How do I activate API access and algorithmic trading permissions?
This article guides agents through enabling API access and algorithmic trading permissions for customers, covering developer onboarding, security, rate limits, compliance checks, and operational controls.
Overview
API access allows programmatic interactions with Nordnet trading systems for order placement, market data, and account management. Algorithmic trading adds additional risk and regulatory considerations. Activation requires strong authentication, a developer agreement, and monitoring controls.
Prerequisites
- Account verification: Ensure customer's account is fully verified and active.
- Developer agreement: Customer must accept API terms, acceptable use policy, and risk disclosures.
- Technical readiness: Customer should provide technical contact details and intended usage patterns.
- Compliance checks: Review for market manipulation risk and ensure the customer has necessary permissions for trading instruments accessed via API.
Step-by-Step Activation
- Collect details: Record application purpose, expected message volumes, and whether the algorithm will operate unattended.
- Issue developer agreement: Send and record signed developer agreement and acceptable use acknowledgement.
- Generate API credentials: Create API key and secret in the system and convey them to the customer through secure channels. Ensure secrets are only shown once.
- Set rate limits and permissions: Apply default rate limits and specify endpoints permitted (order placement, market data, account info). Adjust limits for high-volume users after review.
- Security configuration: Enforce IP whitelisting if requested, and require two-factor authentication for any manual overrides.
- Testing environment: Provide access to sandbox environment for development, and guide the customer through test cases.
- Go-live checklist: Confirm production readiness, monitoring setup, and escalation contacts. Move API credentials to production once confirmed.
Security and Best Practices
- Never email API secrets. Use secure messaging or in-portal display only.
- Recommend IP whitelisting and short-lived tokens where supported.
- Advise on safe retry logic and backoff strategies to avoid rate limit breaches.
Important Notes and Warnings
⚠️ Market abuse monitoring: Algorithms that place frequent orders can trigger surveillance. Inform the customer that activity will be monitored for market manipulation.
⚠️ Liability: Customers are responsible for their algorithms' behavior. Provide guidance but not approval of specific trading strategies.
Frequently Asked Questions
Q: What are typical rate limits?
A: Base limits depend on endpoint; provide current published limits and offer escalation for higher throughput after review.
Q: Can I use the API with margin and shorting?
A: Only if the account has margin/short permissions enabled. Review account permissions and compliance status first.
Troubleshooting
| Issue | Action |
|---|---|
| API key unauthorized | Verify key permissions, expiry, and IP whitelist. Regenerate key if compromised. |
| Exceeded rate limit | Recommend backoff logic and review possibility of increasing rate limits for the customer. |
| Unexpected order behavior | Request logs, timestamps and payloads. Suspend offending key if it poses market risk and escalate. |
Related Information
- How to enable short selling and margin trading
- Derivatives trading activation
- API developer documentation and sandbox access
Always log all API activations and keep an audit trail of agreements and technical details. Escalate suspicious algorithmic behavior to the surveillance team immediately.