Skip to main content

Prerequisites

Before you begin, make sure you have:
  • An active Aries account
  • A terminal and your preferred language runtime (Node.js 18+, Python 3.8+, or any HTTP client for cURL)
If you are new to APIs, you can still follow this page. The steps appear in the order you need to complete them. First, you create an API app in Aries. Next, you send the user to Aries so they can sign in and approve access. Then you receive a code, exchange it for tokens, and use the access token to call Aries endpoints.

Step 1: Register your app

Before your app can talk to Aries, you need to register it. This lets Aries know which app is making the request and what permissions that app will ask for. When you complete this step, Aries gives you two credentials:
  • Client ID - A public identifier for your app
  • Client Secret - A private secret that proves the request is coming from your app
You will use both of these values in later steps.
  1. Log in to Aries and open Client Center. Then go to the API tab.
  2. Click Generate Key.
  3. Fill in the fields:
    • Client Name - A descriptive name for your app, such as My Trading App
    • Redirect URIs - The URL Aries sends the user back to after they approve access, such as https://yourapp.com/oauth/callback
    • Scopes - The permissions your app needs, such as account access, market data access, and order permissions
  4. Click Generate API key.
What each field means:
  • Client Name helps you recognize the app later in Aries.
  • Redirect URIs tells Aries where to return the user after sign-in and approval. The value must exactly match the redirect URI you register in Client Center.
  • Scopes tell Aries what data or actions your app wants permission to access.
For the examples on this page, use these accepted scopes:
  • user:information - View user profile and personal details
  • account:information - View account balances, positions, and account history
  • order:execution - Place, modify, and cancel orders
  • order:information - View order history and order status
  • position:information - View current positions and holdings
  • market:information - Access live and historical market data
  • calendar:information - Access earnings, economic, and market schedule data
  • options:information - Access options chains, Greeks, and expiration data
  • analytics:information - View ratings, analytics, and market insights
  • market:supplemental - Access news, company profiles, financials, filings, ETF data, and technical analysis
If your app does not need all of these permissions, request only the scopes you actually use. You can also review the full scope explanations in the OAuth2 guide. Once the API key is generated, you will see your Client ID and Client Secret.
The client_secret is shown only once. Copy it immediately and store it in an environment variable or secrets manager. If you lose it, you’ll need to regenerate it.

Step 2: Request access for your app

In this step, you send the user to Aries so they can sign in and approve your app. This is how the user gives your app permission to access their Aries data. Aries does not give you an access token yet. First, Aries asks the user to sign in and confirm that they want to allow your app to use the requested scopes. After the user approves, Aries sends them back to your app with a temporary authorization code. You will use that code in Step 3 to request tokens from the token endpoint. The authorization URL looks like this: 
https://app.aries.com/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&scope=user:information account:information order:execution order:information position:information market:information calendar:information options:information analytics:information market:supplemental&state=RANDOM_STRING
Replace YOUR_CLIENT_ID, YOUR_REDIRECT_URI, and scope in the URL above with your real values from Step 1. What these values mean:
  • YOUR_CLIENT_ID - The client ID Aries gave you when you created the app
  • YOUR_REDIRECT_URI - The same callback URL you registered in Aries
  • scope - The permissions your app is requesting
  • state - A random value your app generates to help protect the sign-in flow
In most apps, you build this URL in code and then redirect the user to it automatically. If you want more detail about this step, see the OAuth2 guide or the Authorization Code flow guide. 
const crypto = require('crypto');

const state = crypto.randomBytes(32).toString('hex');

const params = new URLSearchParams({
  response_type: 'code',
  client_id: 'YOUR_CLIENT_ID',
  redirect_uri: 'YOUR_REDIRECT_URI',
  scope: 'user:information account:information order:execution order:information position:information market:information calendar:information options:information analytics:information market:supplemental',
  state: state,
});

const authUrl = `https://app.aries.com/oauth2/authorize?${params}`;

// res.redirect(authUrl);
console.log('Authorization URL:', authUrl);
After the user approves, Aries redirects them back to your app with a code in the URL: 
https://yourapp.com/oauth/callback?code=AUTHORIZATION_CODE&state=RANDOM_STRING
What this means:
  • code - A short-lived authorization code that you exchange for tokens in Step 3
  • state - The same random value you sent earlier; your app should verify that it matches
If the state value does not match, do not continue. Stop the sign-in flow and start again.

