The developer portal allows you to create your own applications that can access TD Ameritrade & TD Ameritrade partner products and services. This guide will walk you through:


Creating a Developer Account

  1. Click the Register link and complete all fields in the new user registration screen. Required fields are indicated with an asterisk.
  2. Click "Create new account"
  3. You will receive an email with a verification link and your new account details. Click the verification link from the email to activate your new account.
  4. After successful login, you can navigate TD Ameritrade for developers with the following menu bar links:
    • Docs: Documentation for the APIs provided through TD Ameritrade for developers
    • My Apps: Use to create, view, edit, and delete an application and its associated details
    • Guides: Contains instructions on how to perform specific tasks with the APIs provided and other useful information to aid in your development


Registering an App

Each user is allowed to create only one app for private, non-commercial use. To inquire about commercial usage, please Contact Us.
  1. To create a new app, go to My Apps and select Add a new App
  2. Complete the fields in the Add App screen and select Create App. Field details are:
    • App Name: A unique application name.
    • Callback URL: The URL to receive the auth code (used to retrieve a token from the Authentication API) after successful authentication. Separate URLs with a comma for multiple URLs. Localhost can be used here, as well.
    • What is the purpose of your application?: Use cases of the application, trading strategy, number of orders sent per day, etc.
  3. Your new application will be displayed in My Apps once it is successfully registered.


Navigating the Documentation

In APIs, there is a list of available APIs which will each have documentation. Within each API, resources provided by that API are listed along with supported HTTP methods. Click on a method to get more information about using that method. The methods detail page includes the following information:

  • The Resource URL is the location of the resource.
  • Query Parameters detail the parameters that can be passed in the URL.
  • The Send Request section allows you to try a request inside the browser to see an example of what is send and received. To send a request:
    1. Click OAuth 2.0 to launch the authentication window for your application and authenticate with a TD Ameritrade customer account.
    2. Fill in any variables in the Resource URL and Query Parameters sections.
    3. Click Send.
    4. Below Send, Request shows the request that was send, Response shows the response that was received, and cURL provides a cURL command to repeat the request using cURL.
  • The Resource Summary section shows the method's security and category.
  • The Response Summary section lists the response structure, including JSON and response Schema.
  • The error codes associated with the method can be found in the Resource Error Codes section.

Click the Contact Us link at the bottom of the screen to send an email to TD Ameritrade API Support


Making Your First Request

All private, non-commercial use apps are currently limited to 120 requests per minute on all APIs except for Accounts & Trading

Requests can be made by authenticating your application and a user in combination, or only authenticating your application (referred to as unauthenticated requests). Without user authentication and authorization, public resources like delayed data may be available.

Unauthenticated Requests

Right now, APIs offering this generally only require the OAuth User ID passed in to a parameter. In the future, we will move toward only supporting the OAuth 2.0 Client Credentials flow described in section 1.3.4 of RFC 6749 for this type of request.

Authenticated Requests

To authenticate a user, we use the OAuth 2.0 Authorization Code flow described in section 1.3.1 of RFC 6749. The best way to see this in action is to follow the steps on the simple auth guide

  1. Invoke the authentication window in the browser with the URL URI&client_id=Consumer Key%40AMER.OAUTHAP
  2. When the user has authenticated, a GET request will be made to your redirect URI with the authorization code passed as a parameter.
  3. This authorization code can then be passed as the code parameter to the Authentication API's Post Access Token method using the authorization_code grant type. To receive a refresh token which allows you to receive a new access token after the access token's expiration of 30 minutes, set the access type to offline.
  4. When you have POSTed details to the token endpoint and received your access token and refresh token, you can pass the access token as a bearer token by setting the Authorization header on all requests to "Bearer Access Token"