I am a big believer in the direction that many companies are going with their web services offerings. I love the concept that you can mashup little bits of code and have cool stuff happen like having your phone ring when you just make some bling.

This is a simple example beyond the stock ‘account info’ endpoint. If you are interested in having your phone ring off the hook, I suggest checking out Twillio for voice and sms communications. I have been using them for almost a year and they are pretty solid.

**** I need to put out a little disclaimer **** I originally tested TradeKing’s API a few months ago but the standard php example returned my password in plain text. While TradeKing did eventually get back to me about the problem (after a couple emails), I didn’t like the feeling. Why are the passwords not salted and hashed? Would my password be returned to a third party app?

But in the end, curiosity and the $50 fee that would be leveraged against my account prompted me to give the API one more shot. (TradeKing has a new policy specifying you need $2,500 kept in your account or 1 trade every 12 months to avoid a $50 fee.) I am hoping I can get them to approve my “TradeKing Fee Cutter App” that initiates a buy/sell at the last possible minute to pay $10 instead of $50.

Anyway on to the code – You need a developer account with them and you need to set up an app. I named my “Test driving the API” and downloaded the 4 keys I needed to get started.

TradeKing’s OG Sample

  // This is using the PHP OAuth extension.
  // http://www.php.net/manual/en/book.oauth.php

  // Your keys/secrets for access
  $consumer_key     = '0casdfsadfsadfzxcvasdvasvsadv2661';  //These are special for you
  $consumer_secret  = 'ff2513194ezxcvzxcvzxcvb66e8';
  $access_token     = '150a96573zxcvzxcvzxcvzxvce85497e6e';
  $access_secret    = '5c7sdfsdfsvsvsvsvsvvzxcv9e56';

  try {
    // Setup an OAuth consumer
    $oauth = new OAuth($consumer_key,$consumer_secret,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION);

    // Make a request to the API endpoint -This is where our call changes a little bit - we want to post FiXML to a different endpoint to preview the order
    //$oauth->fetch("https://api.tradeking.com/v1/member/profile.json");//old call from original sample code
//  Some FiXML (<a href="https://developers.tradeking.com/documentation/trading">https://developers.tradeking.com/documentation/trading</a>)
//  This says - I want to put in a limit order for the below account for symbol MPW and I am on the buying side
$message_body='<!--?xml version="1.0" encoding="UTF-8"?-->


/*We need need to post xml to the following endpoint (not post xml as a variable).  
 So we specify the string after the endpoint and then the method
array('Content-Type' =&gt; 'text/xml') is extra header information we are passing to the server so it knows how to treat the content
    $oauth-&gt;fetch("https://api.tradeking.com/v1/accounts/{youraccountnumber}/orders/preview.json",$message_body,OAUTH_HTTP_METHOD_POST,array('Content-Type' =&gt; 'text/xml'));

    // Handle the response
    $response_info = $oauth-&gt;getLastResponseInfo();
    // header("Content-Type: {$response_info["content_type"]}");
    echo $oauth-&gt;getLastResponse();

  } catch(OAuthException $E) {
    // Display any errors
    echo "Exception caught!\n";
    echo "Response: ". $E-&gt;lastResponse . "\n";

You should be able to evaluate the response and if all looks well, make the same call to: https://api.tradeking.com/v1/accounts/{youraccountnumber}/orders.json and your order has been placed. You are now an automated trader (sort of).

If you want to check on the status of your order, you get slip back to “GET” mode and request https://api.tradeking.com/v1/accounts/{youraccountnumber}/orders.json.



  1. Clint Rosenblatt -

    Hey… Trying to figure out how to post a trade with TradeKing and noticed your blog. However, it appears that your browser omitted the XML for the actual trade. Was hoping that you could help me out.


  2. Alison -

    $message_body='<?xml version="1.0" encoding="UTF-8"?><FIXML xmlns="http://www.fixprotocol.org/FIXML-5-0-SP2">
     <Order TmInForce="0" Typ="2" Side="1" Px="10.15" Acct="{youraccountnumber}">      
     <Instrmt SecTyp="CS" Sym="MPW"/>     
     <OrdQty Qty="10"/>      

  3. Anders Pedersen -


    Thank you for the post. It got me sorted out … finally after looking at this for 2 nights … ( I’m a newb when it comes to oauth ).

    One thing I would like to add in case others have a the same issue. I kept getting a CA authentication failed. I think it is related to curl in some way, but was able to circumvent using:


    Thanks again


Leave a Reply