Ways to finesse HTTP HeaderField constraints?

11 views (last 30 days)

Paul Shoemaker on 24 Aug 2019

0
Link

Direct link to this question

https://www.mathworks.com/matlabcentral/answers/477389-ways-to-finesse-http-headerfield-constraints

Commented: Ken on 13 Feb 2024

Hey folks,

Webwrite isn't meeting my needs for POSTing data to a RESTful web service, so I decided to go with the lower level matlab.net.http.RequestMessage functionality, which sometimes works, but setting the Header with my authorization token sometimes fails depending on the token I get.

URL = 'https://api.tdameritrade.com/v1/accounts/1234567890/orders';
r = matlab.net.http.RequestMessage;
r.Method = 'Post';
r.Header(1).Name = "Authorization";
r.Header(1).Value = "Bearer " + token; % Token is long and changes periodically. **Usually** Matlab throws error

The problem is in setting the Header, which requires a field Name called "Authorization" and the Value of "Bearer " + token. The "token" value is very lengthy, around 1,200 characters (example at bottom of this post) and I have to get a new one every 30min to keep accessing this service. Sometimes Matlab is okay and accepts the token, but most of the tokens are rejected when I try to set the value, giving me an error like the one below:

Screen Shot 2019-08-23 at 7.47.13 PM.png

The Matlab class HeaderField is clearly doing a validation routine on the Value and determining it is not valid.

Here's what I've tried:

Remove space after "Bearer", or using "Bearer%20" or "Bearer+". Matlab accepts this, but then web server returns "unauthorized"
I've noticed that if I take the first 1,144 characters in token then Matlab accepts (e.g. "Bearer " + token(1:1144), but of course the web server returns "unauthorized" since I'm not providing the full token

Any ideas for how to enter "Bearer " + token to avoid the above error?

Here's an example token (I changed one character just to be sure no one can use it):

token = "zgzMa4kOwPmVxbQ3tp0unIp4JIXv1Hzh7fzRs3JmQbTnPVFeXX7oF2pJH+3gL4KYEfXFIuiL7IKHOJRUdxe0HXnU0yN+Gn9cZUyU/eovZVyG4kVTqu47hyDnNkq0C1gShWhBtWcvI8uKjzHjGMJP8Ot2Gjhbw3/l6YfQe3q3PBQ+6wLsSV7gHBm406PukLdql7schTpvrqLi8h308G7OIVrTJB2oXgqfIVGGDYbQNuw6iGamxJUqOZ8Fv8PeRapG92iT8B1p1sW5LFq5Vpu6N2pFgkhoSilmW0aZ+aq03R9V8FYFsZ30/jrNqSxllf3WFELkVYlJlGNOvudzIzJwANcfcl4UzvDYpduN33lOarpIK3a17tRlsjIimtgiLhyxEYlUnVLiuwI5l1+9tkJ0HjC3asEL6kWj+ysW5gx36YWyb8tbhOz5I5wFkqGkcjZNJjUQ12Ou4+DVG/tCwhCHwJOR+x8imWbZqTcDwNRMKyQkn1CXSY463Ycxf3XE6boRBkK2OtAQ/m4Q276i26HhRGjuMFfDW1fzCrrXy23zERVAkAo9t100MQuG4LYrgoVi/JHHvlwCIoz+tGIgiaHeuLUSTR/PGs5RLwaXaMkRXixdeWNw5qOODbq9fsFHe0zBCweEkN8CK5Uxa3+FXv3OtlJUDZ8Pytum96pRkgDPvib1n2sDmtV0DgHc1q2zJqfitAcfS3lmIYPx7RcGBHJV/jn1Ojp6mcN9tu0C8S7u/Mk4gqV+dwkdLIICRGe3u2ASbsX6j16Nrbv+XHy9sxQRVh0eWpvLppM0ICBlSxrZ6qr/d6pYqn505fB6gICX0D+326pFZF/fgcyLnfGjCaHv9v5qMv0LTNooGYZ5BguM4IZGOCts4h+/zm3wGCchBczi3BWh/AXw+fNro1TOAkGDdzshZs6GyBoo52vziYR319E/pep9qDs0talrh1OJGnOOquBhnqY9ej2kzQdDtf3sBxQjSXn3JEIlAcszSCQbPDwwrr5sPDMWuhHsgbuU1+CIGOPEKiL0zi57fne5zTjAvMBov8/FWmCULZ+dEGRiBfdqK4OJMyZn8Kpcq+oN2JYSOBcE+c/6Y3XrOjW/8D1U+Hvb2sYhWk/f1hYh2AHDO2dwlbCoRtPipQ==212FD3x19z9sWBHDJACbC00B75E"

Note that I can set the header with webwrite and successfully use the RESTful service that way, but unfortunately the response when using webwrite is empty and I need the info that gets returned from the non-webwrite approach described above.

