Yash's Site

Schwab OAuth Authorization Utility

Use at your own risk

How it works

Step 1: register your application with Schwab to get a client ID and secret.

Step 2: update your application settings in Schwab to use the redirect URI below. Note, that is the correct URI to use if you want to use my instance hosted on Cloudflare Pages.

Step 3: put the client ID (Just the client ID, not the secret).

Step 4: click "Authorize" to be forwarded to Schwab's and go through the authorization process

Step 5: once you are redirected back here, use the "Copy" button to copy your one-time authorization code.

Step 6: use the Schwab API to authorize and receive your access token and refresh token. Note, that is not implemented here

Note: The "Save Settings" button will persist your client ID and redirect URL in your browser's localStorage so you do not need to enter it again each time. It is a ease of use feature, but is not required to use the tool.

Cybersecurity & Safety Notes

  • Do not be stoooopid. If you are asking for API access, know how to stay secure.

  • No app secret required

    This utility does NOT require your app secret. Without it, obtaining your access or refresh tokens from your authorization code is not possible.

  • Credential Security:

    Be cautious of any application that requests both your app details (app ID, app secret) and your authorization code. Sharing your App ID, secret, and tokens is equivalent to providing someone with your Schwab account username and password.

    In fact, it is even worse than providing a username and password to your Schwab account since they havefull API access and can make drastic account changes in under one second!

  • Protect Your Credentials:

    Do not share your account username or password with anyone.

    Do not share your access or refresh tokens.

    Keep your app secret confidential.

  • Verify Authenticity:

    Always cross-reference the authorization URL with your Schwab API documentation to avoid malicious links. Once you click "Authorize," it becomes hard to determine if you are being phished.

  • Double-Check the URL:

    Ensure that you are authorizing with Schwab and not falling victim to phishing. As of April 2025, you should log in via:

    sws-gateway.schwab.com

    Always verify the URL in your browser before entering your login details.

  • Use at Your Own Risk:

    This utility assists in accessing the Schwab APIs. You are solely responsible for your own trades and account actions. If you are uncertain about any action, please refrain from proceeding. The developers of this tool will not assume responsibility for any financial losses or risks incurred.