Stocktwits uses OAuth 2.0 for authentication and authorization. OAuth 2.0 is a popular open standard used by many API providers. OAuth 2.0 allows users to authorize your application without sharing their username and password. Learn more about OAuth
The Stocktwits API allows you to get permission from a Stocktwits user to access user data on their behalf. By default, your application can only access the user's public data. If your application needs to read more private data or change associated data, your application can request a larger permission scope through the authorization flow.
https://api.stocktwits.com/api/2/oauth/authorize
with your client_id, response_type set to 'code' and the URL the user should be redirected back to after the authorization process (redirect_uri). Scopes can also be passed (scope) in a comma-delimited list to request further permissions.
View the authorize call.
Enter the following URL into your browser or direct your users to it for authentication:
https://api.stocktwits.com/api/2/oauth/authorize?client_id=<client_id>&response_type=code&redirect_uri=http://www.example.com&scope=read,watch_lists,publish_messages,publish_watch_lists,direct_messages,follow_users,follow_stocks
http://www.example.com/?code=<code>
https://api.stocktwits.com/api/2/oauth/token
with the code, client_id, client_secret, and redirect_uri.
View the token call
https://api.stocktwits.com/api/2/oauth/token?client_id=<client id>&client_secret=<client secret>&code=<code>&grant_type=authorization_code&redirect_uri=http://www.example.com
{ "user_id": 1, "access_token": "<access_token>", "scope": "read", "username": "userabc" }
https://api.stocktwits.com/api/2/oauth/authorize
with your client_id, response_type set to 'token' and the URL the user should be redirected back to after the authorization process (redirect_uri). Scopes can also be passed (scope) in a comma-delimited list to request further permissions.
View the authorize call
https://api.stocktwits.com/api/2/oauth/authorize?client_id=<client_id>&response_type=token&redirect_uri=http://www.example.com&scope=read,watch_lists,publish_messages,publish_watch_lists,follow_users,follow_stocks
http://www.example.com#access_token=<access_token>
The Stocktwits API supports two methods of accessing protected resources. All requests must be SSL.
curl https://api.stocktwits.com/api/2/streams/trending.json?access_token=<access_token>
curl -H 'Authorization: OAuth <access_token>' https://api.stocktwits.com/api/2/streams/trending.json
This will depend on the OAuth flow you choose and will be the type of response you will want to receive back.
Code | Authentication for Websites & Mobile Web apps using a Server |
Token | Authentication for Websites & Mobile Web apps using Javascript |
By default, when authorizing your application, a user only grants your app access to their basic public information. If you want to read additional data or write data to Stocktwits, you need to request additional permissions.
How does this look to a user and what are the permissions?
read | Default, allows to read user, symbol and authenticated streams, read social graph of people and stocks |
watch_lists | Read a users watch lists |
publish_watch_lists | Publish to a users watch lists |
publish_messages | Publish messages for a user |
direct_messages | Read a users direct messages |
follow_users | Follow other users |
follow_stocks | Follow stocks |
authorization_code | All new users to your application would need this grant type |
refresh_token | If your scopes have changed or you need to refresh the users token use this grant type |