Comments (14)
Thanks for the info. Looks like something changed with the API. I'll check it out this weekend and see if I can get a patch quickly.
from robinhood.
Edit: After directly trying the api_login() function with v1.6.2, I can login correctly, however, with the same mfa code in the Robinhood() function I get the tbl_vars error. No idea what that means but figured it might be helpful in diagnosing the issue. Thanks again for the great package!
I tried downgrading to 1.6.2 and using the api_login
function. It doesn't work for me. I can confirm your tbl_vars
error when going 1.6.2 route.
I upgraded back to 1.6.5 from Github and dug into the api_login function. What I did find is the following error by tracing the function to the line dta <- httr::POST(url)
. Calling the following yields a detailed error message:
> dta
$detail
[1] "This version of Robinhood is no longer supported. Please update your app or use Robinhood for Web to log in to your account."
I'm reaching the edge of my troubleshooting depth at this point. Maybe someone can pick it up from here?
from robinhood.
Same issue here as of this morning PT.
from robinhood.
Edit: After directly trying the api_login() function with v1.6.2, I can login correctly, however, with the same mfa code in the Robinhood() function I get the tbl_vars error. No idea what that means but figured it might be helpful in diagnosing the issue. Thanks again for the great package!
from robinhood.
All,
I found a temporary solution in the meantime but having trouble passing the MFA code into the payload. The following will work when the MFA is not required.
- We first need to modify the
api_login
function:
note: Not sure if the device_token
& al_pk
is unique to each user? Also not sure if all headers are required but those are the ones I found.
base_api_login = function (username, password, mfa_code)
{
RH <- list(api_grant_type = "password", api_client_id = "c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS")
PAYLOAD <- list(
al_pk= "7F867EDC-C71B-467F-B0A1-8DCBA5D4D2E3",
client_id= "c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS",
device_token= "a1c884f5-a03b-4255-9efb-b28ad0fc8dff",
expires_in= 86400,
grant_type= "password",
password= password,
scope= "internal",
username= username)
dta <- POST(url='https://api.robinhood.com/oauth2/token/',
httr::add_headers(`accept` = "*/*",
`accept-encoding` = 'gzip, deflate, br',
`accept-language` = 'en-US,en;q=0.9,es;q=0.8',
`content-length` = 285,
`content-type` = 'application/json',
`origin` = 'https://robinhood.com',
`referer` = 'https://robinhood.com/',
`sec-ch-ua` = '"Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"',
`sec-ch-ua-mobile` = '?0',
`sec-ch-ua-platform` = "macOS",
`sec-fetch-dest` = 'empty',
`sec-fetch-mode` = 'cors',
`sec-fetch-site` = 'same-site',
`user-agent` = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36',
`x-robinhood-api-version` = '1.431.4'
), body = toJSON(PAYLOAD, auto_unbox = TRUE), encode = "json")
RH$tokens.access_token = httr::content(dta)$access_token
RH$tokens.refresh_token = httr::content(dta)$refresh_token
return(RH)
}
- Next I modified the
RobinHood
function to add our modifiedapi_login
function:
base_RobinHood = function (username, password, mfa_code = NULL)
{
mfa_code <- ifelse(is.null(mfa_code), "000000", mfa_code)
RH <- base_api_login(username, password, mfa_code)
accounts <- api_accounts(RH)
url_account_id <- accounts$url
RH <- c(RH, url = list(account_id = url_account_id))
if (is.null(RH$tokens.access_token)) {
cat("Login not successful, check username and password.")
}
class(RH) <- "RobinHood"
return(RH)
}
- Login by passing in your username and password:
RH <- base_RobinHood(username,password)
from robinhood.
So far I have not been able to figure it out. I have been trying to mimic the same process as the web login which i can see with the debug tools in Firefox, which has worked in the past, but doing so now doesnt seem to change the error message. I have not tried turning MFA off yet.
I can confirm that my device_token is different, but the al_pk is a new parameter that has been added. Im not sure where the API version is coming from in the payload that is triggering the response. I wonder if maybe its the application_id. Ill admit that most of the login stuff I learned from looking at the other github robinhood packages and all of those static values i grabbed from other people looking through the JS.
Ill keep looking at it, and seeing if I can find references to this being an issue with the python equivalent package.
from robinhood.
All,
I found a temporary solution in the meantime but having trouble passing the MFA code into the payload. The following will work when the MFA is not required.
