![](https://i.insider.com/5fad523f8a86ff001880b26c?width=300)

The [Schwab Developer Portal](https://beta-developer.schwab.com/dashboard/apps/app/9d1f94fd-2b0d-4477-9fcb-68cfee615ff1) houses API products that allow you to connect into brokerage accounts. 

Before getting started, it is necessary to have a Schwab brokerage account, an individual trader account in their developer portal approved, and an app created in the portal. 

Once these are set up, add two API products to the app:

- [Trader API](https://beta-developer.schwab.com/products/trader-api--individual/details/specifications/Retail%20Trader%20API%20Production)
- [Market Data API](https://beta-developer.schwab.com/products/trader-api--individual/details/specifications/Market%20Data%20Production)

I've created a custom settings file to abstract the API functionality.

In [1]:
import settings.schwab as schwab
auth = schwab.Authenticator()

## Login Microsite (LMS)

To use the platform APIs, an authentication call is required. Schwab uses the OAuth 2 authorization framework, providing secure, delegated access over HTTPS using access tokens in place of credentials.

The function below generates a link to authenticate in the platform and create a redirect URL. Double click the link and **log in**:

In [2]:
auth.get_auth_url()

'https://api.schwabapi.com/v1/oauth/authorize?client_id=bWyEY8GGN843Bltl9v5vDOktXAq4F6tV&redirect_uri=https://127.0.0.1'

After logging in, accept the terms and you will be sent to a screen that appears to be a dead web page. This is the 'returned link'. Copy the address from the browser and paste it in the input below:

In [3]:
returned_link = input('Returned Link:')

Returned Link: https://127.0.0.1/?code=C0.b2F1dGgyLmJkYy5zY2h3YWIuY29t.BCJ9qoH9igIzAsd1PH9BOgiQP-r6G041wp3rG2BOSv4%40&session=46b905a8-cd91-4f55-9e20-58ad34980ca9


This returned link is used in a request to obtain an "access" and "refresh" token from Schwab's servers. These tokens are written to a json file and managed through the "auth" class of the settings file.

In [None]:
auth.get_tokens(returned_link)

*This notebook cell will continue to run ~ it refreshes your session on a timer, go use other notebooks.*

## Refresh Tokens

Access tokens are given 1800 seconds (half an hour) until they expire. When an access token expires, there is an easier way to authenticate than reusing the LMS.

The refresh token sent in the response from Schwab can be used for up to 7 days. After 7 days, the refresh token will expire, requiring re-authorization through the micro-site using the approach above. If you are restarting the server after generating a valid 'tokens.json' file through the LMS, then simply running the cell block below will authorize a user to call the REST APIs.

Keeping this notebook open and running will continously keep the 'tokens.json' file up to date. The auth class sets a timer to constantly use the refresh token every half hour to update the access token.

In [None]:
auth.update_tokens()