Some fun with trading via an api for humans.

#!/usr/bin/env python3
# Recommend using ipython but wipe your history
# https://github.com/robinhood-unofficial/Robinhood/blob/master/docs/example.ipynb

from robinhood import Robinhood
from pprint import pprint

# Log in to app (will prompt for two-factor)
rh = Robinhood()
rh.login(username="YOUR_EMAIL", password="YOUR_PASSWORD")

quote = rh.print_quote("GE")
print(quote)
instrument = rh.instruments("GE")[0]
buy_order = rh.place_buy_order(instrument, 3, ask_price=quote)

• https://stackoverflow.com/questions/55902967/is-there-any-way-to-get-a-bearer-token-now-since-robinhood-has-changed-the-api/56841942
• https://github.com/robinhood-unofficial/Robinhood/blob/master/docs/example.ipynb

A more complete solution (not need browser): Use requests.session.

Obtain the login page by making a GET request to "https://robinhood.com/login". At this point the session's cookies will contain 'device_id'. Obtain this device_id and use it in making the oauth2 token request to "https://api.robinhood.com/oauth2/token/" also add in the data request "challenge_type" (either "sms" or "email"). This request will fail with a 400 error code. Robinhood will send an SMS message or Email with a temporary (5 minute) code. Also at this point use the 400 response's body to get "id" from "challenge" inside of the JSON object. Confirm the challenge by making a POST request to "https://api.robinhood.com/challenge/CHALLENGEID/respond/" where CHALLENGEID is the same id mentioned in the first failed /oauth2/token/ POST request. Make the same POST request to "https://api.robinhood.com/oauth2/token/" and include in the header "X-ROBINHOOD-CHALLENGE-RESPONSE-ID" with the value CHALLENGEID. You can reuse a device_id with user/pass after this even after logging out. Be cautious with storing device_id as it is the result of user/pass login and successful SMS/email 2FA.