# synthèse
### 🗂️ **Rappels clés**

🔑 1 `access_token` dure ≈ 30 minutes ➜ Vérifie `expires_in`
🔑 1 `refresh_token` dure ≈ 1 heure ➜ Vérifie `refresh_token_expires_in`
🔑 Si `refresh_token` expiré ➜ refaire tout le flow `authorize`

---

## 🎨 **Design simplifié**

* **Couleurs :**

  * 🔵 `authorize` ➜ page de login
  * 🟢 `token` ➜ échange de code
  * 🟣 `API calls` ➜ requêtes avec Bearer
  * 🟠 `refresh` ➜ renouveler token

---

### 1️⃣ **Étape 1 — Autorisation (Code Flow)**

✅ **But** : Obtenir un `authorization_code`

* **Tu crées une URL :**


In [1]:
from urllib.parse import urlencode

client_id = "59b065eb26d44b4799732f4d257a4a42"
redirect_uri = "http://localhost:8080/callback"  # mets ton redirect_uri déclaré dans Saxo Dev Portal
scope = "openid"
state = "xyz123"  # une chaîne random pour anti-CSRF

params = {
    "response_type": "code",
    "client_id": client_id,
    "redirect_uri": redirect_uri,
    "scope": scope,
    "state": state
}

auth_url = f"https://sim.logonvalidation.net/authorize?{urlencode(params)}"
print("👉 Ouvre cette URL dans ton navigateur :")
print(auth_url)
#exemple : http://localhost:8080/callback?code=dc408bb8-0786-4caa-8032-7f97fcda2f26&state=xyz123#/lst/1752785206868

👉 Ouvre cette URL dans ton navigateur :
https://sim.logonvalidation.net/authorize?response_type=code&client_id=59b065eb26d44b4799732f4d257a4a42&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback&scope=openid&state=xyz123


* 👉 **L'utilisateur se connecte** ➜ Saxo redirige vers `redirect_uri` avec `?code=XXXX`

### 2️⃣ **Étape 2 — Échange du code**

✅ **But** : Échanger le `code` pour un `access_token` **et** `refresh_token`

* POST vers `https://sim.logonvalidation.net/token`
* Params :

  * `grant_type=authorization_code`
  * `code=<le code reçu>`
  * `redirect_uri=...`
  * `client_id`
  * `client_secret`

In [2]:
import requests

token_url = "https://sim.logonvalidation.net/token"
authorization_code = "1700a49e-6174-4548-a287-f2944b3efa17"  # Ex: '7Fq...xyz'

data = {
    "grant_type": "authorization_code",
    "code": authorization_code,
    "redirect_uri": redirect_uri,
    "client_id": client_id,
    "client_secret": "c8bd4e1f349147e3a06bb69f01990fbc"
}

response = requests.post(token_url, data=data)
tokens = response.json()
print("✅ Réponse :")
print(tokens)

access_token = tokens["access_token"]
refresh_token = tokens["refresh_token"]


#✅ Réponse :
#{'access_token': 'eyJhbGciOiJFUzI1NiIsIng1dCI6IjI3RTlCOTAzRUNGMjExMDlBREU1RTVCOUVDMDgxNkI2QjQ5REEwRkEifQ.eyJvYWEiOiI3Nzc3MCIsImlzcyI6Im9hIiwiYWlkIjoiNjUzNyIsInVpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImNpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImlzYSI6IkZhbHNlIiwidGlkIjoiMTE1NjQiLCJzaWQiOiJjNDE3MzZkMzRmZTA0MWYwYTBkMjcxMTNhNDZkNzhjZiIsImRnaSI6Ijg0IiwiZXhwIjoiMTc1Mjc4NjQwNyIsIm9hbCI6IjFGIiwiaWlkIjoiMTAwNWQzZGJiMDIxNDVmOWRiOWQwOGRkNjhmYjViOWEifQ.UK55kybf8L0FEUCCeBVVuLQeOJDqTv2oIOO8WtuPS868Ch4kY_VE7U26EzCdshZf5367hkHHsDeBduns2qOolA', 'token_type': 'Bearer', 'expires_in': 964, 'refresh_token': '105256c7-0d06-42ea-8b46-508e2b32b9da', 'refresh_token_expires_in': 3364, 'base_uri': None}

