Settings API
Manage API keys and credentials for third-party services
Last Updated
16 Oct 2025 - Current Implementation
Overview
The Settings API provides secure management of API keys and credentials for:
- LLM Providers - OpenAI and Anthropic API keys for signal generation
- Data Providers - EODHD API key for stock market data
- Research Tools - Tavily API key for web search capabilities
- QuantConnect - User ID, API token, and organization ID for algorithm deployment
Security Notes
- API keys are stored in SQLite database (
market_intelligence.db) - QuantConnect tokens are masked in responses (first 4 chars + asterisks)
- Never commit the database file to version control
- For production, use environment variables or secret management services
- All credentials are transmitted over HTTPS in production
General Settings Endpoints
GET
/api/settings
Read all user settings and API keys (credentials are masked).
Example Request
curl "http://localhost:8004/api/settings"Response (200 OK)
{
"openai_key": "sk-proj-1234...",
"anthropic_key": "sk-ant-api03-5678...",
"eodhd_key": "your_eodhd_api_key_here",
"tavily_key": "tvly-abcd...",
"qc_user_id": "12345678",
"qc_api_token_masked": "a1b2************************************************************",
"qc_organization_id": "your_quantconnect_org_id",
"qc_verified": true,
"qc_verified_at": "2025-10-16T10:30:00Z",
"updated_at": "2025-10-16T14:30:00Z"
}Response Fields
| Field | Type | Description |
|---|---|---|
openai_key |
string | OpenAI API key (starts with "sk-proj-" or "sk-") |
anthropic_key |
string | Anthropic API key (starts with "sk-ant-api03-") |
eodhd_key |
string | EODHD API key |
tavily_key |
string | Tavily API key (starts with "tvly-") |
qc_user_id |
string | QuantConnect user ID |
qc_api_token_masked |
string | Masked QuantConnect API token (first 4 chars visible) |
qc_organization_id |
string | QuantConnect organization ID |
qc_verified |
boolean | Whether QC credentials have been verified |
qc_verified_at |
datetime | Timestamp of last successful QC verification |
updated_at |
datetime | Last settings update timestamp |
POST
/api/settings
Update user settings and API keys (only provided fields are updated).
Request Body
{
"openai_key": "sk-proj-1234567890abcdef...",
"anthropic_key": "sk-ant-api03-1234567890abcdef...",
"eodhd_key": "your_eodhd_api_key_here",
"tavily_key": "tvly-1234567890abcdef..."
}Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
openai_key |
string | No | OpenAI API key for GPT-4 based signal generation |
anthropic_key |
string | No | Anthropic API key for Claude-based signal generation |
eodhd_key |
string | No | EODHD API key for stock market data (required for Stocks API) |
tavily_key |
string | No | Tavily API key for web search (used by macro agent and research) |
Example Request (cURL)
curl -X POST "http://localhost:8004/api/settings" \
-H "Content-Type: application/json" \
-d '{
"openai_key": "sk-proj-1234567890abcdef...",
"eodhd_key": "your_eodhd_api_key_here"
}'Example Request (Python)
import requests
response = requests.post(
"http://localhost:8004/api/settings",
json={
"openai_key": "sk-proj-1234567890abcdef...",
"eodhd_key": "your_eodhd_api_key_here",
"tavily_key": "tvly-1234567890abcdef..."
}
)
settings = response.json()
print(f"Settings updated at: {settings['updated_at']}")Response (200 OK)
{
"openai_key": "sk-proj-1234...",
"anthropic_key": null,
"eodhd_key": "your_eodhd_api_key_here",
"tavily_key": "tvly-abcd...",
"qc_user_id": null,
"qc_api_token_masked": null,
"qc_organization_id": null,
"qc_verified": null,
"qc_verified_at": null,
"updated_at": "2025-10-16T14:30:00Z"
}QuantConnect Credentials Endpoints
POST
/api/settings/quantconnect
Update QuantConnect credentials (user ID, API token, organization ID).
Request Body
{
"qc_user_id": "12345678",
"qc_api_token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6",
"qc_organization_id": "your_quantconnect_org_id"
}Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
qc_user_id |
string | Yes | Your QuantConnect user ID (found in account settings) |
qc_api_token |
string | Yes | Your QuantConnect API token (64 character hex string) |
qc_organization_id |
string | Yes | Your QuantConnect organization ID |
Getting QuantConnect Credentials
To find your QuantConnect credentials:
- Log in to QuantConnect
- Go to Account → API Access
- Copy your User ID, API Token, and Organization ID
- Paste them into the settings form or API request
Note: The API token is stored raw (unhashed) in the database, but is hashed with a timestamp during API authentication calls.
