API Reference

Authentication

Introduction

Make authenticated REST requests to the QuantConnect API with your User-id and API-Token. Use a simple API endpoint to verify the authentication is working correctly.

The base URL of QuantConnect API is https://www.quantconnect.com/api/v2.

Authenticating Requests

Requests to QuantConnect API v2 require a hashed combination of time, and the API token. The unixtime stamp combination serves as a nonce token as each request is sent with a different signature but never requires sending the API token itself.

Hashing

Follow the below example to create a hashed token for authentication.

// Generate a timestamped SHA-256 hashed API token for secure authentication
#r "nuget:RestSharp"
using System;
using System.Security.Cryptography;
using RestSharp;

// Get timestamp
var stamp = ((DateTimeOffset)DateTime.UtcNow).ToUnixTimeSeconds();
var timeStampedToken = $"{<yourApiToken>}:{stamp}";

// Get hashed API token
var crypt = new SHA256Managed();
var hashToken = crypt.ComputeHash(Encoding.UTF8.GetBytes(timeStampedToken), 0, Encoding.UTF8.GetByteCount(timeStampedToken));
var hash = new StringBuilder();
foreach (var theByte in hashToken)
{
    hash.Append(theByte.ToString("x2"));
}
var apiToken = hash.ToString();

# Generate a timestamped SHA-256 hashed API token for secure authentication
import base64
import hashlib
import time

# Get timestamp
timestamp = str(int(time.time()))
time_stamped_token = "<your_api_token>" + ':' + timestamp

# Get hased API token
hashed_token = hashlib.sha256(time_stamped_token.encode('utf-8')).hexdigest()
authentication = "{}:{}".format(<your_user_id>, hashed_token)
api_token = base64.b64encode(authentication.encode('utf-8')).decode('ascii')

Make API Request

Follow the below example to install the hashing into the authenticator and make an API request.

Follow the below example to install the hashing into the headings and make an API request.

// Create REST client and install authenticator.
var client = new RestClient("<requestUrl>");
client.Authenticator = new HttpBasicAuthenticator(
    "<yourUserId>",
    hash.ToString()
);

// Create Request and add timestamp header (optional: Json Content).
var request = new RestRequest();
request.AddHeader("Timestamp", stamp.ToString());

// Make POST request.
var response = await client.PostAsync(request);
var content = response.Content
# Create headers dictionary.
headers = {
    'Authorization': 'Basic %s' % api_token,
    'Timestamp': timestamp
}

# Create POST Request with headers (optional: Json Content as data argument).
response = requests.post("<request_url>", 
                         data = {}, 
                         json = {},    # Some request requires json param (must remove the data param in this case)
                         headers = headers)
content = response.text

Authenticated State Request

Authentication status check endpoint to verify the hashing function is working successfully. The /authenticate API does not require any information, but just an authenticated hash in the header.

Authenticated State Responses

The /authenticate API provides a response in the following format:

200 Success

RestResponse Model - Base API response class for the QuantConnect API.
success boolean
Indicate if the API request was successful.
Example 
{
  "success": true
}

401 Authentication Error

UnauthorizedError Model - Unauthorized response from the API. Key is missing, invalid, or timestamp is too old for hash.
www_authenticate string
Header

You can also see our Videos. You can also get in touch with us via Discord.

Did you find this page helpful?

Contribute to the documentation: