Non-Custodial Architecture

SnipeRoute never holds funds or assets.

Overview

SnipeRoute is non-custodial infrastructure. Funds and assets never pass through SnipeRoute — they remain exclusively with the user's connected broker account.

Non-custodial architecture ensures that SnipeRoute never has access to user funds, only to order routing permissions via OAuth.

How It Works

User Links Broker via OAuth

User authorizes SnipeRoute to place orders on their behalf via OAuth 2.0. SnipeRoute receives a trading token with limited permissions.

Funds Remain at Broker

All cash and securities stay in the user's broker account (Alpaca, IBKR, Schwab, etc.). SnipeRoute never touches these assets.

Trade Intent Submitted

Upstream platform submits a Trade Intent to SnipeRoute with full execution parameters.

SnipeRoute Routes to Broker

SnipeRoute uses the OAuth token to place the order via the broker's API. The trade executes within the user's broker account.

Fills Settle at Broker

Order fills settle directly in the user's broker account. SnipeRoute only receives status updates.

What SnipeRoute Has Access To

Access Level	What SnipeRoute Can Do	What SnipeRoute CANNOT Do
Trading Permissions	Place orders via API	Withdraw funds
Order Status	Query order status	Transfer securities
Account Info	Read account balance	Modify account settings
Position Data	View current positions	Close the account

⚠️

SnipeRoute uses trading-only OAuth scopes. It cannot withdraw funds, transfer assets, or modify account settings.

Broker OAuth Flow

Step 1: User Initiates OAuth

User → SnipeRoute Dashboard → "Connect Alpaca Account"

Step 2: Redirect to Broker

SnipeRoute → Alpaca OAuth → User Authorizes

Step 3: SnipeRoute Receives Token

Alpaca → SnipeRoute (OAuth token with trading scope)

Step 4: Token Stored Securely

SnipeRoute → Encrypted Database (token stored, never exposed)

Step 5: Trade Intent Uses Token

Upstream Platform → SnipeRoute → Alpaca API (using OAuth token)

Security Model

What SnipeRoute Stores

OAuth access tokens (encrypted)
OAuth refresh tokens (encrypted)
Broker account IDs
Order history metadata

What SnipeRoute Does NOT Store

Passwords
Bank account details
Social Security Numbers
Withdrawal permissions

Token Revocation

Users can revoke SnipeRoute's access at any time:

Via SnipeRoute Dashboard: Disconnect broker account
Via Broker Settings: Revoke OAuth token directly

Once revoked, SnipeRoute can no longer place orders.

Comparison: Custodial vs Non-Custodial

Custodial System (NOT SnipeRoute)

With a custodial system:

You deposit funds into the platform's account
Platform holds your assets
Platform controls withdrawals
Platform may lend or rehypothecate your assets

Risk: If the platform is hacked or goes bankrupt, your funds may be at risk.

Non-Custodial System (SnipeRoute)

With SnipeRoute:

You keep funds in your own broker account
SnipeRoute only has trading permissions
You control deposits and withdrawals directly with your broker
Your assets cannot be rehypothecated by SnipeRoute

Risk: If SnipeRoute is compromised, an attacker could place unauthorized trades, but cannot withdraw your funds.

Regulatory Implications

Not a Broker-Dealer

Because SnipeRoute does not hold customer funds or execute trades (it routes to brokers), it does not act as a broker-dealer.

Not a Custodian

SnipeRoute does not custody assets, so it is not subject to custodial regulations.

Broker Remains Counterparty

The user's broker (Alpaca, IBKR, Schwab) remains the legal counterparty for all trades.

Example: Non-Custodial Flow

1. User Links Alpaca Account

# User visits SnipeRoute Dashboard
https://app.sniperoute.io/settings/brokers
 
# Clicks "Connect Alpaca"
# Redirected to Alpaca OAuth
# Authorizes "Trading" scope
 
# SnipeRoute receives OAuth token
# Token stored encrypted in database

2. Upstream Platform Submits Trade Intent

from sniperoute import SnipeRouteClient
from sniperoute.models import TradeIntentRequest, OrderSide, OrderType
from decimal import Decimal
 
client = SnipeRouteClient(api_key="sk_live_...")
 
intent = TradeIntentRequest(
    intent_id="trade_001",
    symbol="AAPL",
    side=OrderSide.BUY,
    quantity=Decimal("10"),
    order_type=OrderType.MARKET,
    broker_id="user_alpaca_connection"  # OAuth token used here
)
 
response = await client.create_intent(intent)

3. SnipeRoute Routes to Alpaca

# SnipeRoute sends API request to Alpaca
POST https://api.alpaca.markets/v2/orders
Authorization: Bearer {user_oauth_token}
 
{
  "symbol": "AAPL",
  "qty": 10,
  "side": "buy",
  "type": "market"
}

4. Order Fills in User's Alpaca Account

# Alpaca executes trade
# Shares credited to user's Alpaca account
# SnipeRoute receives status update (filled)
 
# User can verify in Alpaca dashboard:
# - 10 shares of AAPL purchased
# - Cash deducted from user's account
# - SnipeRoute never touched the funds

User Control

Revoking Access

Users can revoke SnipeRoute's access at any time:

Go to Settings → Brokers
Click Disconnect next to Alpaca
OAuth token immediately revoked

After revocation, new Trade Intents will fail with:

{
  "detail": "Broker connection no longer authorized"
}

Next Steps

Broker OAuth Setup

Link your broker account via OAuth

Trade Intents

Learn how to submit Trade Intents

Deterministic Routing First Trade Intent