Skip to main content
PATCH
/
api
/
v1
/
sub-accounts
/
etoro-trading
/
user-tokens
/
{userTokenId}
Update Sub-Account User Token
curl --request PATCH \
  --url https://public-api.etoro.com/api/v1/sub-accounts/etoro-trading/user-tokens/{userTokenId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <x-api-key>' \
  --header 'x-request-id: <x-request-id>' \
  --header 'x-sub-account-id: <x-sub-account-id>' \
  --header 'x-user-key: <x-user-key>' \
  --data '
{
  "scopeNames": [
    "etoro-public:trade.real:read"
  ],
  "ipsWhitelist": [
    "192.168.1.1"
  ],
  "expiresAt": "2026-12-31T23:59:59Z"
}
'

Authorizations

Authorization
string
header
required

eToro OAuth2. Each operation lists the scopes that grant access as separate security requirements (OpenAPI OR semantics): the caller's token only needs ONE of them — you do NOT need all of them. The same scopes back the x-api-key/x-user-key credential pair.

Headers

x-request-id
string<uuid>
required

A unique request identifier.

Example:

"09c67ad1-8ebd-4295-8970-193e008e6417"

x-api-key
string<password>
required

API key for authentication.

Example:

"lhgfaslk21490FAScVPkdsb53F9dNkfHG4faZSG5vfjndfcfgdssdgsdHF4663"

x-user-key
string<password>
required

User-specific authentication key.

Example:

"eyJlYW4iOiJVbnJlZ2lzdGVyZWRBcHBsaWNhdGlvbiIsImVrIjoiOE5sZ2cwcW5EUVdROUFNWGpXT2lmOWktZnpidG5KcUlqWGJ3WHJZZkpZcldrbG90ZEhvLVBjSWhQaU8xU1ZtMW84aU1WZGZqN2xWNzFjLXFxLmcybXE1dnh4Q1hUT25xaWRUaTFlcEhmVk1fIn0_"

x-sub-account-id
string
required

The encrypted sub-account identifier. The backend validates that it decrypts to a sub-account owned by the caller's token gcid.

Path Parameters

userTokenId
string<uuid>
required

The unique identifier of the user token to update.

Body

application/json
scopeNames
string[]

The replacement scope names. When provided, must be a subset of the scopes returned by GET /api/v1/sub-accounts/etoro-trading/user-tokens/scopes.

Example:
["etoro-public:trade.real:read"]
ipsWhitelist
string[]

The replacement IPv4 whitelist.

Example:
["192.168.1.1"]
expiresAt
string<date-time>

The replacement UTC expiration.

Example:

"2026-12-31T23:59:59Z"

Response

User token updated successfully