Ways to finesse HTTP HeaderField constraints?

9 次查看(过去 30 天)
Hey folks,
Webwrite isn't meeting my needs for POSTing data to a RESTful web service, so I decided to go with the lower level matlab.net.http.RequestMessage functionality, which sometimes works, but setting the Header with my authorization token sometimes fails depending on the token I get.
URL = 'https://api.tdameritrade.com/v1/accounts/1234567890/orders';
r = matlab.net.http.RequestMessage;
r.Method = 'Post';
r.Header(1).Name = "Authorization";
r.Header(1).Value = "Bearer " + token; % Token is long and changes periodically. **Usually** Matlab throws error
The problem is in setting the Header, which requires a field Name called "Authorization" and the Value of "Bearer " + token. The "token" value is very lengthy, around 1,200 characters (example at bottom of this post) and I have to get a new one every 30min to keep accessing this service. Sometimes Matlab is okay and accepts the token, but most of the tokens are rejected when I try to set the value, giving me an error like the one below:
Screen Shot 2019-08-23 at 7.47.13 PM.png
The Matlab class HeaderField is clearly doing a validation routine on the Value and determining it is not valid.
Here's what I've tried:
  1. Remove space after "Bearer", or using "Bearer%20" or "Bearer+". Matlab accepts this, but then web server returns "unauthorized"
  2. I've noticed that if I take the first 1,144 characters in token then Matlab accepts (e.g. "Bearer " + token(1:1144), but of course the web server returns "unauthorized" since I'm not providing the full token
Any ideas for how to enter "Bearer " + token to avoid the above error?
Here's an example token (I changed one character just to be sure no one can use it):
token = "zgzMa4kOwPmVxbQ3tp0unIp4JIXv1Hzh7fzRs3JmQbTnPVFeXX7oF2pJH+3gL4KYEfXFIuiL7IKHOJRUdxe0HXnU0yN+Gn9cZUyU/eovZVyG4kVTqu47hyDnNkq0C1gShWhBtWcvI8uKjzHjGMJP8Ot2Gjhbw3/l6YfQe3q3PBQ+6wLsSV7gHBm406PukLdql7schTpvrqLi8h308G7OIVrTJB2oXgqfIVGGDYbQNuw6iGamxJUqOZ8Fv8PeRapG92iT8B1p1sW5LFq5Vpu6N2pFgkhoSilmW0aZ+aq03R9V8FYFsZ30/jrNqSxllf3WFELkVYlJlGNOvudzIzJwANcfcl4UzvDYpduN33lOarpIK3a17tRlsjIimtgiLhyxEYlUnVLiuwI5l1+9tkJ0HjC3asEL6kWj+ysW5gx36YWyb8tbhOz5I5wFkqGkcjZNJjUQ12Ou4+DVG/tCwhCHwJOR+x8imWbZqTcDwNRMKyQkn1CXSY463Ycxf3XE6boRBkK2OtAQ/m4Q276i26HhRGjuMFfDW1fzCrrXy23zERVAkAo9t100MQuG4LYrgoVi/JHHvlwCIoz+tGIgiaHeuLUSTR/PGs5RLwaXaMkRXixdeWNw5qOODbq9fsFHe0zBCweEkN8CK5Uxa3+FXv3OtlJUDZ8Pytum96pRkgDPvib1n2sDmtV0DgHc1q2zJqfitAcfS3lmIYPx7RcGBHJV/jn1Ojp6mcN9tu0C8S7u/Mk4gqV+dwkdLIICRGe3u2ASbsX6j16Nrbv+XHy9sxQRVh0eWpvLppM0ICBlSxrZ6qr/d6pYqn505fB6gICX0D+326pFZF/fgcyLnfGjCaHv9v5qMv0LTNooGYZ5BguM4IZGOCts4h+/zm3wGCchBczi3BWh/AXw+fNro1TOAkGDdzshZs6GyBoo52vziYR319E/pep9qDs0talrh1OJGnOOquBhnqY9ej2kzQdDtf3sBxQjSXn3JEIlAcszSCQbPDwwrr5sPDMWuhHsgbuU1+CIGOPEKiL0zi57fne5zTjAvMBov8/FWmCULZ+dEGRiBfdqK4OJMyZn8Kpcq+oN2JYSOBcE+c/6Y3XrOjW/8D1U+Hvb2sYhWk/f1hYh2AHDO2dwlbCoRtPipQ==212FD3x19z9sWBHDJACbC00B75E"
Note that I can set the header with webwrite and successfully use the RESTful service that way, but unfortunately the response when using webwrite is empty and I need the info that gets returned from the non-webwrite approach described above.
Thanks,
Paul S
  3 个评论
Paul Shoemaker
Paul Shoemaker 2024-2-12
I will admit to doing this level of exit condition checking locally on my PC. There are a few reasons for this:
  1. I have not discovered robust endpoints for making use of custom conditions and/or studies
  2. While there is always the chance of a local machine failure (e.g. power, internet, hardware, etc), my software sends me emails on a regular basis so I'll know if it's down if I don't receive communications from it, and none of my trades/trading is so crucial as to threaten my account in a meaningful way should things go offline for a couple hours. Most of my positions are held on the order of multiple days to several weeks.
Ken
Ken 2024-2-13
I suspected this.
The real advantage to robo-trading is entering a position on unexpected moves at all times of the day or night.
It seems necessary to engineer trades that have server exits that can be cancelled/changed by an endpoint preemption.
There are many shock moves . . . and this just might be the way to harvest them!
Happy trading!

请先登录,再进行评论。

采纳的回答

Paul Shoemaker
Paul Shoemaker 2019-8-24
Hey folks,
I think I may have fixed the issue. The trick seems to be creating a GenericHeader object, which does not validate supplied values. Then assign the GenericHeader field to the RequestMessage Header.
Here's how it looks:
URL = 'https://api.tdameritrade.com/v1/accounts/1234567890/orders';
r = matlab.net.http.RequestMessage;
r.Method = 'Post';
genericHeader = matlab.net.http.field.GenericField('Authorization',"Bearer " + token); % This bypasses Matlab value validation
r.Header = genericHeader; % Assign to RequestMessage. Fortunately, the RequestMessage class accepts generic header objects
r.Body(1).Data = order; % trade/order to POST
response = r.send(URL); % Works like a charm and output contains the info I need.
I hope this helps someone else out there.
Paul S
  24 个评论
Ken
Ken 2024-2-11
For now I have a push button for UPDATE ACCESS TOKEN and another for UPDATE REFRESH TOKEN. Later I'll put them in a timer job so I won't think about tokens ever again. I now can see account status, view prices, place orders, and cancel orders. My next challenge will be conditional orders, OTO orders, OCO orders . . .
Then it's onward and upward to robotic trading! My computer becomes the screen zombie instead of me!
Your help was pivotal to this effort. I am grateful for your help.
Paul Shoemaker
Paul Shoemaker 2024-2-12
Awesome! Really glad I could help. I've been using TDA API for about 10yrs now and have really enjoyed and made use of it in a major way for me. Hopefully, you have a similar experience.

请先登录,再进行评论。

更多回答(0 个)

类别

Help CenterFile Exchange 中查找有关 Call Web Services from MATLAB Using HTTP 的更多信息

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by