REST API Example Requests

Example 1.A: Logging in via POST /session v2

This involves sending to the /session service (via the POST operation) your IG login username (identifier) and password.

The request will need:

  • JSON content-type header
  • Accept headers
  • A valid API key
Request
Section Details
ActionPOST https://demo-api.ig.com/gateway/deal/session
HeaderContent-Type: application/json; charset=UTF-8
Accept: application/json; charset=UTF-8
VERSION: 2
X-IG-API-KEY: 5FA056D2706634F2B7C6FC66FE17517B
Body
{ "identifier": "A12345", "password": "112233" }

After logging in, an HTTP 200 response will be received containing various items of interest in the response header such as:

  • CST - the client session token
  • X-SECURITY-TOKEN - the active account session token

The CST and X-SECURITY-TOKEN tokens must be passed as header items to all subsequent API requests. Please note that these tokens are session tokens, and for security reasons will expire after a pre-configured amount of time (specified under My Account in our dealing platform).

Additionally, the response body contains the Lightstreamer address (https://adp.marketdatasystems.com:443 in this instance) required for all streaming connections. For more details on other response fields please refer to our API reference.

Response
Section Details
HeaderHTTP status: 200 OK
Content-Type: application/json; charset=UTF-8
CST: 09be4e828f577465694ae81d9a497d1970410f9cdd602ab05d2336cd26cab9a4
X-SECURITY-TOKEN: fa0f2b1f1a610bfe5af721d3648d04943234a8f67403bd7c67f42fe3e53b31ca
Body
{ "accountType": "CFD", "accountInfo": { "balance": 2329658.5, "deposit": 5596.8, "profitLoss": -130.16, "available": 2323931.5 }, "currencyIsoCode": "GBP", "currentAccountId": "A12345", "lightstreamerEndpoint": "https://demo-apd.marketdatasystems.com", "accounts": [{ "accountId": "A12345", "accountName": "CFD", "preferred": true, "accountType": "CFD" }], "clientId": "100017136" }

Example 1.B: Logging in via POST /session v3 (OAuth)

This request is similar to 1.A but the response body, rather than returning CST and X-SECURITY-TOKEN headers, contains
{ "clientId": "101792548", "accountId": "PYZFT", "timezoneOffset": 1, "lightstreamerEndpoint": "https://demo-apd.marketdatasystems.com", "oauthToken": { "access_token": "702f6580-25c7-4c04-931d-6000efa824f8", "refresh_token": "a9cec2d7-fd01-4d16-a2dd-7427ef6a471d", "scope": "profile", "token_type": "Bearer", "expires_in": "60" } }
where
  • access_token - the bearer token to be passed on subsequent API requests
  • refresh_token - the refresh token used to request a new access token
  • expires_in - the access token expiry time in seconds
Note this request requires a VERSION : 3 header.
A new access token can be requested by calling the POST /session/refresh-token endpoint GET /session returns session details such as the details about the current account or the Lightstreamer URL. If specified it also returns CST and X-SECURITY-TOKEN headers which can be used to connect to the Streaming API.

Example 2: List watchlists

The example below shows the process for obtaining (via the GET operation) a list of watchlists from the /watchlists service.

The request will need:

  • Standard JSON content-type and accept headers
  • A valid API key
  • Either a valid pair of CST and X-SECURITY-TOKEN headers or a pair of Authorization and IG-ACCOUNT-ID headers
Request
Section Details
ActionGET https://demo-api.ig.com/gateway/deal/watchlists
HeaderContent-Type:application/json; charset=UTF-8
Accept: application/json; charset=UTF-8
X-IG-API-KEY: 5FA056D2706634F2B7C6FC66FE17517B
CST: 09be4e828f577465694ae81d9a497d1970410f9cdd602ab05d2336cd26cab9a4
or
Authorization : Bearer 702f6580-25c7-4c04-931d-6000efa824f8
X-SECURITY-TOKEN: fa0f2b1f1a610bfe5af721d3648d04943234a8f67403bd7c67f42fe3e53b31ca
or
IG-ACCOUNT-ID : PYZFT
BodyThe request body is not applicable for GET requests

If successful, an HTTP 200 response will be received, with the response containing a collection of watchlists.

Response
Section Details
HeaderHTTP status: 200 OK
Content-Type: application/json; charset=UTF-8
CST: 09be4e828f577465694ae81d9a497d1970410f9cdd602ab05d2336cd26cab9a4
X-SECURITY_TOKEN: fa0f2b1f1a610bfe5af721d3648d04943234a8f67403bd7c67f42fe3e53b31ca
Body
[ { "name": "Popular Markets", "id": "Popular Markets", "editable": false, "deleteable": false, "modifiedDate": null, "defaultSystemWatchlist": true }, { "name": "My Watchlist", "id": "3095777", "editable": true, "deleteable": false, "modifiedDate": null, "defaultSystemWatchlist": false } ]

Uncaught exception thrown in shutdown function.

PDOException: SQLSTATE[25006]: Read only sql transaction: 7 ERROR: cannot execute DELETE in a read-only transaction: DELETE FROM {semaphore} WHERE (value = :db_condition_placeholder_0) ; Array ( [:db_condition_placeholder_0] => 1665581256610b4079a6c691.88623087 ) in lock_release_all() (line 269 of /var/ig/webcontent/drupal/includes/lock.inc).