- We first need to modify the
api_login
function:note: Not sure if the
device_token
&al_pk
is unique to each user? Also not sure if all headers are required but those are the ones I found.base_api_login = function (username, password, mfa_code) { RH <- list(api_grant_type = "password", api_client_id = "c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS") PAYLOAD <- list( al_pk= "7F867EDC-C71B-467F-B0A1-8DCBA5D4D2E3", client_id= "c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS", device_token= "a1c884f5-a03b-4255-9efb-b28ad0fc8dff", expires_in= 86400, grant_type= "password", password= password, scope= "internal", username= username) dta <- POST(url='https://api.robinhood.com/oauth2/token/', httr::add_headers(`accept` = "*/*", `accept-encoding` = 'gzip, deflate, br', `accept-language` = 'en-US,en;q=0.9,es;q=0.8', `content-length` = 285, `content-type` = 'application/json', `origin` = 'https://robinhood.com', `referer` = 'https://robinhood.com/', `sec-ch-ua` = '"Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"', `sec-ch-ua-mobile` = '?0', `sec-ch-ua-platform` = "macOS", `sec-fetch-dest` = 'empty', `sec-fetch-mode` = 'cors', `sec-fetch-site` = 'same-site', `user-agent` = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36', `x-robinhood-api-version` = '1.431.4' ), body = toJSON(PAYLOAD, auto_unbox = TRUE), encode = "json") RH$tokens.access_token = httr::content(dta)$access_token RH$tokens.refresh_token = httr::content(dta)$refresh_token return(RH) }
- Next I modified the
RobinHood
function to add our modifiedapi_login
function:base_RobinHood = function (username, password, mfa_code = NULL) { mfa_code <- ifelse(is.null(mfa_code), "000000", mfa_code) RH <- base_api_login(username, password, mfa_code) accounts <- api_accounts(RH) url_account_id <- accounts$url RH <- c(RH, url = list(account_id = url_account_id)) if (is.null(RH$tokens.access_token)) { cat("Login not successful, check username and password.") } class(RH) <- "RobinHood" return(RH) }
- Login by passing in your username and password:
RH <- base_RobinHood(username,password)
FWIW, this didn't work for me. The client_id was the same for sure, but I couldn't verify whether al_pk or device_token were the same.
from robinhood.
So.. i have a partial workaround. I did confirm that if you login through the browser and use the debug tools to see your POST command, you can copy the token out of your browser and replace the value in your current RH object. Or you can just build one. You technically only need the access_token.
access_token <- "********"
RH <- list(tokens.access_token = access_token)
class(RH) <- "RobinHood"
I will keep messing with the login api. The al_key and al_token are puzzling me. I use postman to test and debug the apis. Im going to try copy all of the headers to make sure its not something there. Hopefully the above workaround keeps everyone going in the meantime. If someone needs more details of seeing their token in the browser tools I can post some screenshots of how to see it through firefox. Just let me know.
from robinhood.
Actually, i have figured it out... the format of the API has changed.. instead of passing most of the inputs as parameters, you now have to pass all of those credentials with the body. I was able to get this to work in Postman. I will replicate in R and git something out to test on the github version shortly.
al_key
and al_token
do not appear to be required. I think they are related to how the web login works. device_token
does look like a new variable that has been added. It looks like you can pass any uuid value and it will work fine. I will set up the function to pass a random one for each login (although I was able to use the same ID for multiple login attempts).
from robinhood.
Thanks for digging into this, @JestonBlu! Were you able to replicate in R yet?
from robinhood.
For what it's worth, the access token workaround worked for me for get_quote(), but for get_contracts() I am still getting the following error:
Error in RobinHood::api_contracts(RH, chain_symbol, type) :
Unauthorized (HTTP 401).
from robinhood.
Yeah, i am just finishing up a fix. In the end I had to rewrite the login in function. I have temporarily disabled not using an MFA. I also redesigned the RH object to have more transparency about what the API response is returning. I have a test script and all but 2 functions failed (those are related to ACH so ill look at that separate). Would appreciate some testing to see if anything else isnt working right.
from robinhood.
from robinhood.
Hi All - thanks for publishing this fix so promptly. However, I tried updating to the latest github version (1.6.7) but am still getting 400 Bad Request in my api_login function. I turned on MFA and tried entering the code as a string and as a numeric but neither seems to work.
Any ideas on what could still be causing the issue? Is there a way to look in the "dta" object for a 400 error "reason"?
from robinhood.
Related Issues (20)
- fractional shares and "sell all" HOT 2
- get_positions_options: Column `updated_at` doesn't exist HOT 4
- get_positions_options: Column `state` doesn't exist HOT 1
- Buy in dollars rather than shares? HOT 2
- feature request: trailing stop for stocks
- HTTP 400 error for get_tcierks(RH, add_fundamentals = T)
- argument "mfa_code" is missing, with no default HOT 3
- Cannot place order HOT 3
- MFA Requirement HOT 30
- HTTP 400 Bad Request on api_login
- Error in get_historicals_options HOT 4
- 404 on vignette getting started HOT 1
- logout() function is returning Internal server error 500 HOT 2
- Placing an order in extended hours
- Current Bugs
- Retirement Accounts
- Have you considered using MFA HOT 1
- Can't place orders HOT 2
- Error when I run get_positions() HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from robinhood.