Example Request (cURL)
curl -X POST "http://localhost:8004/api/settings/quantconnect" \
-H "Content-Type: application/json" \
-d '{
"qc_user_id": "12345678",
"qc_api_token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6",
"qc_organization_id": "your_quantconnect_org_id"
}'Example Request (Python)
import requests
response = requests.post(
"http://localhost:8004/api/settings/quantconnect",
json={
"qc_user_id": "12345678",
"qc_api_token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6",
"qc_organization_id": "your_quantconnect_org_id"
}
)
status = response.json()
print(f"QC Credentials: configured={status['configured']}, verified={status['verified']}")Response (200 OK)
{
"configured": true,
"verified": false,
"user_id": "12345678",
"organization_id": "your_quantconnect_org_id",
"verified_at": null
}Important Notes
- When credentials are updated,
qc_verifiedis automatically reset tofalse - Use the
/api/settings/quantconnect/testendpoint to verify credentials - Verification status is tracked in
qc_verifiedandqc_verified_atfields
GET
/api/settings/quantconnect
Get QuantConnect credentials status (token is masked).
Example Request
curl "http://localhost:8004/api/settings/quantconnect"Response (200 OK) - Configured
{
"configured": true,
"verified": true,
"user_id": "12345678",
"organization_id": "your_quantconnect_org_id",
"verified_at": "2025-10-16T10:30:00Z"
}Response (200 OK) - Not Configured
{
"configured": false,
"verified": false,
"user_id": null,
"organization_id": null,
"verified_at": null
}
POST
/api/settings/quantconnect/test
Test QuantConnect API connection and verify credentials.
Example Request
curl -X POST "http://localhost:8004/api/settings/quantconnect/test"Processing Flow
This endpoint performs the following verification steps:
- Checks if QuantConnect credentials are configured
- Creates proper authentication headers (timestamp-based hashing)
- Calls QuantConnect API
/projects/readendpoint as a test - If successful, updates
qc_verifiedtotrueand setsqc_verified_at - Returns detailed status and error messages
Timeout: 10 seconds
Response (200 OK) - Success
{
"success": true,
"message": "QuantConnect credentials verified successfully",
"user_id": "12345678",
"organization_id": "your_quantconnect_org_id"
}Response (200 OK) - Invalid Credentials
{
"success": false,
"message": "Verification failed: Invalid credentials",
"user_id": "12345678",
"organization_id": "your_quantconnect_org_id"
}Response (200 OK) - Connection Timeout
{
"success": false,
"message": "Connection timeout - please try again",
"user_id": "12345678",
"organization_id": "your_quantconnect_org_id"
}Error Response (400 Bad Request)
{
"detail": "QuantConnect credentials not configured"
}
Verification Best Practices
- Test credentials immediately after updating them
- Re-verify if you encounter deployment errors in Strategy Generator
- Check your QuantConnect account for API rate limits
- Ensure your organization ID matches your actual QuantConnect organization
DELETE
/api/settings/quantconnect
Remove QuantConnect credentials from settings.
Example Request
curl -X DELETE "http://localhost:8004/api/settings/quantconnect"Response (200 OK)
{
"message": "QuantConnect credentials removed successfully"
}Error Response (404 Not Found)
{
"detail": "Settings not found"
}Token Masking
For security, API tokens are masked when returned in API responses:
| Field | Masking Format | Example |
|---|---|---|
| QuantConnect API Token | First 4 chars + 60 asterisks | a1b2************************************************************ |
| Other API Keys | Full key visible | sk-proj-1234... (truncated in docs) |
Why Mask Only QC Token?
QuantConnect tokens are 64-character hex strings that are particularly sensitive because they provide full access to your algorithmic trading account. Other API keys (OpenAI, EODHD, etc.) are shown in full for easier debugging, but you should still protect them.
Data Storage
All settings are stored in the user_settings table in the SQLite database:
| Column | Type | Description |
|---|---|---|
id |
INTEGER | Primary key (always 1, single-user system) |
openai_key |
TEXT | OpenAI API key |
anthropic_key |
TEXT | Anthropic API key |
eodhd_key |
TEXT | EODHD API key |
tavily_key |
TEXT | Tavily API key |
qc_user_id |
TEXT | QuantConnect user ID |
qc_api_token |
TEXT | QuantConnect API token (stored raw, not hashed) |
qc_organization_id |
TEXT | QuantConnect organization ID |
qc_verified |
BOOLEAN | Whether QC credentials have been verified |
qc_verified_at |
DATETIME | Timestamp of last successful QC verification |
updated_at |
DATETIME | Last settings update timestamp |
Error Responses
| Status Code | Description |
|---|---|
| 400 | Invalid request (missing required fields, invalid format) |
| 404 | Settings not found (only for DELETE operations) |
| 500 | Internal server error |
Next Steps
- Stocks API - Requires EODHD API key
- Signals API - Requires OpenAI or Anthropic key
- Research API - Requires OpenAI and Tavily keys
- Strategies API - Requires QuantConnect credentials
- Dependencies & Third-Party Services