Jump to content
  • 0

REST API OAuth token refresh routine became unstable




I'm working with IG's OAuth authentication process to keep an authenticated session in my REST API client. As IG's OAuth access token expires every 60 seconds, I refresh the access token with the provided refresh token every 55 seconds to keep a valid access token at all times (having a look at network traffic in IG's REST API companion, it looks like it's done exactly the same way there).

However, recently the POST /session/refresh-token v1 interface became very unstable, often throwing error.security.invalid-details or error.security.authentication.timeout. As I use an exponential backoff retry mechanism behind the requests, the requests sometimes works after 3 or 4 retries (after 10ms to 100ms delay before I trigger the next retry). However, sometimes the requests don't succeed at all and I'm forced to create a new session with the POST /session v3 interface (which has worked as a last resort for now).

Even if I have recovery mechanisms in place to ensure a valid access token, it's a bit odd that POST /session/refresh-token v1 fails this often recently. Session management is the most basic layer of an API and it shouldn't be this unstable.

I should mention that I run two distinct processes which maintain their own authenticated sessions. But even with two sessions I'm doing 2 non-trading requests per 55 seconds which is well within IG's REST API quotas.

It looks like the POST /session/refresh-token v1 interface might be overloaded on IG's side for some reason recently. If this is the case it might be helpful that I call attention to this issue here. If this isn't caused by an overload on IG's side I would appreciate some feedback what I should do different (which would ultimately imply that it is not done in the very correct way in IG's REST API companion as well).

I would appreciate if there is some feedback regarding this issue!

Best regards,


Link to comment

1 answer to this question

Recommended Posts

  • 0

After a week this issue seems to be resolved for now, session refreshes are not failing frequently anymore. Seems like the cause of this issue was in IG's backend but got resolved. From the outside I would guess that the backend was overloaded somehow or that there was some internal server logic error. I will revive this thread again if the issue comes back.

This shows: if you are planning to use an API for automated trading, make sure to try to automatically resolve basic issues with ALL tools available to prevent the trading operation from failing. Fortunately, I had/have the mechanisms in place to handle most quirks of IG's API to literally force the API to function. Otherwise my trading operation would probably have been unusable during the last week.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...