TradeStation MCP Server

// Quick Token Validation Script // Use this to test your existing refresh token and get a new access token import axios from 'axios'; import dotenv from 'dotenv'; dotenv.config(); const TS_TOKEN_URL = 'https://signin.tradestation.com/oauth/token'; const TS_API_BASE = 'https://sim-api.tradestation.com/v3'; // Your existing refresh token from the MCP server (loaded from .env) const EXISTING_REFRESH_TOKEN = process.env.TRADESTATION_REFRESH_TOKEN; async function validateRefreshToken() { console.log('=== Testing Existing Refresh Token ==='); const TS_CLIENT_ID = process.env.TRADESTATION_CLIENT_ID; const TS_CLIENT_SECRET = process.env.TRADESTATION_CLIENT_SECRET; if (!TS_CLIENT_ID || !TS_CLIENT_SECRET) { console.error('❌ Missing TRADESTATION_CLIENT_ID or TRADESTATION_CLIENT_SECRET in .env file'); console.error('Please ensure your .env file contains:'); console.error(' - TRADESTATION_CLIENT_ID'); console.error(' - TRADESTATION_CLIENT_SECRET'); console.error(' - TRADESTATION_REFRESH_TOKEN'); return null; } if (!EXISTING_REFRESH_TOKEN) { console.error('❌ Missing TRADESTATION_REFRESH_TOKEN in .env file'); return null; } try { console.log('Attempting to refresh token...'); const response = await axios.post(TS_TOKEN_URL, new URLSearchParams({ grant_type: 'refresh_token', client_id: TS_CLIENT_ID, client_secret: TS_CLIENT_SECRET, refresh_token: EXISTING_REFRESH_TOKEN }), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }); const tokens = { accessToken: response.data.access_token, refreshToken: response.data.refresh_token || EXISTING_REFRESH_TOKEN, expiresIn: response.data.expires_in, expiresAt: Date.now() + (response.data.expires_in * 1000) }; console.log('✅ Token refresh successful!'); console.log('New Access Token:', tokens.accessToken + '...'); console.log('Expires in:', tokens.expiresIn, 'seconds'); return tokens; } catch (error) { console.error('❌ Token refresh failed:'); console.error('Status:', error.response?.status); console.error('Error:', error.response?.data || error.message); if (error.response?.status === 400) { console.error('\n🔍 This usually means:'); console.error(' - The refresh token has expired'); console.error(' - The refresh token is invalid'); console.error(' - The client credentials are incorrect'); console.error('\n💡 You may need to go through the full authorization flow again'); } return null; } } async function testApiWithToken(accessToken) { console.log('\n=== Testing API Access ==='); try { // Test simple market data call const response = await axios.get(`${TS_API_BASE}/marketdata/quotes?symbols=AAPL`, { headers: { 'Authorization': `Bearer ${accessToken}`, 'Content-Type': 'application/json' } }); console.log('✅ API call successful!'); console.log('Response preview:', JSON.stringify(response.data, null, 2).substring(0, 200) + '...'); return true; } catch (error) { console.error('❌ API call failed:'); console.error('Status:', error.response?.status); console.error('Error:', error.response?.data || error.message); return false; } } // Main execution async function main() { console.log('TradeStation Quick Token Validation\n'); // Test the refresh token const tokens = await validateRefreshToken(); if (!tokens) { console.log('\n❌ Could not obtain valid tokens'); console.log('\n📋 Next steps:'); console.log('1. Check your .env file has correct TRADESTATION_CLIENT_ID and TRADESTATION_CLIENT_SECRET'); console.log('2. If credentials are correct, run the full auth validation script'); console.log('3. The refresh token may have expired and needs to be renewed'); return; } // Test API access const apiSuccess = await testApiWithToken(tokens.accessToken); if (apiSuccess) { console.log('\n🎉 All tests passed!'); console.log('\n📋 Update your MCP server tokenStore with:'); console.log('```javascript'); console.log('tokenStore.set("maven81shark", {'); console.log(` accessToken: "${tokens.accessToken}",`); console.log(` refreshToken: "${tokens.refreshToken}",`); console.log(` expiresAt: ${tokens.expiresAt}`); console.log('});'); console.log('```'); } else { console.log('\n❌ API test failed - check your account permissions and API access'); } } main().catch(console.error);