✅ Réponse :
{'access_token': 'eyJhbGciOiJFUzI1NiIsIng1dCI6IjI3RTlCOTAzRUNGMjExMDlBREU1RTVCOUVDMDgxNkI2QjQ5REEwRkEifQ.eyJvYWEiOiI3Nzc3MCIsImlzcyI6Im9hIiwiYWlkIjoiNjUzNyIsInVpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImNpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImlzYSI6IkZhbHNlIiwidGlkIjoiMTE1NjQiLCJzaWQiOiIwM2U3MTEwZDQzN2Q0MzA3Yjg1ZmUxM2EyMDYzM2NlYyIsImRnaSI6Ijg0IiwiZXhwIjoiMTc1MzAyMjIzNCIsIm9hbCI6IjFGIiwiaWlkIjoiMTAwNWQzZGJiMDIxNDVmOWRiOWQwOGRkNjhmYjViOWEifQ.t_oFBUcbq_sGNUSlVL1RKmLKzJ1pIzSy_249jNJj1-0kpePcRyMYc8EELSgBFH_yiazZHK9ueCFIMxGm2C9NRw', 'token_type': 'Bearer', 'expires_in': 1156, 'refresh_token': '59f7d145-7f92-4d78-94c4-84cf57a43802', 'refresh_token_expires_in': 3556, 'base_uri': None}


### 3️⃣ **Étape 3 — Rafraîchissement du token**

✅ **But** : Obtenir un nouveau `access_token` AVANT expiration

* POST vers `https://sim.logonvalidation.net/token`
* Params :

  * `grant_type=refresh_token`
  * `refresh_token=<ton_refresh_token>`
  * `client_id`
  * `client_secret`

---

In [3]:
import requests

token_url = "https://sim.logonvalidation.net/token"
data = {
    "grant_type": "refresh_token",
    "refresh_token": refresh_token,  # celui reçu dans la réponse précédente
    "client_id": "59b065eb26d44b4799732f4d257a4a42",
    "client_secret": "c8bd4e1f349147e3a06bb69f01990fbc"}

response = requests.post(token_url, data=data)
new_tokens = response.json()

print(response.status_code)
print(new_tokens) #print(response.text)

201
{'access_token': 'eyJhbGciOiJFUzI1NiIsIng1dCI6IjI3RTlCOTAzRUNGMjExMDlBREU1RTVCOUVDMDgxNkI2QjQ5REEwRkEifQ.eyJvYWEiOiI3Nzc3MCIsImlzcyI6Im9hIiwiYWlkIjoiNjUzNyIsInVpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImNpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImlzYSI6IkZhbHNlIiwidGlkIjoiMTE1NjQiLCJzaWQiOiIwM2U3MTEwZDQzN2Q0MzA3Yjg1ZmUxM2EyMDYzM2NlYyIsImRnaSI6Ijg0IiwiZXhwIjoiMTc1MzAyMjI5OCIsIm9hbCI6IjFGIiwiaWlkIjoiMTAwNWQzZGJiMDIxNDVmOWRiOWQwOGRkNjhmYjViOWEifQ.NRsqyaappu0FZfKWUhJCTKW5wiW8nQ6PlPge_JMs5xnCja7QJNjyxYm9eIEEHe_qcpPtmUDkp-wDCgkb1nabQQ', 'token_type': 'Bearer', 'expires_in': 1200, 'refresh_token': '8dbfc48c-5f0c-4cf3-843a-1bcf612de862', 'refresh_token_expires_in': 3600, 'base_uri': None}


In [5]:
import requests
refresh_token_infinite  = new_tokens['refresh_token']
token_url = "https://sim.logonvalidation.net/token"
data = {
    "grant_type": "refresh_token",
    "refresh_token": refresh_token_infinite,  # celui reçu dans la réponse précédente
    "client_id": "59b065eb26d44b4799732f4d257a4a42",
    "client_secret": "c8bd4e1f349147e3a06bb69f01990fbc"}

response = requests.post(token_url, data=data)
new_tokens = response.json()
refresh_token_infinite  = new_tokens['refresh_token']
access_token_infinite  = new_tokens['access_token']

print(response.status_code)
print(new_tokens) #print(response.text)

