TradeStation MCP Server

Instructions

Implementation Reference

• src/index.ts:513-545 (handler)

  The handler function for the 'getPositions' tool. It retrieves current positions and P&L data for a specified TradeStation brokerage account by making an authenticated API request to `/brokerage/accounts/{accountId}/positions`.
  async (args) => { try { const accountId = args.accountId || TS_ACCOUNT_ID; if (!accountId) { throw new Error('Account ID is required. Either provide accountId parameter or set TRADESTATION_ACCOUNT_ID in .env file.'); } const positions = await makeAuthenticatedRequest( `/brokerage/accounts/${encodeURIComponent(accountId)}/positions` ); return { content: [ { type: "text", text: JSON.stringify(positions, null, 2) } ] }; } catch (error: unknown) { return { content: [ { type: "text", text: `Failed to fetch positions: ${error instanceof Error ? error.message : 'Unknown error'}` } ], isError: true }; } } );
• src/index.ts:108-110 (schema)

  Zod schema defining the input parameters for the 'getPositions' tool, with an optional accountId.
  const positionsSchema = { accountId: z.string().optional().describe('Account ID (optional, uses TRADESTATION_ACCOUNT_ID from env if not provided)') };
• src/index.ts:509-512 (registration)

  Registration of the 'getPositions' tool on the MCP server using server.tool() with name, description, schema, and handler function.
  server.tool( "getPositions", "Get current positions with P&L", positionsSchema,
• src/index.ts:179-230 (helper)

  Shared helper function used by the getPositions handler to make authenticated requests to the TradeStation API, including token refresh logic.
  async function makeAuthenticatedRequest( endpoint: string, method: AxiosRequestConfig['method'] = 'GET', data: any = null ): Promise<any> { const userTokens = tokenStore.get(DEFAULT_USER); if (!userTokens) { throw new Error('User not authenticated. Please set TRADESTATION_REFRESH_TOKEN in .env file.'); } // Check if token is expired or about to expire (within 60 seconds) if (userTokens.expiresAt < Date.now() + 60000) { // Refresh the token const newTokens = await refreshToken(userTokens.refreshToken); tokenStore.set(DEFAULT_USER, newTokens); } try { const options: AxiosRequestConfig = { method, url: `${TS_API_BASE}${endpoint}`, headers: { 'Authorization': `Bearer ${tokenStore.get(DEFAULT_USER)?.accessToken}`, 'Content-Type': 'application/json', 'Accept': 'application/json' }, timeout: 60000 }; if (data && (method === 'POST' || method === 'PUT' || method === 'PATCH')) { options.data = data; } const response = await axios(options); return response.data; } catch (error: unknown) { if (error instanceof AxiosError) { const errorMessage = error.response?.data?.Message || error.response?.data?.message || error.message; const statusCode = error.response?.status; console.error(`API request error [${statusCode}]: ${errorMessage}`); console.error('Endpoint:', endpoint); throw new Error(`API Error (${statusCode}): ${errorMessage}`); } else if (error instanceof Error) { console.error('API request error:', error.message); throw error; } else { console.error('Unknown API request error:', error); throw new Error('Unknown API request error'); } } }