Skip to main content
POST
/
api
/
v1
/
sub-accounts
/
etoro-trading
/
user-tokens
Create Sub-Account User Token
curl --request POST \
  --url https://public-api.etoro.com/api/v1/sub-accounts/etoro-trading/user-tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <x-api-key>' \
  --header 'x-request-id: <x-request-id>' \
  --header 'x-sub-account-id: <x-sub-account-id>' \
  --header 'x-user-key: <x-user-key>' \
  --data '
{
  "userTokenName": "my-trading-bot",
  "scopeNames": [
    "etoro-public:trade.real:read",
    "etoro-public:trade.real:write"
  ],
  "ipsWhitelist": [
    "192.168.1.1"
  ],
  "expiresAt": "2026-12-31T23:59:59Z"
}
'
{ "userTokenId": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "userToken": "ut_live_9f8c7b6a5d4e3f2a1b0c", "userTokenName": "my-trading-bot", "clientId": "7c9e6679-7425-40de-944b-e07fc1f90ae7", "ipsWhitelist": [ "192.168.1.1" ], "scopes": [ { "name": "etoro-public:trade.real:read" } ], "expiresAt": "2026-12-31T23:59:59Z", "createdAt": "2026-06-06T10:15:00Z" }

Authorizations

Authorization
string
header
required

eToro OAuth2. Each operation lists the scopes that grant access as separate security requirements (OpenAPI OR semantics): the caller's token only needs ONE of them — you do NOT need all of them. The same scopes back the x-api-key/x-user-key credential pair.

Headers

x-request-id
string<uuid>
required

A unique request identifier.

Example:

"8608a750-6d36-4f85-98b1-1dd829224548"

x-api-key
string<password>
required

API key for authentication.

Example:

"lhgfaslk21490FAScVPkdsb53F9dNkfHG4faZSG5vfjndfcfgdssdgsdHF4663"

x-user-key
string<password>
required

User-specific authentication key.

Example:

"eyJlYW4iOiJVbnJlZ2lzdGVyZWRBcHBsaWNhdGlvbiIsImVrIjoiOE5sZ2cwcW5EUVdROUFNWGpXT2lmOWktZnpidG5KcUlqWGJ3WHJZZkpZcldrbG90ZEhvLVBjSWhQaU8xU1ZtMW84aU1WZGZqN2xWNzFjLXFxLmcybXE1dnh4Q1hUT25xaWRUaTFlcEhmVk1fIn0_"

x-sub-account-id
string
required

The encrypted sub-account identifier. The backend validates that it decrypts to a sub-account owned by the caller's token gcid and generates the token for the sub-account's gcid.

Body

application/json
userTokenName
string
required

A friendly display name for the user token.

Example:

"my-trading-bot"

scopeNames
string[]
required

The scope names to assign. Must be a subset of the scopes returned by GET /api/v1/sub-accounts/etoro-trading/user-tokens/scopes.

Example:
[
  "etoro-public:trade.real:read",
  "etoro-public:trade.real:write"
]
ipsWhitelist
string[]

An optional IPv4 whitelist for the token.

Example:
["192.168.1.1"]
expiresAt
string<date-time>

An optional UTC expiration for the token.

Example:

"2026-12-31T23:59:59Z"

Response

User token created successfully

userTokenId
string<uuid>

The unique identifier of the created user token.

Example:

"3fa85f64-5717-4562-b3fc-2c963f66afa6"

userToken
string

The secret token value. Returned only once, on creation.

Example:

"ut_live_9f8c7b6a5d4e3f2a1b0c"

userTokenName
string

The friendly display name assigned to the token.

Example:

"my-trading-bot"

clientId
string<uuid>

The OAuth client id associated with the token.

Example:

"7c9e6679-7425-40de-944b-e07fc1f90ae7"

ipsWhitelist
string[]

The IPv4 addresses the token is restricted to, if any.

Example:
["192.168.1.1"]
scopes
object[]

The scopes granted to the token.

expiresAt
string<date-time> | null

The UTC expiration of the token, if one was set.

Example:

"2026-12-31T23:59:59Z"

createdAt
string<date-time>

When this user token was created.

Example:

"2026-06-06T10:15:00Z"