Step 3: Get your access token

Now exchange the authorization code from Step 2 for tokens. The most important token is the access token. You send this token with every protected API request. Aries uses it to confirm that your app is allowed to act on behalf of the signed-in user. You also receive a refresh token. When the access token expires, the refresh token lets you request a new access token without asking the user to sign in again. In simple terms:
  • Step 2 gives you a temporary code
  • Step 3 turns that code into usable tokens
async function exchangeCodeForToken(authCode) {
  const response = await fetch('https://api.aries.com/v1/oauth2/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      client_id: 'YOUR_CLIENT_ID',
      client_secret: 'YOUR_CLIENT_SECRET',
      grant_type: 'code',
      code: authCode,
      redirect_uri: 'YOUR_REDIRECT_URI',
    }),
  });

  if (!response.ok) throw new Error(`Token exchange failed: ${response.status}`);

  return await response.json();
}

const tokens = await exchangeCodeForToken('AUTHORIZATION_CODE');
console.log(tokens);
The response contains your tokens: 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...", // Use this for API requests
  "token_type": "Bearer",
  "expires_in": 3600,                                          // Seconds until expiry (1 hour)
  "refresh_token": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0...", // Use to get a new access_token
  "scope": "user:information account:information order:execution order:information position:information market:information calendar:information options:information analytics:information market:supplemental" // Granted scopes
}
What each field means:
  • access_token - Send this token with your API requests
  • token_type - Usually Bearer
  • expires_in - How long the access token remains valid
  • refresh_token - Use this later to get a new access token
  • scope - The permissions that were granted
Store the access_token, refresh_token, and expiry time in a secure place. You will need the access token for the next steps. -> Full reference: OAuth2 Token

Step 4: Fetch the user’s accounts

Now that you have an access token, you can make your first authenticated API call. This step fetches the user’s linked brokerage accounts. If your app will place trades, this step is important because you need the trading_account_id from the response. You can think of this step as: “Show me which accounts this signed-in user can use.” 
async function getMyAccounts(accessToken) {
  const response = await fetch('https://api.aries.com/v2/users/me/accounts', {
    headers: { 'Authorization': `Bearer ${accessToken}` },
  });

  if (!response.ok) throw new Error(`Request failed: ${response.status}`);

  return await response.json();
}

const accounts = await getMyAccounts(tokens.access_token);
console.log(accounts);
Sample response: 
{
  "accounts": [
    {
      "trading_account_id": "SIM6B86XEYOC",
      "broker_account_id": "",
      "status": "OPEN",
      "is_sim": true,
      "account_type": "",
      "account_class": ""
    },
    {
      "trading_account_id": "3AF05000",
      "broker_account_id": "3AF05000",
      "status": "OPEN",
      "is_sim": false,
      "account_type": "INDIVIDUAL",
      "account_class": "MARGIN"
    }
  ]
}
In the response, look for:
  • trading_account_id - The account ID you use in trading requests
  • status - Whether the account is open
  • is_sim - Whether the account is simulated or real
If you want to place an order later, save the correct trading_account_id from this response. -> Full reference: User Accounts

