Reference

Best Practices

This guide consolidates best practices for integrating with the Tradovate Partner API, covering WebSocket operations, automated orders, maintenance windows, and billing management. Following these practices will help you build a reliable, secure, and efficient integration.

Quick Reference

  • Clean up subscriptions when no longer needed
  • Use user/syncrequest for real-time user data
  • Send heartbeats every 2.5 seconds to prevent disconnection
  • MUST include isAutomated: true flag for all automated orders
  • This is required by exchange policies
  • Helps distinguish between human and automated trading
  • Avoid account creation during maintenance windows
  • Add 15-30 minute buffers before/after maintenance
  • Queue requests and process after maintenance concludes

WebSocket Best Practices

Clean Up Subscriptions

Always properly clean up WebSocket subscriptions when they are no longer needed to prevent resource leaks and ensure optimal performance.

Use User Sync Request

When working with real-time user data, it is best practice to respond to changes in user data. To do so, make a request to user/syncrequest using a WebSocket. Every time a change occurs for the subscribed user, the linked Tradovate WebSocket Server will push updates to the client that subscribed via the user/syncrequest endpoint.

This is intended to be called using a WebSocket, and not via HTTP. Permissions on your API Key may affect the available fields on the response object.

Client Heartbeats

Even WebSockets have built-in pings. A client is responsible to send heartbeats every 2.5 seconds to avoid closing by server due to inactivity. A heartbeat should be a frame with "[]" (empty array) as its text, which you can send using the WebSocket.send method.

It is best to adopt a mechanism that doesn’t rely on setInterval when developing for web - this function can be throttled by the browser leading to disconnection ultimately. Instead generate a timestamp (new Date() will do) with each received message. Check that against the timestamp of the last message received, and if the time has exceeded 2500ms send a heartbeat frame.

Automated Orders Best Practice

Use the isAutomated Flag

When placing an order via code or automated process (like with a trade bot), you MUST include the isAutomated flag in your request body. isAutomated defaults to false, which is what would be typical of an order placed by a human via click. However, if you were to place an order by bot or through some other algorithmic process, isAutomated has to be true.

The exchange is very serious about this requirement and failing to do so could violate exchange policies.

Maintenance Window Best Practices

Avoid Sensitive Operations

  • Avoid calling account creation endpoints during maintenance windows
  • If you need to create accounts during these times, consider queuing requests and submitting them after the maintenance window concludes

Buffer Time Recommendations

To reduce the likelihood of encountering errors:

  • Add a 15–30 minute buffer before and after each maintenance window when scheduling account creation requests or other sensitive operations

This proactive handling ensures more reliable API integration and a smoother end user experience.

Billing Best Practices

Billing Statement Management

  • Active User Management: Regularly review and manage active users to optimize billing
  • Account Archiving: Implement proper account archiving procedures for inactive users
  • Subscription Cancellation: Handle subscription cancellations promptly and accurately

Billing Optimization Strategies

  • User Lifecycle Management: Track user activity and implement automated archiving for inactive accounts
  • Subscription Monitoring: Monitor subscription usage and implement alerts for unusual activity
  • Cost Optimization: Regularly review billing statements and optimize subscription usage

Billing Statement Analysis

  • Regular Review: Review billing statements monthly to identify trends and optimization opportunities
  • Cost Tracking: Track costs by user, account type, and subscription level
  • Usage Patterns: Analyze usage patterns to optimize subscription plans

Account Management

  • User Onboarding: Implement efficient user onboarding processes to minimize setup costs
  • Account Cleanup: Regularly clean up test accounts and inactive users
  • Subscription Management: Monitor and manage subscription renewals and cancellations

API Integration Best Practices

Authentication

  • Secure Token Storage: Store access tokens securely and implement proper token refresh logic
  • Two-Factor Authentication: Use two-factor authentication for all admin accounts
  • Token Rotation: Implement regular token rotation for enhanced security

Error Handling

  • Robust Error Handling: Implement comprehensive error handling for all API operations
  • Retry Logic: Use exponential backoff for retry attempts
  • Logging: Log all API operations for debugging and audit purposes

Rate Limiting

  • Respect Rate Limits: Implement proper rate limiting to avoid hitting API limits
  • Request Queuing: Use request queuing for high-volume operations
  • Monitoring: Monitor API usage and implement alerts for rate limit approaches

Security Best Practices

API Key Management

  • Secure Storage: Store API keys securely using environment variables or secure key management systems
  • Key Rotation: Implement regular API key rotation
  • Access Control: Limit API key access to necessary operations only

Data Protection

  • Encryption: Use encryption for sensitive data in transit and at rest
  • Access Logging: Log all API access for security monitoring
  • Audit Trails: Maintain comprehensive audit trails for all operations

Performance Best Practices

WebSocket Optimization

  • Connection Pooling: Implement connection pooling for WebSocket connections
  • Message Batching: Batch messages when possible to reduce overhead
  • Connection Monitoring: Monitor WebSocket connection health and implement reconnection logic

API Optimization

  • Request Optimization: Optimize API requests to minimize payload size
  • Caching: Implement appropriate caching strategies for frequently accessed data
  • Async Operations: Use asynchronous operations for non-blocking API calls

Monitoring and Alerting

System Monitoring

  • Health Checks: Implement health checks for all API integrations
  • Performance Monitoring: Monitor API response times and error rates
  • Resource Monitoring: Monitor system resources and implement alerts for resource constraints

Business Monitoring

  • User Activity: Monitor user activity and trading patterns
  • Revenue Tracking: Track revenue and billing metrics
  • Compliance Monitoring: Monitor compliance with regulatory requirements