Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Discussion: Making the gateway obsolete

See original GitHub issue

Since there is no other forum to discuss this I figured an “enhancement” issue might be the best idea.

So recently I was thinking why we even have to use the IB gateway client in the first place. Why not just run a headless browser to authenticate and use the cookies after a successfull auth to run against the IB client portal api?

So i just tested this really quick and as expected it actually works that easy. Open your regional IBKR site, authenticate and after the auth you grab the USERID cookie that will get responed from the server from the /sso/Dispatcher. That cookie seems to represent some kind of session since that seems to be the only thing you need to fire requests to the portal.proxy. With the cookie you essentially just do requests against the portal proxy which for my region is under https://www.interactivebrokers.co.uk/portal.proxy/v1/portal. The IB client portal runs all its requets against that and a quick check shows the same responses as the IB gateway would give you.

Going this route would make the IB gateway obsolete and we could make direct requests to the portal.proxy endpoint. I was thinking of building something like this:

Have one application get the USERID cookie with a headless browser from IBKR
Have a webservice that proxies requets to the portal.proxy. Why a service you may ask if you can code your trading bot to go directly to the portal.proxy? Well that’s an option but the service could run valdation against input and output. The output part would also help detect any changes in the IBKR portal.porxy endpoint responses which might need further investigation and updates to the service but makes things more secure.

Any toughts?

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:15 (6 by maintainers)

Top GitHub Comments

3reactions

JackD111commented, Jan 22, 2022

Got a response to my ticket regarding the usage of the protal.proxy:

Thank you for contacting Interactive Brokers.

It is not recommend to use the Client Portal REST API in a manner not described in the official documentation. As this method is not officially tested or documented we are unable to provide support with any issues you may experience. Please refer to the official documentation for Client Portal API here: https://interactivebrokers.github.io/cpwebapi/index.html

If you are experiencing issues getting started with the API, or have any other questions, please feel free to get in touch with us again at: https://ibkr.com//clientservices

Kind Regards,
XX
Clinet Services - Technical Assistance Center, API

Sounds to me like the they are fine with it but won’t help incase of issues since it’s not officially supported. Looks like I’ll continue developing my new library :>

2reactions

JackD111commented, Jan 17, 2022

I’ve also started working on an API wrapper but for .NET that can already do the headless auth and run some basic requests that I’ve thrown in together in the weekend.

I’ve opened a ticket with support and asked if it was allowed or against their ToS or anything. Will get back to you guys about this once I get an answer.

Hopefully they give a postive answer back since I’d really rather like to work indipendant of the IB gateway. I mean in the end they wouldn’t be able to distinigsh API requests from an actual browser request vs. code requests when sending the proper cookies/headers unless you run your trading bot in a data center like me and than compare the IP addresses to known data centers but I heavily doubt they’d go so far.