search

Voyz / ibeam

IBeam is an authentication and maintenance tool used for the Interactive Brokers Client Portal Web API Gateway.
Apache License 2.0
580 stars 115 forks source link

Has anyone tried using a secondary user account? #137

Closed bfoz closed 1 year ago

bfoz commented 1 year ago

Sorry for abusing an issue to ask a question; it looks like discussions aren't enabled on this project.

I was looking at the client portal API documentation (trying to figure out how to get a list of cash transactions) and saw a section titled "Multiple usernames" that I hadn't noticed before:

Clients wishing to use multiple IBKR products at the same time (TWS, IBKR Mobile or Client Portal) can do so by creating a new username that can then be used to log into other services while using the Client Portal API. To create a second username please see the following IBKR Knowledege Base article.

That looks like it gets around the problem with using the API and the website at the same time...which sounds too good to be true. Has anyone tried this? Does it work with ibeam? What's the catch?

Voyz commented 1 year ago

Hey @bfoz, all good, the repo is still pretty small so keeping things consolidated to Issues only 😊

I haven't used the secondary user myself, but I've seen others do so successfully. Indeed, that would allow using the API and the website at the same time. There doesn't seem to be any catch.

I'd suggest you go ahead and try it out - and do let us know here how did it go in case others would wonder the same thing in the future.

bfoz commented 1 year ago

The signup process is a little odd, and the KB article is a bit out of date with respect to the website.

The "Manage Account" item in the User menu (upper right corner) that it mentions is now called "Settings". The "Users & Access Rights" panel is no longer on the Settings page, but you can find a similarly named link at the very bottom-left of the screen. The resulting page doesn't have a "Configure (gear) icon". It does have the expected plus sign in the "Users" header that gets the job done.

From there you get a standard username and password dialog with the list of requirements for both (nothing that the Safari password generator couldn't handle). After that, the process is on rails and you'll have to click through a lot of boilerplate.

At the end they email you a confirmation code without telling you what to do with it. Log out, log in with the new user and you'll get a prompt for the code. You have to be quick because the code expires fast and you'll keep getting emails until you enter the correct code. Then you get another prompt to change the password for the new user. I have no idea why.

The last screen said that the request for account creation would be reviewed on the next business day. So I logged out of the secondary account and went back to the primary. We'll see what happens tomorrow.

bfoz commented 1 year ago

I just got this email. Any idea what document they're looking for?

image

Voyz commented 1 year ago

sorry @bfoz no idea. Talk to them, they should be able to clarify

bfoz commented 1 year ago

I finally got around to checking on this. When I logged in to the portal with my primary account it threw a popup about "New Items", and the only item on the list was the "Proof of trader authority (Task 576174804)" document upload task. At the bottom was a link labeled "Click Here to Upload Documents". Clicking that link took me directly to another page titled "Pending Items" with another popup. The new popup was titled "Proof of trader authority" and had a EULA and a signature block at the bottom. I typed my name and clicked submit.

So that was a lot easier than it sounded. I'm not sure why it took nearly a week for the portal to offer that flow, but at least it worked.

bfoz commented 1 year ago

I forgot to mention that the credentials for the second user really do work and I can log into the website without anything complaining about being logged in twice.

It's a tedious process, but it really does work.

Voyz commented 1 year ago

@bfoz superb! Many thanks for sharing all that, very useful!

Just as an idea - turning these notes of yours into a markdown section in the Wiki (https://github.com/Voyz/ibeam/wiki/Runtime-environment#credentials) would be a great addition to the repo 👍

bfoz commented 1 year ago

I can't edit the wiki, so here's my first draft for a subsection of the Credentials section:

Using a Secondary Account

IBKR only permits a single login at a time for any given set of credentials. Consequently, you can't use the IBKR website while IBeam is running. If you try to anyway, IBeam will be disconnected, which will trigger a re-authentication attempt, which will potentially disconnect your website session. If you then log in to the website again, you'll just start the loop all over again. An easy solution is to stop IBeam before using the website, but that can be tedious.

A more convenient solution is to create a second username for your account and use that for IBeam. From the client portal API documentation section "Multiple usernames":

Clients wishing to use multiple IBKR products at the same time (TWS, IBKR Mobile or Client Portal) can do so by creating a new username that can then be used to log into other services while using the Client Portal API. To create a second username please see the following IBKR Knowledege Base article.

The Knowledge Base article linked above is slightly out of date with respect to the current layout of the IBKR Client Portal:

From there you'll be shown a fairly standard-looking username and password dialog. Fill it out in the normal fashion, then click through the many many pages of boilerplate and settings. Feel free to disable many of the notification settings for the new username. Otherwise you'll start getting duplicate emails from IBKR.

