Authentication

All Partner API requests require JWT (JSON Web Token) authentication. This guide explains how to generate and use authentication tokens.

JWT Token Structure

Your JWT token must include:

  • clientId - Your unique partner client identifier
  • iat - Issued at timestamp (current Unix time)
  • exp - Expiration timestamp (typically 15 minutes from now)

Generating JWT Tokens

Node.js Example

const jwt = require("jsonwebtoken");

function generateToken(clientId, apiKey) {
  const now = Math.floor(Date.now() / 1000);
  const payload = {
    clientId: clientId,
    iat: now,
    exp: now + 900, // 15 minutes expiration
  };

  return jwt.sign(payload, apiKey);
}

// Usage
const token = generateToken("your-client-id", "your-api-key");
console.log("JWT Token:", token);

Python Example

import jwt
import time

def generate_token(client_id, api_key):
    now = int(time.time())
    payload = {
        "clientId": client_id,
        "iat": now,
        "exp": now + 900  # 15 minutes expiration
    }
    return jwt.encode(payload, api_key, algorithm="HS256")

# Usage
token = generate_token("your-client-id", "your-api-key")
print("JWT Token:", token)

cURL Example

# First, generate the token using your preferred method
# Then use it in requests:

curl -X GET https://api.pitrade.com/partner/portfolio \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

Using Tokens in Requests

Include your JWT token in the Authorization header of every API request:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Complete Request Example

const axios = require("axios");
const jwt = require("jsonwebtoken");

const clientId = "your-client-id";
const apiKey = "your-api-key";

// Generate token
const token = jwt.sign(
  {
    clientId: clientId,
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + 900,
  },
  apiKey,
);

// Make authenticated request
const response = await axios.get("https://api.pitrade.com/partner/portfolio", {
  headers: {
    Authorization: `Bearer ${token}`,
    "Content-Type": "application/json",
  },
});

console.log(response.data);

Token Expiration

Tokens expire after 15 minutes(Self defined). When a token expires:

  • The API will return a 401 Unauthorized response
  • You must generate a new token
  • Implement token refresh logic in your application

Handling Token Expiration

async function makeAuthenticatedRequest(url, method = "GET", data = null) {
  let token = generateToken(clientId, apiKey);

  try {
    const config = {
      method,
      url,
      headers: {
        Authorization: `Bearer ${token}`,
        "Content-Type": "application/json",
      },
    };

    if (data) config.data = data;

    return await axios(config);
  } catch (error) {
    if (error.response?.status === 401) {
      // Token expired, generate new one and retry
      token = generateToken(clientId, apiKey);
      const config = {
        method,
        url,
        headers: {
          Authorization: `Bearer ${token}`,
          "Content-Type": "application/json",
        },
      };
      if (data) config.data = data;
      return await axios(config);
    }
    throw error;
  }
}

Security Best Practices

  1. Never expose your apiKey - Keep it secure and never commit to version control
  2. Use environment variables - Store credentials in environment variables
  3. Rotate credentials regularly - Change your apiKey periodically
  4. Use HTTPS only - Always use HTTPS for API requests

Troubleshooting

"Invalid Token" Error

  • Verify your clientId matches your credentials
  • Check that your apiKey is correct
  • Ensure the token hasn't expired
  • Verify the token is properly formatted in the Authorization header

"Token Expired" Error

  • Generate a new token
  • Implement automatic token refresh in your application
  • Check your server's time synchronization

"Unauthorized" Response

  • Confirm your credentials are correct
  • Verify the Authorization header is properly formatted
  • Check that you're using the correct environment URL

Was this page helpful?

PiTrade

PiTrade gives investors in over 190 countries access to the U.S. stock market through real, transparent portfolios you can build yourself or invest in Strategizer Portfolios. As an SEC-registered investment adviser, powered by Interactive Brokers, PiTrade makes investing more transparent and accessible.

This content is provided for informational purposes only and is not intended as and may not be relied on in any manner as investment advice, a recommendation of any interest in any security offered herein. All investments involve risk, including the possible loss of principal. Past performance does not guarantee future results, and investors should consider their own investment goals, risk tolerance, and financial situation before investing. The information contained herein is subject to change.

The platform "PiTrade" is operated by Pioneer Advisory LLC, a subsidiary of Pioneer Investing Inc. which holds ownership rights related hereto.

Advisory services are provided by Pioneer Advisory LLC, an SEC-registered investment adviser.

Brokerage and clearing services are provided by Interactive Brokers LLC, a SEC-registered broker-dealer, member FINRA/SIPC, to retail customers for US-listed, registered securities and ETFs on a self-directed basis.

The registrations and memberships above in no way imply that the SEC, FINRA, or SIPC has endorsed the entities, products or services discussed herein.

Interactive Brokers LLC is a registered Broker-Dealer, Futures Commission Merchant and Forex Dealer Member, regulated by the U.S. Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC) and the National Futures Association (NFA), and is a member of the Financial Industry Regulatory Authority (FINRA) and several other self-regulatory organizations. Interactive Brokers does not endorse or recommend any introducing brokers, third-party financial advisors or hedge funds, including Pioneer Advisory LLC. Interactive Brokers provides execution and clearing services to customers. None of the information contained herein constitutes a recommendation, offer, or solicitation of an offer by Interactive Brokers to buy, sell or hold any security, financial product or instrument or to engage in any specific investment strategy. Interactive Brokers makes no representation, and assumes no liability to the accuracy or completeness of the information provided on this website.

For more information regarding Interactive Brokers, please visit www.interactivebrokers.com

© 2026 Pioneer Investing Inc. All Rights Reserved.