Add support for broker authentication (#303)

alpacahq · Sep 20, 2024 · e486d60 · e486d60
1 parent 48cd6c3
commit e486d60
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,3 @@
-
 # alpaca-trade-api-go
 
 [![GitHub Status](https://github.com/alpacahq/alpaca-trade-api-go/actions/workflows/go.yml/badge.svg)](https://github.com/alpacahq/alpaca-trade-api-go/actions/workflows/go.yml)
@@ -105,6 +104,20 @@ export APCA_API_KEY_ID=xxxxx
 export APCA_API_SECRET_KEY=yyyyy
 ```
 
+### Broker auth
+
+You use your Broker API key and secret for authentication.
+However, for this to work make sure you're using the appropriate base URL
+(for more details check the next section)!
+
+```go
+client := marketdata.NewClient(marketdata.ClientOpts{
+	BrokerKey:    "CK...",                               // Sandbox broker key
+	BrokerSecret: "<your secret>",                       // Sandbox broker secret
+	BaseURL:      "https://data.sandbox.alpaca.markets", // Sandbox url
+})
+```
+
 ## Endpoint
 
 For paper trading, set the environment variable `APCA_API_BASE_URL` or set the
@@ -114,6 +127,15 @@ For paper trading, set the environment variable `APCA_API_BASE_URL` or set the
 export APCA_API_BASE_URL=https://paper-api.alpaca.markets
 ```
 
+### Broker API
+
+For broker partners, set the base URL to
+
+- `broker-api.alpaca.markets` for production
+- `broker-api.sandbox.alpaca.markets` for sandbox
+- `data.alpaca.markets` for production marketdata
+- `data.sandbox.alpaca.markets` for sandbox marketdata
+
 ## Documentation
 
 For a more in-depth look at the SDK, see the [package documentation](https://pkg.go.dev/github.com/alpacahq/alpaca-trade-api-go/v3).
diff --git a/alpaca/rest.go b/alpaca/rest.go
@@ -19,12 +19,14 @@ import (
 
 // ClientOpts contains options for the alpaca client
 type ClientOpts struct {
-	APIKey     string
-	APISecret  string
-	OAuth      string
-	BaseURL    string
-	RetryLimit int
-	RetryDelay time.Duration
+	APIKey       string
+	APISecret    string
+	BrokerKey    string
+	BrokerSecret string
+	OAuth        string
+	BaseURL      string
+	RetryLimit   int
+	RetryDelay   time.Duration
 	// HTTPClient to be used for each http request.
 	HTTPClient *http.Client
 }
@@ -85,9 +87,12 @@ const (
 func defaultDo(c *Client, req *http.Request) (*http.Response, error) {
 	req.Header.Set("User-Agent", Version())
 
-	if c.opts.OAuth != "" {
+	switch {
+	case c.opts.OAuth != "":
 		req.Header.Set("Authorization", "Bearer "+c.opts.OAuth)
-	} else {
+	case c.opts.BrokerKey != "":
+		req.SetBasicAuth(c.opts.BrokerKey, c.opts.BrokerSecret)
+	default:
 		req.Header.Set("APCA-API-KEY-ID", c.opts.APIKey)
 		req.Header.Set("APCA-API-SECRET-KEY", c.opts.APISecret)
 	}

diff --git a/alpaca/rest_test.go b/alpaca/rest_test.go
@@ -2,6 +2,7 @@ package alpaca
 
 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -41,6 +42,34 @@ func TestDefaultDo(t *testing.T) {
 	assert.Equal(t, "test body", string(b))
 }
 
+func TestDefaultDo_BrokerAuth(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		authHeader := r.Header.Get("Authorization")
+		if assert.NotEmpty(t, authHeader) && assert.True(t, strings.HasPrefix(authHeader, "Basic "), "%s is not basic auth", authHeader) {
+			key := authHeader[len("Basic "):]
+			b, err := base64.URLEncoding.DecodeString(key)
+			if assert.NoError(t, err) {
+				parts := strings.Split(string(b), ":")
+				assert.Equal(t, "broker_key", parts[0])
+				assert.Equal(t, "broker_secret", parts[1])
+			}
+		}
+		fmt.Fprint(w, "test body")
+	}))
+	c := NewClient(ClientOpts{
+		BrokerKey:    "broker_key",
+		BrokerSecret: "broker_secret",
+		BaseURL:      ts.URL,
+	})
+	req, err := http.NewRequest("GET", ts.URL+"/custompath", nil)
+	require.NoError(t, err)
+	resp, err := defaultDo(c, req)
+	require.NoError(t, err)
+	b, err := io.ReadAll(resp.Body)
+	require.NoError(t, err)
+	assert.Equal(t, "test body", string(b))
+}
+
 func TestDefaultDo_SuccessfulRetries(t *testing.T) {
 	i := 0
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {

diff --git a/marketdata/rest.go b/marketdata/rest.go
@@ -23,12 +23,14 @@ import (
 // Currently it contains the exact same options as the trading alpaca client,
 // but there is no guarantee that this will remain the case.
 type ClientOpts struct {
-	APIKey     string
-	APISecret  string
-	OAuth      string
-	BaseURL    string
-	RetryLimit int
-	RetryDelay time.Duration
+	APIKey       string
+	APISecret    string
+	BrokerKey    string
+	BrokerSecret string
+	OAuth        string
+	BaseURL      string
+	RetryLimit   int
+	RetryDelay   time.Duration
 	// Feed is the default feed to be used by all requests. Can be overridden per request.
 	Feed Feed
 	// CryptoFeed is the default crypto feed to be used by all requests. Can be overridden per request.
@@ -97,9 +99,12 @@ func defaultDo(c *Client, req *http.Request) (*http.Response, error) {
 		req.Host = c.opts.RequestHost
 	}
 
-	if c.opts.OAuth != "" {
+	switch {
+	case c.opts.OAuth != "":
 		req.Header.Set("Authorization", "Bearer "+c.opts.OAuth)
-	} else {
+	case c.opts.BrokerKey != "":
+		req.SetBasicAuth(c.opts.BrokerKey, c.opts.BrokerSecret)
+	default:
 		req.Header.Set("APCA-API-KEY-ID", c.opts.APIKey)
 		req.Header.Set("APCA-API-SECRET-KEY", c.opts.APISecret)
 	}