lean data download with Alpaca 404s at OAuth authorization step (projectId=-1)
Summary
When a user runs lean data download and selects Alpaca as the data provider (option 19 / --data-provider-historical Alpaca), the CLI opens a browser to authenticate with Alpaca via QC's OAuth flow. The URL it opens is:
https://www.quantconnect.com/api/v2/live/auth0/authorize?brokerage=alpaca&projectId=-1
This URL returns a 404. The lean data download workflow is therefore completely broken for Alpaca — there is no workaround because Alpaca auth is OAuth-only (no --alpaca-api-key CLI flag exists).
Root cause hypothesis
In a lean live context a real project ID is always available, so the OAuth URL carries a valid projectId. In a lean data download context there is no live project, so lean-cli falls back to projectId=-1 as a sentinel value.
The 404 indicates the QC platform's /api/v2/live/auth0/authorize endpoint either:
- No longer accepts
projectId=-1 as a wildcard/default (a recent platform-side change), or
- The endpoint path/URL has changed and lean-cli still has the old path.
Steps to reproduce
lean data download
# Select "Alpaca" from the brokerage list (option 19)
# A browser opens to:
# https://www.quantconnect.com/api/v2/live/auth0/authorize?brokerage=alpaca&projectId=-1
# Browser returns 404
Expected behaviour
Browser opens the Alpaca OAuth consent screen and authentication completes successfully.
Affected version
lean-cli (version not reported by customer; issue reproducible as of 2026-06-20).
Related
- Intercom conversation: 215474781517006
- KB: alpaca-brokerage.md — confirms OAuth model, URL shape
…authorize?brokerage=alpaca without projectId
- Docs:
05 Lean CLI/05 Datasets/06 Brokerages/12 Supported Brokerages.html — Alpaca only requires --alpaca-environment (no API-key flags), OAuth is the only auth path
Suggested fix
Options for the lean-cli side:
- In the data-download OAuth flow, supply a real project ID (e.g. the user's first project, or create a temporary one) instead of
-1
- Alternatively, coordinate with the platform team to re-accept
-1 as a valid sentinel for data-only contexts
lean data downloadwith Alpaca 404s at OAuth authorization step (projectId=-1)Summary
When a user runs
lean data downloadand selects Alpaca as the data provider (option 19 /--data-provider-historical Alpaca), the CLI opens a browser to authenticate with Alpaca via QC's OAuth flow. The URL it opens is:This URL returns a 404. The
lean data downloadworkflow is therefore completely broken for Alpaca — there is no workaround because Alpaca auth is OAuth-only (no--alpaca-api-keyCLI flag exists).Root cause hypothesis
In a
lean livecontext a real project ID is always available, so the OAuth URL carries a validprojectId. In alean data downloadcontext there is no live project, so lean-cli falls back toprojectId=-1as a sentinel value.The 404 indicates the QC platform's
/api/v2/live/auth0/authorizeendpoint either:projectId=-1as a wildcard/default (a recent platform-side change), orSteps to reproduce
Expected behaviour
Browser opens the Alpaca OAuth consent screen and authentication completes successfully.
Affected version
lean-cli (version not reported by customer; issue reproducible as of 2026-06-20).
Related
…authorize?brokerage=alpacawithoutprojectId05 Lean CLI/05 Datasets/06 Brokerages/12 Supported Brokerages.html— Alpaca only requires--alpaca-environment(no API-key flags), OAuth is the only auth pathSuggested fix
Options for the lean-cli side:
-1-1as a valid sentinel for data-only contexts