Webull API Guide: Endpoints, Authentication & Python SDKs

If you’re a developer or retail trader looking for programmatic access to Webull, the good news is that Webull now offers an official OpenAPI for trading automation, market data, and account management. The platform supports HTTP for standard requests, gRPC for real-time order notifications, and MQTT for live market data streaming — giving you multiple protocols to match your use case.

Beyond the official API, there’s also a popular unofficial Python library that many developers have used for years. This guide covers both options, walks through authentication and rate limits, compares Webull to alternative trading APIs, and explains the legal considerations you should know about before building.

Understanding Webull’s Official OpenAPI

Webull’s OpenAPI provides programmatic access to the Webull trading platform, covering US market instruments including stocks, options, futures, crypto, and event contracts. The API is organized into four main categories:

Trading API — place, modify, and cancel orders across asset classes, with support for fractional shares, position tracking, and account management.
Market Data API — access real-time and historical data including tick data, snapshots, quotes, and OHLCV bars via HTTP, with live streaming through MQTT.
Connect API — enable third-party OAuth 2.0 integrations for applications that connect to Webull accounts.
Broker API — enterprise-grade brokerage-as-a-service, including account opening, funding (ACH/wire), and order execution for end users.

The API operates through three protocols:

HTTP for standard operations like trading, account management, and historical data retrieval.
gRPC for real-time event subscriptions, such as order status changes.
MQTT for high-frequency, low-latency delivery of real-time market data.

This multi-protocol architecture allows you to build anything from simple trading bots to sophisticated algorithmic systems that react to market changes in real time.

Official vs. Unofficial API Access

One of the most common questions developers ask is whether Webull has a public API. The answer is now yes — but it wasn’t always the case.

The Official Webull OpenAPI

Webull’s official OpenAPI provides documented endpoints, official SDKs for Python (3.8–3.13) and Java (JDK 8+), and a test environment for development. Key details:

No extra charges for API access — trading fees match the standard Webull app rates.
Market data subscriptions are purchased separately through Webull’s subscription system.
Application review typically takes 1–2 business days after you apply through the OpenAPI Management section of your Webull account.
Test environment available immediately with shared credentials — you can start coding before your production application is approved.

Official SDKs are available for Python and Java, but you can integrate directly via REST, MQTT, and gRPC if you use a different language.

The Unofficial Python Library (tedchou12/webull)

Before the official API existed, the community-built webull Python package by tedchou12 was the only way to automate Webull trading programmatically. With over 600 GitHub stars, it remains widely used. Key capabilities include login (via email or phone number), placing and canceling orders, fetching account data, and streaming real-time quotes.

However, there are important caveats:

The endpoints it uses are not officially supported or documented by Webull.
Webull can change or disable these endpoints at any time without notice.
The library is community-maintained and not extensively tested.
Multi-factor authentication (MFA) requirements have created recurring compatibility issues.

If you’re starting a new project today, the official OpenAPI is the safer choice. The unofficial library is still useful for quick prototyping or accessing functionality not yet available in the official API.

Getting Started with Webull’s Official API

To start using the Webull OpenAPI, follow these steps:

Create a Webull account — sign up through the Webull website or mobile app.
Open a brokerage account — complete identity verification and regulatory compliance requirements.
Apply for API access — navigate to the “OpenAPI Management” section and submit your application with details about your intended use.
Generate API credentials — once approved, create your App Key and App Secret. Store them securely.

While waiting for approval (typically 1–2 business days), you can install the SDK and start building against the test environment:

bash

pip install webull-openapi-python-sdk

When dealing with API credentials, proper API key management is crucial to maintain security. Never embed secrets directly in your code — use environment variables or a secure vault instead.

Authentication

Every API request requires a signature generated from your App Key and App Secret. The official SDKs handle signature generation automatically, so you don’t need to implement the signing logic yourself.

For Python developers, the SDK handles authentication and signature generation automatically:

python

from webull.core.client import ApiClient
from webull.trade.trade_client import TradeClient

api_client = ApiClient("<your_app_key>", "<your_app_secret>", "us")
trade_client = TradeClient(api_client)

For Java developers, initialization looks like this:

java

HttpApiConfig apiConfig = HttpApiConfig.builder()
    .appKey(Env.APP_KEY)
    .appSecret(Env.APP_SECRET)
    .regionId(Region.us.name())
    .build();

TradeApiService apiService = new TradeHttpApiService(apiConfig);

For enterprise applications using the Connect API, Webull uses OAuth 2.0 for third-party authorization flows.

Working with the Webull API

The Webull API provides endpoints for retrieving market data and executing trades. Here are some best practices for building reliable integrations:

Implement error handling — handle network timeouts, authentication errors, and rate limit responses (429 Too Many Requests) gracefully. Understanding rate-limiting strategies can help you manage API usage effectively.
Use asynchronous processing — for non-time-critical operations, process requests asynchronously to handle activity bursts:

java

CompletableFuture<List<Order>> ordersFuture = CompletableFuture.supplyAsync(() -> {
    try {
        return apiService.getOrders(accountId);
    } catch (Exception e) {
        logger.error("Error fetching orders", e);
        return Collections.emptyList();
    }
});

Cache frequently accessed data — reduce API calls and improve performance by caching market snapshots and account data with appropriate TTLs.
Validate data before processing — verify data integrity for all API responses, especially before executing trades.
Test in paper trading first — always validate your strategies in Webull’s test environment before deploying with real funds.

Implementing Caching to Improve Performance & Minimize Calls

Here’s a quick tutorial on how to implement caching with Zuplo to minimize API calls and improve your performance:

For more on essential API gateway features like caching, rate limiting, and circuit breaking, see our dedicated guide.

