Ways to finesse HTTP HeaderField constraints?

9 views (last 30 days)
Hey folks,
Webwrite isn't meeting my needs for POSTing data to a RESTful web service, so I decided to go with the lower level matlab.net.http.RequestMessage functionality, which sometimes works, but setting the Header with my authorization token sometimes fails depending on the token I get.
URL = 'https://api.tdameritrade.com/v1/accounts/1234567890/orders';
r = matlab.net.http.RequestMessage;
r.Method = 'Post';
r.Header(1).Name = "Authorization";
r.Header(1).Value = "Bearer " + token; % Token is long and changes periodically. **Usually** Matlab throws error
The problem is in setting the Header, which requires a field Name called "Authorization" and the Value of "Bearer " + token. The "token" value is very lengthy, around 1,200 characters (example at bottom of this post) and I have to get a new one every 30min to keep accessing this service. Sometimes Matlab is okay and accepts the token, but most of the tokens are rejected when I try to set the value, giving me an error like the one below:
Screen Shot 2019-08-23 at 7.47.13 PM.png
The Matlab class HeaderField is clearly doing a validation routine on the Value and determining it is not valid.
Here's what I've tried:
  1. Remove space after "Bearer", or using "Bearer%20" or "Bearer+". Matlab accepts this, but then web server returns "unauthorized"
  2. I've noticed that if I take the first 1,144 characters in token then Matlab accepts (e.g. "Bearer " + token(1:1144), but of course the web server returns "unauthorized" since I'm not providing the full token
Any ideas for how to enter "Bearer " + token to avoid the above error?
Here's an example token (I changed one character just to be sure no one can use it):
token = "zgzMa4kOwPmVxbQ3tp0unIp4JIXv1Hzh7fzRs3JmQbTnPVFeXX7oF2pJH+3gL4KYEfXFIuiL7IKHOJRUdxe0HXnU0yN+Gn9cZUyU/eovZVyG4kVTqu47hyDnNkq0C1gShWhBtWcvI8uKjzHjGMJP8Ot2Gjhbw3/l6YfQe3q3PBQ+6wLsSV7gHBm406PukLdql7schTpvrqLi8h308G7OIVrTJB2oXgqfIVGGDYbQNuw6iGamxJUqOZ8Fv8PeRapG92iT8B1p1sW5LFq5Vpu6N2pFgkhoSilmW0aZ+aq03R9V8FYFsZ30/jrNqSxllf3WFELkVYlJlGNOvudzIzJwANcfcl4UzvDYpduN33lOarpIK3a17tRlsjIimtgiLhyxEYlUnVLiuwI5l1+9tkJ0HjC3asEL6kWj+ysW5gx36YWyb8tbhOz5I5wFkqGkcjZNJjUQ12Ou4+DVG/tCwhCHwJOR+x8imWbZqTcDwNRMKyQkn1CXSY463Ycxf3XE6boRBkK2OtAQ/m4Q276i26HhRGjuMFfDW1fzCrrXy23zERVAkAo9t100MQuG4LYrgoVi/JHHvlwCIoz+tGIgiaHeuLUSTR/PGs5RLwaXaMkRXixdeWNw5qOODbq9fsFHe0zBCweEkN8CK5Uxa3+FXv3OtlJUDZ8Pytum96pRkgDPvib1n2sDmtV0DgHc1q2zJqfitAcfS3lmIYPx7RcGBHJV/jn1Ojp6mcN9tu0C8S7u/Mk4gqV+dwkdLIICRGe3u2ASbsX6j16Nrbv+XHy9sxQRVh0eWpvLppM0ICBlSxrZ6qr/d6pYqn505fB6gICX0D+326pFZF/fgcyLnfGjCaHv9v5qMv0LTNooGYZ5BguM4IZGOCts4h+/zm3wGCchBczi3BWh/AXw+fNro1TOAkGDdzshZs6GyBoo52vziYR319E/pep9qDs0talrh1OJGnOOquBhnqY9ej2kzQdDtf3sBxQjSXn3JEIlAcszSCQbPDwwrr5sPDMWuhHsgbuU1+CIGOPEKiL0zi57fne5zTjAvMBov8/FWmCULZ+dEGRiBfdqK4OJMyZn8Kpcq+oN2JYSOBcE+c/6Y3XrOjW/8D1U+Hvb2sYhWk/f1hYh2AHDO2dwlbCoRtPipQ==212FD3x19z9sWBHDJACbC00B75E"
Note that I can set the header with webwrite and successfully use the RESTful service that way, but unfortunately the response when using webwrite is empty and I need the info that gets returned from the non-webwrite approach described above.
Thanks,
Paul S
  3 Comments
Paul Shoemaker
Paul Shoemaker on 12 Feb 2024
I will admit to doing this level of exit condition checking locally on my PC. There are a few reasons for this:
  1. I have not discovered robust endpoints for making use of custom conditions and/or studies
  2. While there is always the chance of a local machine failure (e.g. power, internet, hardware, etc), my software sends me emails on a regular basis so I'll know if it's down if I don't receive communications from it, and none of my trades/trading is so crucial as to threaten my account in a meaningful way should things go offline for a couple hours. Most of my positions are held on the order of multiple days to several weeks.
Ken
Ken on 13 Feb 2024
I suspected this.
The real advantage to robo-trading is entering a position on unexpected moves at all times of the day or night.
It seems necessary to engineer trades that have server exits that can be cancelled/changed by an endpoint preemption.
There are many shock moves . . . and this just might be the way to harvest them!
Happy trading!

Sign in to comment.

Accepted Answer

Paul Shoemaker
Paul Shoemaker on 24 Aug 2019
Hey folks,
I think I may have fixed the issue. The trick seems to be creating a GenericHeader object, which does not validate supplied values. Then assign the GenericHeader field to the RequestMessage Header.
Here's how it looks:
URL = 'https://api.tdameritrade.com/v1/accounts/1234567890/orders';
r = matlab.net.http.RequestMessage;
r.Method = 'Post';
genericHeader = matlab.net.http.field.GenericField('Authorization',"Bearer " + token); % This bypasses Matlab value validation
r.Header = genericHeader; % Assign to RequestMessage. Fortunately, the RequestMessage class accepts generic header objects
r.Body(1).Data = order; % trade/order to POST
response = r.send(URL); % Works like a charm and output contains the info I need.
I hope this helps someone else out there.
Paul S
  24 Comments
Ken
Ken on 11 Feb 2024
For now I have a push button for UPDATE ACCESS TOKEN and another for UPDATE REFRESH TOKEN. Later I'll put them in a timer job so I won't think about tokens ever again. I now can see account status, view prices, place orders, and cancel orders. My next challenge will be conditional orders, OTO orders, OCO orders . . .
Then it's onward and upward to robotic trading! My computer becomes the screen zombie instead of me!
Your help was pivotal to this effort. I am grateful for your help.
Paul Shoemaker
Paul Shoemaker on 12 Feb 2024
Awesome! Really glad I could help. I've been using TDA API for about 10yrs now and have really enjoyed and made use of it in a major way for me. Hopefully, you have a similar experience.

Sign in to comment.

More Answers (0)

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!