REST API

The configurable REST API is generated by FastAPI. To start it, activate the Python environment, then run the following command:

uvicorn openbb_core.api.rest_api:app

info

This starts a server on http://127.0.0.1:8000

See System Settings for API configuration and runtime settings.

Running in a Container

Use 0.0.0.0 as the host for containerized, or network, deployments.

uvicorn openbb_core.api.rest_api:app --host 0.0.0.0 --port 8000

To learn more about how you can run the API in different scenarios refer to uvicorn's documentation

API Documentation

The default settings provide two flavors of interactive API documentation.

Swagger: http://127.0.0.1:8000/docs
Redoc: http://127.0.0.1:8000/redoc

Both provide detailed descriptions and functions can be executed directly from the page.

Please note that some descriptions and parameter dropdown choices may appear incomplete or linked to the wrong provider. These visual inconsistencies may differ between Redoc and Swagger but do not impact the normal operation or expected behaviour of the API.

API Authorization

By default, no authorization is required. Data provider credentials must be configured in user_settings.json

warning

Production environments should utilize access controls and HTTPS encryption.

Basic authorization can be enabled with environment variables.

OPENBB_API_AUTH="True"
OPENBB_API_USERNAME="my_email"
OPENBB_API_PASSWORD="my_password"

The application will expect a header that contains authorization in the form of Basic <username:password>, where "username:password" is a Base64-encoded string.

Pass in the "Authorization" headers of every request to the API.

Here is Python example calling the API where Basic Authorization has been enabled.

import base64
import requests

msg = "some_user:some_pass"
msg_bytes = msg.encode('ascii')
base64_bytes = base64.b64encode(msg_bytes)
base64_msg = base64_bytes.decode('ascii')

symbol="SPY"
url = f"http://127.0.0.1:8000/api/v1/equity/price/quote?provider=fmp&symbol={symbol}"
headers = {"accept": "application/json", "Authorization": f"Basic {base64_msg}"}

response = requests.get(url=url, headers=headers)

response.json()

CORS Configuration

CORS defines the rules for which external domains are allowed to access your API.

danger

The default settings are permissive (["*"]), and are suitable for development.

When deploying to the public internet, specify exact domains, methods, and headers to enforce security.

Always run deployed servers over HTTPS.

HTTPS

Running localhost over HTTPS can appear to be trickier than it needs to be. The simplest method is to generate a self-signed certificate using the OPD Desktop feature.

Then use Uvicorn runtime arguments, or environment variables, pointing to the file locations.

UVICORN_SSL_CERTFILE = "/pathto/public_folder/certificate.pem"
UVICORN_SSL_KEYFILE = "/pathto/private_folder/private.key"

OpenBB API

openbb-api is a command line executable that imports the app instance and extends it by building and serving configuration files for OpenBB Workspace, converting API endpoints into interactive widgets.

Go to the extension's documentation for launch arguments and usage examples.

Running in a Container​

API Documentation​

API Authorization​

CORS Configuration​

HTTPS​

OpenBB API​