Skip to content

Commit

Permalink
fix docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@felipecsl
felipecsl committed Feb 21, 2025
1 parent 42a59f4 commit a2166ae
Showing 1 changed file with 22 additions and 9 deletions.
31 changes: 22 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,26 +18,39 @@ yarn build
# Running the example app

```
yarn install
# if you already have an access token and refresh token
DEBUG_DEPTH=5 DEBUG=* TOS_ACCESS_TOKEN=<access_token> TOS_REFRESH_TOKEN=<refresh_token> node dist/example/testApp.js
DEBUG_DEPTH=5 DEBUG=* \
TOS_ACCESS_TOKEN=<access_token> \
TOS_REFRESH_TOKEN=<refresh_token> \
node dist/example/testApp.js
# if you don't have an access token and refresh token, you can use your username and password
# this will launch a browser to authenticate and then save the access token and refresh token to .env
DEBUG_DEPTH=5 DEBUG=* TOS_USERNAME=<username> TOS_PASSWORD=<password> node dist/example/testApp.js
DEBUG_DEPTH=5 DEBUG=* \
TOS_USERNAME=<username> \
TOS_PASSWORD=<password> \
node dist/example/testApp.js
```

## Authentication flow

There seems to be currently two ways to authenticate:

1. From scratch with username and password:
a. Send a message with the `login/schwab` service including the `authCode` obtained from the browser oauth flow at `trade.thinkorswim.com`;
b. This will return a `token` and `refreshToken` which should be saved for future use;
c. The `authCode` is single use and cannot be used again once exchanged for a token.

1.1 Send a message with the `login/schwab` service including the `authCode` obtained from the browser oauth flow at `trade.thinkorswim.com`;

1.2 This will return a `token` and `refreshToken` which should be saved for future use;

1.3. The `authCode` is single use and cannot be used again once exchanged for a token.

2. From a previously obtained `token`
a. Send a message with the `login` service including the `token` returned from the `login/schwab` response message (step 1 above).
b. This will return the same `token`, weirdly, and a `refreshToken`, which should be saved for future use
c. The token is valid for 24 hours.

2.1 Send a message with the `login` service including the `token` returned from the `login/schwab` response message (step 1 above)

2.2 This will return the same `token`, weirdly, and a `refreshToken`, which should be saved for future use

2.3 The token is valid for 24 hours.

# Supported APIs

Expand Down

0 comments on commit a2166ae

Please sign in to comment.