Problem
POST /sess/login returns 401 even with correct credentials (web login at firstrade.com works fine).
Debug Output
POST https://api3x.firstrade.com/sess/login
<<< Status: 401
<<< JSON body:
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Authentication failed"
}
Request headers sent:
access-token: 833w3XuIFycv18ybi
Content-Type: application/x-www-form-urlencoded
Steps to reproduce
- Install latest version from GitHub (
pip install git+https://github.com/MaxxRK/firstrade-api.git)
- Call
FTSession(username=..., password=..., mfa_secret=..., debug=True).login()
- Always returns 401
What I verified
- ✅ Credentials are correct (manual login at firstrade.com succeeds)
- ✅ TOTP secret is correct (code matches Google Authenticator)
- ✅ No PIN required on this account
- ✅ Tested with US VPN — still 401 (not a geo-block issue)
- ✅ Tested with both PyPI 0.0.38 and latest GitHub version
Hypothesis
The access-token: 833w3XuIFycv18ybi hardcoded in urls.py may have been rotated by Firstrade. The server rejects it with 401 before even validating the username/password.
Could you check if this token needs to be updated? Thank you!
Problem
POST /sess/loginreturns 401 even with correct credentials (web login at firstrade.com works fine).Debug Output
POST https://api3x.firstrade.com/sess/login
<<< Status: 401
<<< JSON body:
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Authentication failed"
}
Request headers sent:
access-token: 833w3XuIFycv18ybi
Content-Type: application/x-www-form-urlencoded
Steps to reproduce
pip install git+https://github.com/MaxxRK/firstrade-api.git)FTSession(username=..., password=..., mfa_secret=..., debug=True).login()What I verified
Hypothesis
The
access-token: 833w3XuIFycv18ybihardcoded inurls.pymay have been rotated by Firstrade. The server rejects it with 401 before even validating the username/password.Could you check if this token needs to be updated? Thank you!