Currently Empire Avenue uses a basic authentication system where you must pass a username and password on the behalf of the user in order to login to the application and retrieve or set Empire Avenue data. This is not the ideal solution for the Empire Avenue API as the user must trust the third-party application to store the credentials for these calls. We expect that third parties will take great care to protect any Empire Avenue login credentials that are given by a user to their application.

Basic Auth

In every call to the Empire Avenue API that requires authentication you must pass in a "username" and a "password". For Empire Avenue API, your username is your TICKER symbol and your password is the password you use to login to Empire Avenue. You will likely need to urlencode the password so that special characters can be passed into the system. The most basic query you can send might look like the following:

oAuth 2.0

Empire Avenue intends to roll out an oAuth implementation in the very near future. oAuth allows Empire Avenue to give your application a secure token on behalf of the user without the user having to trust the third party application. We will let developers know when our oAuth implementation is rolled out. However, while we will prefer developers to use oAuth when it is available, basic authentication will remain.

SSL Requirements

All calls to the Empire Avenue API will require using SSL to communicate with our servers.

User Control

Once a user authenticates with your application, the user will have the ability to control whether your application has access to their data. They can even block your application from having access.