Robinhood
- https://stackoverflow.com/questions/55902967/is-there-any-way-to-get-a-bearer-token-now-since-robinhood-has-changed-the-api/56841942
- https://github.com/robinhood-unofficial/Robinhood/blob/master/docs/example.ipynb
A more complete solution (not need browser): Use requests.session.
Obtain the login page by making a GET request to "https://robinhood.com/login". At this point the session's cookies will contain 'device_id'. Obtain this device_id and use it in making the oauth2 token request to "https://api.robinhood.com/oauth2/token/" also add in the data request "challenge_type" (either "sms" or "email"). This request will fail with a 400 error code. Robinhood will send an SMS message or Email with a temporary (5 minute) code. Also at this point use the 400 response's body to get "id" from "challenge" inside of the JSON object. Confirm the challenge by making a POST request to "https://api.robinhood.com/challenge/CHALLENGEID/respond/" where CHALLENGEID is the same id mentioned in the first failed /oauth2/token/ POST request. Make the same POST request to "https://api.robinhood.com/oauth2/token/" and include in the header "X-ROBINHOOD-CHALLENGE-RESPONSE-ID" with the value CHALLENGEID. You can reuse a device_id with user/pass after this even after logging out. Be cautious with storing device_id as it is the result of user/pass login and successful SMS/email 2FA.