201
{'access_token': 'eyJhbGciOiJFUzI1NiIsIng1dCI6IjI3RTlCOTAzRUNGMjExMDlBREU1RTVCOUVDMDgxNkI2QjQ5REEwRkEifQ.eyJvYWEiOiI3Nzc3MCIsImlzcyI6Im9hIiwiYWlkIjoiNjUzNyIsInVpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImNpZCI6InlGYjVFQU1Sd3kwSERiN3hhSFZSOUE9PSIsImlzYSI6IkZhbHNlIiwidGlkIjoiMTE1NjQiLCJzaWQiOiIwM2U3MTEwZDQzN2Q0MzA3Yjg1ZmUxM2EyMDYzM2NlYyIsImRnaSI6Ijg0IiwiZXhwIjoiMTc1MzAyMjMwNSIsIm9hbCI6IjFGIiwiaWlkIjoiMTAwNWQzZGJiMDIxNDVmOWRiOWQwOGRkNjhmYjViOWEifQ.YQwF5wpUycBBywrsfTvK_NGvH1ut0k_0-U1lIeNGyTnDQeP-tSaU5rQb7Wxf39_E_ytz5lL3SJnuWzfweMXxKQ', 'token_type': 'Bearer', 'expires_in': 1200, 'refresh_token': '46e12c33-b009-49cb-86d5-5305e59ca36e', 'refresh_token_expires_in': 3600, 'base_uri': None}


### 4️⃣ **Étape 4 — Utilisation du `access_token`**

✅ **But** : Faire des requêtes à l’API Saxo

* Header HTTP : `Authorization: Bearer <access_token>`

---

In [6]:
import requests

api_url = "https://gateway.saxobank.com/sim/openapi/port/v1/accounts/me"#"https://gateway.saxobank.com/sim/openapi/trade/v1/portfolios"
access_token =  access_token_infinite #new_tokens['refresh_token']
headers = {"Authorization": f"Bearer {access_token}"}
response = requests.get(api_url, headers=headers)

print(response.status_code)
print(response.json())

200
{'Data': [{'AccountGroupKey': 'Xl9atlYCpWD5Kw0IW21SlQ==', 'AccountId': '20376954', 'AccountKey': 'yFb5EAMRwy0HDb7xaHVR9A==', 'AccountSubType': 'None', 'AccountType': 'Normal', 'AccountValueProtectionLimit': 0.0, 'Active': True, 'CanUseCashPositionsAsMarginCollateral': True, 'CfdBorrowingCostsActive': False, 'ClientId': '20376954', 'ClientKey': 'yFb5EAMRwy0HDb7xaHVR9A==', 'CreationDate': '2025-03-25T10:34:39.007000Z', 'Currency': 'EUR', 'CurrencyDecimals': 2, 'DirectMarketAccess': False, 'FractionalOrderEnabled': False, 'FractionalOrderEnabledAssetTypes': [], 'IndividualMargining': True, 'IsCurrencyConversionAtSettlementTime': True, 'IsMarginTradingAllowed': True, 'IsShareable': False, 'IsTrialAccount': True, 'LegalAssetTypes': ['FxSpot', 'FxForwards', 'ContractFutures', 'Stock', 'StockOption', 'Bond', 'FuturesOption', 'StockIndexOption', 'Cash', 'CfdOnStock', 'CfdOnIndex', 'StockIndex', 'CfdOnEtf', 'CfdOnEtc', 'CfdOnEtn', 'CfdOnFund', 'CfdOnRights', 'CfdOnCompanyWarrant', 'Etf', 'E

In [7]:


import requests

api_url = "https://gateway.saxobank.com/sim/openapi/ref/v1/instruments?KeyWords=DKK&AssetTypes=FxSpot"#"https://gateway.saxobank.com/sim/openapi/trade/v1/portfolios"
access_token =  access_token_infinite #new_tokens['refresh_token']
headers = {"Authorization": f"Bearer {access_token}"}
response = requests.get(api_url, headers=headers)

print(response.status_code)
print(response.json())