Step 5: Search for a stock

Before you can request market data or place an order, you need the correct symbol for the stock or asset you want to use. This step lets you search by company name or ticker symbol. In the example below, the search uses AAPL. You will use the returned symbol in the next two steps. 
const response = await fetch('https://api.aries.com/v1/marketdata/search?query=AAPL&limit=5', {
  headers: { 'Authorization': `Bearer ${tokens.access_token}` },
});

const results = await response.json();
console.log(results);
Sample response: 
[
  {
    "symbol": "AAPL",
    "description": "Apple Inc.",
    "tag": "XNAS",
    "type": "stock"
  }
]
In the response, check:
  • symbol - The ticker you will use in later requests
  • description - The company or asset name
  • type - The asset category, such as stock
Use the symbol value from the response in the quote and order steps that follow. -> Full reference: Search Symbols

Step 6: Get a live quote

Now use the symbol to fetch current market data. This step helps you see the latest available price information before placing an order. For example, you may want to review the last traded price, the current bid and ask, or the price change before deciding what order price to send. 
const response = await fetch('https://api.aries.com/v1/chart/quotes?symbols=AAPL', {
  headers: { 'Authorization': `Bearer ${tokens.access_token}` },
});

const quotes = await response.json();
console.log(quotes);
Sample response: 
{
  "d": [
    {
      "n": "Apple INC",
      "s": "AAPL",
      "v": {
        "ask": 130.92,
        "bid": 130.88,
        "ch": 2.15,
        "chp": 1.67,
        "description": "Apple Inc. Common Stock",
        "exchange": "NASDAQ",
        "high_price": 131.25,
        "low_price": 129.3,
        "lp": 130.89,
        "open_price": 129.5,
        "prev_close_price": 128.74,
        "short_name": "Apple Inc.",
        "volume": 45678900
      }
    }
  ],
  "s": "ok"
}
Useful fields in the response:
  • d - The list of quote results
  • s - The overall response status
  • n - The instrument name
  • s inside each quote item - The symbol
  • v.lp - The latest traded price
  • v.bid - The highest current buy price
  • v.ask - The lowest current sell price
  • v.ch and v.chp - The price change and percent change
  • v.volume - The current trading volume
This information helps you decide whether to place an order and what price to use. -> Full reference: Quotes

Step 7: Place an order

You now have everything needed to place an order:
  • A valid access token from Step 3
  • A trading_account_id from Step 4
  • A symbol from Step 5
In this example, the request places a limit buy order for 1 share of AAPL. What the main fields mean:
  • side: BUY - You want to buy the stock
  • qty: "1" - You want to buy 1 share
  • type: LIMIT - You only want to buy at your limit price or a better price
  • price: "189.00" - The highest price you are willing to pay
  • timeInForce: DAY - The order stays active for the trading day unless it fills or is canceled
const response = await fetch('https://api.aries.com/v1/orders', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${tokens.access_token}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    tradingAccountId: '3AF05000',
    symbol: 'AAPL',
    side: 'BUY',
    type: 'LIMIT',
    qty: '1',
    price: '189.00',
    timeInForce: 'DAY',
  }),
});

const order = await response.json();
console.log(order);
Sample response: 
{
  "success": true,
  "clOrdId": "ORDER-20260115-001",
  "status": "NEW",
  "symbol": "AAPL",
  "side": "BUY",
  "qty": "1",
  "cumQty": "0",
  "leavesQty": "1",
  "avgPrice": "0",
  "text": "Order accepted",
  "ordRejReason": "",
  "transactTime": "2026-01-15T14:30:05Z"
}
After the request is accepted, Aries returns the order details. In this response:
  • success shows whether Aries accepted the order request
  • clOrdId is the client order ID
  • status shows the current order state
  • qty is the original order quantity
  • cumQty is the quantity already filled
  • leavesQty is the quantity still open
  • avgPrice is the average filled price so far
  • text contains a short status message
-> Full reference: Place Order

Next steps

OAuth2 Guide

Authorization Code and PKCE flows, scopes, security, and troubleshooting.

Accounts & Balances

Fetch account balances, positions, and order history.

Orders

Place, preview, update, and cancel orders.

Market Data

Search symbols, get quotes, and stream real-time market data.