ibeam icon indicating copy to clipboard operation
ibeam copied to clipboard
verified publisher icon Voyz

IBEAM - HTTP 503 issue

Open adventurous51 opened this issue 1 month ago • 6 comments

IBEAM does not login anymore. I have used IBEAM for weeks without any issues and suddenly, today, I keep getting an http 503 error. IBKR support say there is no issue with their site. With a 503, one would think it is on their side but they claim it is not.

Here is the message IBEAM sends when I trigger it. Everything works during the authentication process but as soon as I am done validating the 2FA, I get...

2025-11-10 01:08:08,420|I| Logging in succeeded 2025-11-10 01:08:08,672|E| IBKR service unavailable: "HTTP Error 503: Service Unavailable". It seems IBKR servers are not ready to handle requests. We may need to wait until the servers are ready. 2025-11-10 01:08:08,674|I| NO SESSION Status(running=True, session=False, connected=False, authenticated=False, competing=False, collision=False, session_id=None, server_name=None, server_version=None, expires=None) 2025-11-10 01:08:08,674|E| Repeatedly reauthenticating failed 3 times. Killing the Gateway and restarting the authentication process.

I am lost as to where to look.

adventurous51 avatar Nov 10 '25 01:11 adventurous51

Hey @adventurous51 - sorry to see you're running into these issues. 503s as you correctly observed is an internal server issue. Try to follow up with IBKR, asking them to investigate the exact times when you were connected and getting these errors. There's nothing we can do from IBeam side.

Alternatively, use OAuth 1.0a authentication with IBind.

Voyz avatar Nov 10 '25 08:11 Voyz

Yes, I figured it was their problem. I checked my TWS to catch the exact moment when they rebooted their servers. As soon as TWS lost connection after midnight and then reconnected, I restarted ibeam and guess what? Everything was fine.

Thanks and sorry to drag you into this. I have been using ibeam for weeks now and it is rock solid. I restart it every day to make sure the connection does not expire and it works like a charm. I even automated the 2FA authentication so it can restart/reauthenticate unattended.

I abandoned the 0Auth because what I discovered is , believe it or not, individual users need to login the Client Portal Gateway first before 0auth can secure a broker session. I tested it many times and it is exactly what I am stuck with. So, what is the point of 0Auth in this case?. Beside, it is slower than ibeam itself. I am not sure how you managed to get to 0auth to work while bypassing the Client Portal Gateway as it is supposedly available only for institutional clients. Maybe IBKR uses different criteria in different countries. I am in Canada. Anyhow, I hope you keep maintaining ibeam as it is an integral part of my system now and it is very stable.

Thanks and cheers!

adventurous51 avatar Nov 10 '25 14:11 adventurous51

Oh that actually is very interesting, thanks for writing all that up. I was under the assumption that OAuth was the solution slowly making IBeam obsolete, but it's great to hear your story. I'm definitely keeping on maintaining it for now.

How did you automate your 2FA?

As for 5XXs from IBKR - in my experience they're random. Sometimes related to restarts, sometimes they just happen.

Voyz avatar Nov 11 '25 08:11 Voyz

I knew you were going to ask.:) I am a bit reluctant to publish that publicly because I don't necessarily want IBKR to know what I am doing but since you asked....

.... My IBKR accounts are setup to use the IBKR app on my phone to perform the 2FA. The IBKR app requires one of 2 things to authenticate; finger print or a static pin.

My phone is an Android phone. I found a clever app that allows you to automate any task, without coding, on an Android phone. It is called MacroDroid. ( I believe on iphone you could use Shortcuts to do something similar but I don't have one to test that)

So, I wrote a macro that basically do this:

  1. If an IBKR Login notification is received 2) If screen is locked or off turn it on 3) Unlock the screen with the pin 4) Click on the IBKR notification 5) Click Approve 6) Click Cancel 7) Enter the pin 8) Click Submit 9) Press the Back button 10) Delete the notification

You need to insert a few fractions of seconds delays between some of these steps until it all run smoothly. Also, you need to turn on the Development options on the phone (I can't remember which one needs to be turned on but it is documented in the app). Finally, you must set the IBKR app to never sleep.

Et voilà!

Now that it is tweaked, it works flawlessly.

Of course this will trigger regardless of which account or which app from IBKR someone is logging on to with one of my ids. It is in effect removing 2FA for all IBKR usage and is a risk but my phone notifies me when a login request is coming so I can live with that. Also, this is predicated on the phone having network access (wifi or cellular) but it would be the same if I did not automate the process.

So, it is not a very high tech solution but... it works! A cron job starts ibeam on Sunday, kills it and restarts it daily and shuts it down on Friday. Unless IBKR has issues, ibeam never needs the 2FA except when it is scheduled to require one. If like last Sunday, ibeam gets stuck in a reauthentication loop, I notice right away as well.

I hope this answers your question.

On Tue, Nov 11, 2025 at 3:55 AM voyz @.***> wrote:

Voyz left a comment (Voyz/ibeam#266) https://github.com/Voyz/ibeam/issues/266#issuecomment-3515636247

Oh that actually is very interesting, thanks for writing all that up. I was under the assumption that OAuth was the solution slowly making IBeam obsolete, but it's great to hear your story. I'm definitely keeping on maintaining it for now.

How did you automate your 2FA?

As for 5XXs from IBKR - in my experience they're random. Sometimes related to restarts, sometimes they just happen.

— Reply to this email directly, view it on GitHub https://github.com/Voyz/ibeam/issues/266#issuecomment-3515636247, or unsubscribe https://github.com/notifications/unsubscribe-auth/AURMF65NUF5ICGBXZLRSWCL34GP6LAVCNFSM6AAAAACLTOTIXCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMJVGYZTMMRUG4 . You are receiving this because you were mentioned.Message ID: @.***>

-- Mario

adventurous51 avatar Nov 11 '25 13:11 adventurous51

I forgot one thing, I start ibeam with IBEAM_OAUTH_TIMEOUT=30 to give enough time for the macro to execute.

adventurous51 avatar Nov 11 '25 14:11 adventurous51

Very clever, I like it! Thanks for sharing it! Indeed it is a bit of a workaround. Did you hear that they now support 3rd party 2fa authenticators like Google Authenticator? I'd imagine writing an automation using it should be even easier, and wouldn't require a phone automation. But your solution works, well done! I appreciate you sharing it all 👍

Voyz avatar Nov 12 '25 09:11 Voyz