of API calls to these scopes.
|Scope||Scope identifier||API calls|
Read account information
GET time GET accounts
Read market data
Have questions about Questrade's API? Tell us how we can help, send us an email.Get Started
We want your ideas on how we can improve our API. If you have a suggestion for a minor tweak, a major overhaul, or something brand new, please share it with us.Get Started
Try out the features of your application in a simulated environment without affecting your real positions.Get Started