API Security Best Practices

When working with financial APIs like Webull’s, security is paramount. A single compromised credential can lead to unauthorized trades and financial loss.

Protect your API keys: Store API keys using environment variables or secure vaults, and rotate them regularly.
Use strong authentication: Implement robust authentication protocols. Understanding different API authentication methods can help you choose the most secure option for your application.
Encrypt all data in transit: Always use HTTPS for API requests.
Implement access controls: Apply the principle of least privilege — limit API permissions to only what your application requires.
Monitor and log activity: Keep detailed logs of API interactions to detect suspicious patterns. Understanding API security best practices is essential for financial applications.
Keep SDKs updated: Regularly update your Webull SDK to protect against known vulnerabilities and maintain compatibility with API changes.

Legal Considerations and TOS Risks

Before building on any trading API, understand the legal landscape — especially the distinction between official and unofficial access.

Using the Official Webull OpenAPI

The official API is the safe path. When you apply for and receive API access through Webull’s OpenAPI program, you’re operating within their sanctioned terms. Your access is documented, your credentials are issued by Webull, and your usage is governed by the OpenAPI agreement.

Risks of Unofficial API Access

Using the unofficial tedchou12/webull library or reverse-engineering Webull’s internal endpoints carries real risks:

Terms of Service violations — Webull’s TOS explicitly prohibits accessing parts of the platform “through any means not intentionally made available by Webull for your specific use.” Using undocumented endpoints likely falls outside this boundary.
Account termination — Webull reserves the right to terminate accounts that breach their Terms of Service and “take all necessary measures,” which could include legal action.
Data licensing issues — market data served through Webull is often sourced from third-party providers (exchanges, data vendors) with their own licensing restrictions. Redistributing or reselling scraped data may create additional legal exposure.
No stability guarantees — unofficial endpoints can change without notice, breaking your application at the worst possible time (e.g., during volatile market conditions).

The safest approach is to use the official OpenAPI for any production trading system, and reserve unofficial tools for personal research and experimentation only.

Alternative Trading APIs

Webull isn’t the only option for programmatic trading. Depending on your needs, these alternatives may be a better fit:

Alpaca

Alpaca is purpose-built for API-first trading. It offers commission-free stock and ETF trading with a clean REST API and WebSocket streaming. Official SDKs exist for Python, JavaScript, Go, and C#. Authentication uses a straightforward API key/secret pair. The standard rate limit is 200 requests per minute, with higher limits available through paid data plans. If you’re a Python developer building a US equities bot, Alpaca is often the easiest starting point.

Interactive Brokers (IBKR)

Interactive Brokers provides the broadest market coverage of any retail broker API. Their TWS API supports stocks, options, futures, forex, and bonds across global markets, with SDKs for Python, Java, C++, and C#. The trade-off is complexity: IBKR’s session-based authentication requires the TWS desktop app or IB Gateway to be running, and the API’s learning curve is steep. Rate limits sit at 50 order messages per second. Choose IBKR if you need multi-asset, global market access.

Charles Schwab (formerly TD Ameritrade)

Following Schwab’s acquisition of TD Ameritrade, their API platform combines institutional-grade capabilities with retail accessibility. Authentication uses OAuth 2.0 with access tokens that refresh every 30 minutes. Rate limits are approximately 120 requests per minute per application. Choose Schwab if you’re already in the Schwab ecosystem or need robust OAuth-based security.

Which Should You Choose?

Starting out with US equities — Alpaca’s developer experience is hard to beat.
Global multi-asset trading — Interactive Brokers offers unmatched breadth.
Schwab ecosystem integration — Schwab’s API is the natural choice.
Webull-specific features — if you’re already a Webull user and want to automate your existing account, the official OpenAPI is your best bet.

For a deeper dive into building API strategies in financial services, see our API strategy guide for financial companies and guide to optimizing fintech APIs.

Webull API Pricing

Webull’s API pricing is straightforward:

No extra charges for accessing the API itself.
Trading fees are the same as those in the Webull app.
Market data subscriptions for the OpenAPI are purchased separately through Webull’s subscription system. Real-time data for US stocks is available, with additional subscriptions for futures, crypto, and advanced Level 2 data.

There are no published tiers with different API rate limits or feature gates. All approved developers get the same API access. This is a notable difference from brokers like Alpaca, which offer different rate limits based on subscription tier.

For developers interested in building revenue-generating applications on top of trading data, exploring fintech API monetization strategies can provide insights into sustainable business models.

Troubleshooting Common Issues

When working with the Webull API, you may encounter these common problems:

Authentication errors — verify your App Key and App Secret are correct and that your application has been approved for production access. If using the test environment, make sure you’re using the shared test credentials.
Rate limiting — implement exponential backoff when you receive 429 responses. Learn more about handling API rate limit errors and HTTP 429 responses.
Data discrepancies — market data may have slight delays depending on your subscription level. Always cross-reference with your Webull app for critical trades.
SDK compatibility — ensure you’re using a supported Python version (3.8–3.13) or Java version (JDK 8+) with the official SDKs.

For broader API support and management, rate-limiting solutions can enhance your application’s reliability and protect your backend from unexpected traffic spikes.

Building Reliable Trading Applications with Webull

Webull’s official OpenAPI gives developers a supported, documented path to trading automation — a significant improvement over the years when the unofficial Python library was the only option. With Python and Java SDKs, a free test environment, and no extra API charges, the barrier to entry is low.

The key is choosing the right tool for your use case: the official API for production systems, the unofficial library for quick experimentation, and alternative brokers like Alpaca or IBKR if Webull doesn’t fit your specific needs.

Ready to manage and secure your trading API integrations? Visit Zuplo to learn how our API management platform can help you add authentication, rate limiting, and caching to any financial API — ensuring your integration is optimized for reliability and performance.