Skip to main content
POST
/
api
/
v1
/
agent-portfolios
/
{agentPortfolioId}
/
user-tokens
Create User Token
curl --request POST \
  --url https://public-api.etoro.com/api/v1/agent-portfolios/{agentPortfolioId}/user-tokens \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <x-api-key>' \
  --header 'x-request-id: <x-request-id>' \
  --header 'x-user-key: <x-user-key>' \
  --data '
{
  "userTokenName": "my-trading-token",
  "scopeIds": [
    200,
    202
  ],
  "ipsWhitelist": [
    "192.168.1.1"
  ],
  "expiresAt": "2026-12-31T23:59:59Z"
}
'
{
  "userTokenId": "f9e8d7c6-b5a4-3210-fedc-ba9876543210",
  "userToken": "sk_live_a1b2c3d4e5f6..."
}

Headers

x-request-id
string<uuid>
required

A unique request identifier.

Example:

"10933c77-a466-42f2-a95f-ddf8e5aba988"

x-api-key
string<password>
required

API key for authentication.

Example:

"lhgfaslk21490FAScVPkdsb53F9dNkfHG4faZSG5vfjndfcfgdssdgsdHF4663"

x-user-key
string<password>
required

User-specific authentication key.

Example:

"eyJlYW4iOiJVbnJlZ2lzdGVyZWRBcHBsaWNhdGlvbiIsImVrIjoiOE5sZ2cwcW5EUVdROUFNWGpXT2lmOWktZnpidG5KcUlqWGJ3WHJZZkpZcldrbG90ZEhvLVBjSWhQaU8xU1ZtMW84aU1WZGZqN2xWNzFjLXFxLmcybXE1dnh4Q1hUT25xaWRUaTFlcEhmVk1fIn0_"

Path Parameters

agentPortfolioId
string<uuid>
required

The unique identifier of the agent-portfolio.

Body

application/json
userTokenName
string
required

A human-readable name to identify the user token.

Example:

"my-trading-token"

scopeIds
integer[]
required

The set of permission scope identifiers to grant to this token. Available scopes: 200 = etoro-public:real:read, 201 = etoro-public:demo:read, 202 = etoro-public:real:write, 203 = etoro-public:demo:write.

Example:
[200, 202]
ipsWhitelist
string[]

An optional set of IPv4 addresses allowed to use this token.

Example:
["192.168.1.1"]
expiresAt
string<date-time>

An optional expiration date and time for the token in UTC.

Example:

"2026-12-31T23:59:59Z"

Response

User token created successfully

userTokenId
string<uuid>

The unique identifier of the newly created user token.

Example:

"f9e8d7c6-b5a4-3210-fedc-ba9876543210"

userToken
string

The generated user token secret. Only available at creation time.

Example:

"sk_live_a1b2c3d4e5f6..."