Skip to main content

Authentication requirements

All routes under /oapi/accounts/:accountId/orders/underlying require Authorization: Bearer <access_token>. Use the access_token and otp_token returned by POST /oapi/auth/gen-secret-key/underlying. GET requests require the Bearer token only. POST, PUT, and DELETE requests also require these headers:
  • x-otp-token: <otp_token>
In sandbox, use the exact fixture OTP token: 552066a35eb30a9815afc952b14287a8.

Place order

POST /oapi/accounts/:accountId/orders/underlying Places a new underlying order for an account.

Required path parameters

  • accountId — Trading account ID.

Required body parameters

  • instrument — Instrument code. Example: ACB
  • qty — Order quantity. Example: 1
  • side — Order side. Example: buy
  • type — Order type. Example: LO
  • limitPrice — Limit price. Example: 23000
  • timeType — Time-in-force type. Example: T

Response fields

  • s (string) — Request status. Example: ok
  • d.orderid (string) — Created order ID.

cURL

curl -X POST "$BASE_URL/oapi/accounts/$ACCOUNT_ID/orders/underlying" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-lang: vi" \
  -H "x-via: K" \
  -H "x-otp-token: $OTP_TOKEN" \
  -d '{
    "instrument": "ACB",
    "qty": 1,
    "side": "buy",
    "type": "LO",
    "limitPrice": 23000,
    "timeType": "T"
  }'

Example response

{
    "s": "ok",
    "d": {
        "orderid": "8000180326000219"
    }
}

Update order

PUT /oapi/accounts/:accountId/orders/underlying/:orderId Updates quantity and limit price for an existing underlying order.

Required path parameters

  • accountId — Trading account ID.
  • orderId — Order ID to update.

Required body parameters

  • qty — Updated order quantity. Example: 1
  • limitPrice — Updated limit price. Example: 23000

cURL

curl -X PUT "$BASE_URL/oapi/accounts/$ACCOUNT_ID/orders/underlying/$ORDER_ID" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-lang: vi" \
  -H "x-via: K" \
  -H "x-otp-token: $OTP_TOKEN" \
  -d '{
    "qty": 1,
    "limitPrice": 23000
  }'

Example response

{
    "s": "ok"
}

Cancel order

DELETE /oapi/accounts/:accountId/orders/underlying/:orderId?timeType=T&isbuyin=N Cancels an existing underlying order.

Required path parameters

  • accountId — Trading account ID.
  • orderId — Order ID to cancel.

Required query parameters

  • timeType — Time-in-force type. Example: T
  • isbuyin — Buy-in flag. Example: N

cURL

curl -X DELETE "$BASE_URL/oapi/accounts/$ACCOUNT_ID/orders/underlying/$ORDER_ID?timeType=T&isbuyin=N" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "x-lang: vi" \
  -H "x-via: K" \
  -H "x-otp-token: $OTP_TOKEN"

Example response

{
    "s": "ok"
}
Replace BASE_URL, ACCOUNT_ID, ACCESS_TOKEN, OTP_TOKEN, and ORDER_ID with your values.