A clean REST API on top of Robinhood’s official MCP server. Your credentials stay with Robinhood — we never see them. One endpoint to buy, sell, and check positions.
● Auth handled end-to-end by Robinhood’s MCP — scoped, revocable, audited.
curl -X POST https://api.robinapi.com/v1/orders \ -H "Authorization: Bearer $HOOD_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "symbol": "AAPL", "side": "buy", "type": "limit", "quantity": 10, "limit_price": 187.50 }'
# 201 Created { "order_id": "ord_8f3kq2", "status": "queued", "routed_via": "robinhood_mcp", "filled_qty": 0 }
How it works
We don’t scrape, reverse-engineer, or store your login. Every order is routed through the Model Context Protocol server that Robinhood itself provides.
You authorize directly on Robinhood via their official MCP connection flow. Your password and 2FA never pass through our servers.
We issue you a key bound to that MCP session. Scope it to orders:write, positions:read, or both — and revoke it any time.
Your script or agent hits POST /v1/orders. We translate it to an MCP tool call and Robinhood executes it under your authorization.
What you can build
Anything that can make an HTTP request — an agent, a cron job, a webhook — can now read your positions and place orders under the limits you set.
Place an alert when Trump tweets about a stock you hold — then let your workflow decide whether to hedge, sell, or sit tight.
One block in your OpenClaw config — or any MCP-compatible agent — and place_order, cancel_order, and get_positions appear as tools.
Not just quotes and read-only data — a real, secure API to place orders. Scoped keys and spend caps keep every workflow on a leash.
Security
The entire trust model rests on one fact: authentication and execution happen inside Robinhood’s official MCP. We are a translator, not a custodian.
We never receive, transmit, or store your Robinhood username, password, or 2FA codes. Authorization happens on Robinhood’s domain.
Every order travels through the MCP server Robinhood operates. No scraping, no private endpoints, no session-cookie tricks.
Keys can be read-only, order-only, or symbol-restricted. Revoke one key without touching the others — instantly.
Set a max order size and daily notional cap per key. Anything over the cap is rejected before it ever reaches Robinhood.
Every request — who, what, when, from which key — is logged and exportable. Agents make mistakes; you’ll see exactly what happened.
Pause all trading across every key from the dashboard or via POST /v1/killswitch. Takes effect immediately.
Pricing
Everything
Unlimited API calls. Cancel anytime.
Requires a Robinhood account in good standing. Market data and execution remain subject to Robinhood’s own terms.
FAQ
No. We are an independent service with no affiliation, partnership, or endorsement from Robinhood Markets, Inc. What we build on is official: Robinhood’s own MCP server handles all authentication and order execution. We provide the REST layer and tooling around it.
Because we never touch your credentials. You authorize on Robinhood’s domain through their MCP connection flow — the same way you’d connect any MCP client. We hold only a scoped, revocable token, and you can add spend limits and a kill switch on top.
Only what the key’s scope allows: positions:read, quotes:read, orders:write — optionally restricted to specific symbols and capped at a daily notional. An agent with a read-only key cannot place an order, full stop.
Our API contract stays stable — we absorb upstream changes in the translation layer. If Robinhood ever deprecates the MCP entirely, we’ll notify you immediately and pause billing rather than fall back to unsafe methods.
Yes. One plan, monthly billing, cancel from the dashboard in one click. Your keys are revoked at the end of the billing period.
Set up takes about four minutes — most of it on Robinhood’s side.