At the end of the process, you'll get an email with a confirmation code, but no indication as to what to do with it. Log out and log back in using the new username and password that you just created. You'll then be prompted to enter the confirmation code. Note that you need to be quick about this part because the code expires fast. If you're not fast enough you'll get another automated email with a new code a few minutes after the previous one expired. In fact, you'll keep getting new codes until you get it right.

After entering the confirmation code you'll likely be prompted to change the password for the secondary user.

The final screen of the process says that the request for account creation will be reviewed on the next business day. Some time later you'll receive an email asking you to upload a "Proof of trader authority" for the new username. The verbiage implies that you need to generate a document to upload, however that isn't the case. Simply log in using your primary username (not the secondary!) and you'll be prompted to upload the requested document. At the bottom of the pop-up will be a button titled "Click Here to Upload Documents". Click that and you'll be shown a EULA and a signature block. Type your name (not the new user's name) and click Submit.

After that you should be back at the normal dashboard page, with little indication that you're logged in as the second user. Log out and the new credentials will be ready to use with IBeam. In the future be sure to only use your primary credentials on the website and the secondary credentials for IBeam.

Nota Bene: The username restrictions for the second user are very loose. In fact, it's possible to use the domain name of the machine that hosts your instance of IBeam. A customer service agent suggested that API users typically do exactly that, but there's no requirement to do so.

Voyz commented 1 year ago

That's superb, very well written @bfoz 👏👏👏 Many thanks for taking your time to write this!

I took the liberty to add a couple of tweaks:

Using a Secondary Account

IBKR only permits a single login at a time for any given set of credentials. Consequently, you can't use the IBKR website while the Gateway (or IBeam) is running. If you try to anyway, the Gateway will be disconnected, which will trigger a re-authentication attempt, which will potentially disconnect your website session. If you then log in to the website again, you'll just start the loop all over again. An easy solution is to stop IBeam before using the website, but that can be tedious.

A more convenient solution is to create a second username for your account and use that for IBeam. From the client portal API documentation section "Multiple usernames":

Clients wishing to use multiple IBKR products at the same time (TWS, IBKR Mobile or Client Portal) can do so by creating a new username that can then be used to log into other services while using the Client Portal API. To create a second username please see the following IBKR Knowledege Base article.

The Knowledge Base article linked above is slightly out of date with respect to the current layout of the IBKR Client Portal:

From there you'll be shown a fairly standard-looking username and password dialog. Fill it out in the normal fashion, then click through the many many pages of boilerplate and settings. Feel free to disable many of the notification settings for the new username. Otherwise you'll start getting duplicate emails from IBKR.

At the end of the process, you'll get an email with a confirmation code, but no indication as to what to do with it. Log out and log back in using the new username and password that you just created. You'll then be prompted to enter the confirmation code. Note that you need to be quick about this part because the code expires fast. If you're not fast enough you'll get another automated email with a new code a few minutes after the previous one expired. In fact, you'll keep getting new codes until you get it right.

After entering the confirmation code you'll likely be prompted to change the password for the secondary user.

The final screen of the process says that the request for account creation will be reviewed on the next business day. Some time later you'll receive an email asking you to upload a "Proof of trader authority" for the new username. The verbiage implies that you need to generate a document to upload, however that isn't the case. Simply log in using your primary username (not the secondary!) and you'll be prompted to upload the requested document. At the bottom of the pop-up will be a button titled "Click Here to Upload Documents". Click that and you'll be shown a EULA and a signature block. Type your name (not the new user's name) and click Submit.

After that you should be back at the normal dashboard page, with little indication that you're logged in as the second user. Log out and the new credentials will be ready to use with IBeam. In the future be sure to only use your primary credentials on the website and the secondary credentials for IBeam.

Nota Bene: The username restrictions for the second user are very loose. In fact, it's possible to use the domain name of the machine that hosts your instance of IBeam. A customer service agent suggested that API users typically do exactly that, but there's no requirement to do so.

Changed:

Let me know if you'd be okay with these changes, and if you have any other comments - otherwise I'll go ahead and update the WiKi 👍

bfoz commented 1 year ago

Those changes look good to me

Voyz commented 1 year ago

Superb! Here's your contribution:

https://github.com/Voyz/ibeam/wiki/Runtime-environment#using-a-secondary-account

Once again - many thanks for going through this process, sharing it with us and writing this guide 🥳👏

bfoz commented 1 year ago

My pleasure, and thanks for accepting it. I hope it helps others.

Voyz commented 1 year ago

It sure will! You can go ahead and close this issue now @bfoz 👍