Thanks,

Paul S

3 Comments
Show 1 older commentHide 1 older comment

Paul Shoemaker on 12 Feb 2024

I will admit to doing this level of exit condition checking locally on my PC. There are a few reasons for this:

I have not discovered robust endpoints for making use of custom conditions and/or studies
While there is always the chance of a local machine failure (e.g. power, internet, hardware, etc), my software sends me emails on a regular basis so I'll know if it's down if I don't receive communications from it, and none of my trades/trading is so crucial as to threaten my account in a meaningful way should things go offline for a couple hours. Most of my positions are held on the order of multiple days to several weeks.

Ken on 13 Feb 2024

I suspected this.

The real advantage to robo-trading is entering a position on unexpected moves at all times of the day or night.

It seems necessary to engineer trades that have server exits that can be cancelled/changed by an endpoint preemption.

There are many shock moves . . . and this just might be the way to harvest them!

Happy trading!

Accepted Answer

Paul Shoemaker on 24 Aug 2019

5
Link

Direct link to this answer

https://www.mathworks.com/matlabcentral/answers/477389-ways-to-finesse-http-headerfield-constraints#answer_388914

Hey folks,

I think I may have fixed the issue. The trick seems to be creating a GenericHeader object, which does not validate supplied values. Then assign the GenericHeader field to the RequestMessage Header.

Here's how it looks:

URL = 'https://api.tdameritrade.com/v1/accounts/1234567890/orders';
r = matlab.net.http.RequestMessage;
r.Method = 'Post';
genericHeader = matlab.net.http.field.GenericField('Authorization',"Bearer " + token); % This bypasses Matlab value validation
r.Header = genericHeader; % Assign to RequestMessage. Fortunately, the RequestMessage class accepts generic header objects
r.Body(1).Data = order; % trade/order to POST
response = r.send(URL); % Works like a charm and output contains the info I need.

I hope this helps someone else out there.

Paul S

24 Comments
Show 22 older commentsHide 22 older comments

Paul Shoemaker on 6 Feb 2024

example.mat

Kenneth,

Happy to help!

TDA has several examples for various order types in the API developer guide. Examples here.

I'm attaching an example .mat file that contains a very simple order to buy three shares of Apple Inc. ("Buy 3 APPL"). The variable contained in the .mat file is called "orderExample."

Then, you can submit this order like so:

r = matlab.net.http.RequestMessage; % Create generic request object and populate below
URL = ['https://api.tdameritrade.com/v1/accounts/' ACCOUNT '/orders']; % Account is your TDA trading account number (char format)
r.Method = 'Post';
header = matlab.net.http.field.GenericField('Authorization',['Bearer ' ACCESS_TOKEN]); % must use generic header to bypass validation
r.Header = header; % Assign header to RequestMessage
r.Body(1).Data = orderExample; % Insert order into Data field (Matlab structure format)
response = r.send(URL); % Submit order. ****IMPORTANT**** This is REAL, not paper money, so only execute when ready to affect real-world brokerage transaction

Ken on 11 Feb 2024

For now I have a push button for UPDATE ACCESS TOKEN and another for UPDATE REFRESH TOKEN. Later I'll put them in a timer job so I won't think about tokens ever again. I now can see account status, view prices, place orders, and cancel orders. My next challenge will be conditional orders, OTO orders, OCO orders . . .

Then it's onward and upward to robotic trading! My computer becomes the screen zombie instead of me!

Your help was pivotal to this effort. I am grateful for your help.

Paul Shoemaker on 12 Feb 2024

Awesome! Really glad I could help. I've been using TDA API for about 10yrs now and have really enjoyed and made use of it in a major way for me. Hopefully, you have a similar experience.

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Ways to finesse HTTP HeaderField constraints?

3 Comments
Show 1 older commentHide 1 older comment

Accepted Answer

24 Comments
Show 22 older commentsHide 22 older comments

More Answers (0)

See Also

Categories

Tags

Community Treasure Hunt

Ways to finesse HTTP HeaderField constraints?

3 Comments Show 1 older commentHide 1 older comment

Accepted Answer

24 Comments Show 22 older commentsHide 22 older comments

More Answers (0)

See Also

Categories

Tags

Community Treasure Hunt

3 Comments
Show 1 older commentHide 1 older comment

24 Comments
Show 22 older commentsHide 22 older comments