Sandbox keys and authentication

You can access and recycle your sandbox keys via the "Keys" tab, under "Developer Tools" in your DriveHub account.

Once you have created a DriveHub account and logged in:

  1. Locate and click the Keys tab in the left hand margin.
  2. Copy the Client ID, API Sandbox Key, and dw-client-app-key by clicking the Copy buttons to the right of each field. Use these copied values in the “clientID”, “clientSecret”, and "dw-client-app-key" fields in the Create Authentication Token POST request to generate your authentication token.


Note that the authentication token expires after one hour. The response of the Create Authentication Token POST request includes an expires_in attribute that specifies, in seconds, the duration after which the token will expire.

Your app key is static, whereas your auth token will rotate on a scheduled basis.

We require that all requests are sent server-to-server. Your app or website should never be directly communicating with the DriveWealth APIs, as your private connection keys may be exposed in transit. All requests are required to be made via an HTTPS connection; requests made over plain HTTP will fail.

A sample auth token generation request is provided under Developer Tools > Developer Dashboard in DriveHub:


You must use this authentication token in all other API requests, as shown in the example code for making your first test trade: