Get Service Ticket using TGT. Uses CAS v1 endpoint by default (compatible with both real and demo).
Ticket Granting Ticket from login()
Service name. Use 'xapi5' for WebSocket, 'abigail' for REST API
Service ticket for the specified service
Get Service Ticket via CAS v2 endpoint (alternative method). POST https://xstation.xtb.com/signon/v2/serviceTicket JSON: {tgt, service: "xapi5"} + Time-Zone header
Extract TGT from successful login result.
Result from login() method
TGT string if login was successful, null if 2FA required
Check if TGT is still valid (not expired). Note: This only checks local expiration time, not server-side validity.
Login with email/password using CAS v2 with v1 fallback.
Tries CAS v2 first (supports 2FA), falls back to CAS v1 (no 2FA) if v2 unavailable.
XTB account email
XTB account password
Either success with TGT or 2FA challenge requiring OTP code
Submit two-factor authentication code to complete login.
Session ID from initial login response
OTP code (6 digits from TOTP/SMS/EMAIL)
TGT and expiration timestamp if successful, or new 2FA challenge
Refresh service ticket using existing TGT.
Service tickets are single-use and expire after 2-5 minutes. Use this method to get a fresh ST when the previous one is expired.
Valid Ticket Granting Ticket
Service name (default: 'xapi5')
Fresh service ticket
CAS authentication client for XTB xStation5.
Flow:
Critical: Use service='xapi5' for WebSocket, NOT 'abigail' (that's for REST API)