200
{'Data': [{'AssetType': 'FxSpot', 'CurrencyCode': 'SGD', 'Description': 'Danish Krone/Singapore Dollar', 'ExchangeId': 'SBFX', 'GroupId': 40077, 'Identifier': 9443, 'SummaryType': 'Instrument', 'Symbol': 'DKKSGD', 'TradableAs': ['FxSpot']}, {'AssetType': 'FxSpot', 'CurrencyCode': 'JPY', 'Description': 'Danish Krone/Japanese Yen', 'ExchangeId': 'SBFX', 'GroupId': 40130, 'Identifier': 4727, 'SummaryType': 'Instrument', 'Symbol': 'DKKJPY', 'TradableAs': ['FxSpot']}, {'AssetType': 'FxSpot', 'CurrencyCode': 'PLN', 'Description': 'Danish Krone/Polish Zloty', 'ExchangeId': 'SBFX', 'GroupId': 40031, 'Identifier': 21294, 'SummaryType': 'Instrument', 'Symbol': 'DKKPLN', 'TradableAs': ['FxSpot']}, {'AssetType': 'FxSpot', 'CurrencyCode': 'ZAR', 'Description': 'Danish Krone/South African Rand', 'ExchangeId': 'SBFX', 'GroupId': 40079, 'Identifier': 9445, 'SummaryType': 'Instrument', 'Symbol': 'DKKZAR', 'TradableAs': ['FxSpot']}, {'AssetType': 'FxSpot', 'CurrencyCode': 'HUF', 'Description': 'Dani

In [8]:
import requests

access_token =  access_token_infinite #new_tokens['refresh_token']
headers = {    "Authorization": f"Bearer {access_token}"}

params = {"Keywords": "AAPL","AssetTypes": "Stock", "ExchangeId": "NAS" }

url = "https://gateway.saxobank.com/sim/openapi/ref/v1/instruments"

response = requests.get(url, headers=headers, params=params)
data = response.json()

for item in data.get("Data", []):
    print("Nom:", item.get("Description"))
    print("Symbol:", item.get("Symbol"))
    print("ISIN:", item.get("ISIN"))
    print("UIC:", item.get("Uic"))
    print("AssetType:", item.get("AssetType"))
    print("ExchangeId:", item.get("ExchangeId"))
    print("------")


In [44]:
data

{'Data': []}

In [9]:
import requests

access_token =  access_token_infinite #new_tokens['refresh_token']

url = "https://gateway.saxobank.com/sim/openapi/ref/v1/instruments"
headers = {"Authorization": f"Bearer {access_token}"}
params = {
    "Keywords": "US0378331005",
    "AssetTypes": "Stock",
    "ExchangeId": "NASDAQ"
}

response = requests.get(url, headers=headers, params=params)


data = response.json().get("Data", [])
if data:
    inst = data[0]
    print("UIC de Apple :", inst["Identifier"])
    print("Symbole complet :", inst["Symbol"])
    print("Description :", inst["Description"])
    #print(response.status_code, response.text)
else:
    print("Aucun instrument trouvé pour Apple.")


UIC de Apple : 211
Symbole complet : AAPL:xnas
Description : Apple Inc.


In [10]:
import requests

uic = 211
asset_type = "Stock"
#account_key = "TON_ACCOUNT_KEY"  # récupéré via session

url = "https://gateway.saxobank.com/sim/openapi/trade/v1/infoprices"
params = {
    "Uic": uic,
    "AssetType": asset_type,

    # Faculatif : "FieldGroups": "PriceInfo,Quote" pour détailler le retour
}

headers = {
    "Authorization": f"Bearer {access_token}"
}

response = requests.get(url, headers=headers, params=params)
print(response.status_code)
data = response.json()
print(data)


200
{'AssetType': 'Stock', 'LastUpdated': '2025-07-20T13:50:22.941000Z', 'PriceSource': 'NASDAQ', 'Quote': {'Amount': 0, 'Ask': 211.23, 'AskSize': 0.0, 'Bid': 211.22, 'BidSize': 0.0, 'DelayedByMinutes': 15, 'ErrorCode': 'None', 'MarketState': 'Closed', 'Mid': 211.23, 'PriceSource': 'NASDAQ', 'PriceSourceType': 'Firm', 'PriceTypeAsk': 'OldIndicative', 'PriceTypeBid': 'OldIndicative'}, 'Uic': 211}


UIC de Apple : 211
Symbole complet : AAPL:xnas
Description : Apple Inc.
