Exactly how does that audit work? Can you tell us based on your friend's? "What do you do with the data?" "I chart it. Here is the program I use." "Then what do you do?" "Then I submit the orders. Manually. Type them in and send them. Here is the program I use." .... ?
In fact, the first thing I wanted to do through the API is to build a custom real-time time and sales graph with the help of a day trader that uses a technique when something particular happens. He wants a better visual output rather than the tipical times and sales list.
The burden of proof is on you and it's way more invasive than some soft-ball questions. In the audit terms of the data plans you agree to unannounced office visits, packet sniffers, etc. In his case, he physically had to show how his program worked, and then only that program's binary could connect to the data server.
Joan, there is an interest at work here. The exchanges want iron control of their data and how it is used. Here's is the business model, as it was explained to me by a major data vendor: It's the old "seat at the exchange" model. Every chair has one terminal, whether it be Bloomberg, Reuters, or some competitor. That is the "display" for the seat. Each seat has associated fees, depending on the services that they are using, and data that they are consuming. If they are only using the "display," then non-display fees do not apply. If they are using the Bloomberg API/SDK to build algos, then the non-display fees will apply. They don't want these "lone rangers" out there trading with home-grown. Pick your display from among the preferred list, and pipe the data in. Use your mouse to click around. No terminal, command line, code, scripts, programs, or anything,, well, "non-display." If you want that level of access, you will pay a heavy tax, and must play by their rules.
Ok - but you understand that from the technical point of view, it is hilariously easy to show non-"non-display" use of data to the auditors, even during the physical office visit? And "packet sniffers" can only show what is being done through the API, not the "intent" behind it... In fact, who needs packet sniffers, all you have to do is log the API calls on the vendor's side (which, I am sure, is being done already). Now, if they could subpoena your computer and have experts go through it and find out if there are some hidden programs that do some "autotrading" or something... But that would take a court order I presume.
Yeah, I already sensed they don't want us, building 'stuff'. Well maybe we can avoid NYSE altogether. I hope they don't need us to feed their greed.
Good luck with that. The best answer I've found so far is: FOREX. That's the unregulated venue. The only problem is that Forex, is, well, forex.
of course it would be easy to fake visually, but what do you do after they leave and only that program can connect to the api? they're not idiots.
Is it not possible to trade only NASDAQ listed stocks, or futures? I'm not really aware if the exchanges belong to the same organisation or what...
They're not idiots, it's the task that is impossible. Again, how exactly can they "audit" that only that program can connect to the API? It's your program (or programs). You're in control. Programs don't have fingerprints. Basically, how do you forensically determine whether the API order was placed manually or automatically?