Skip to content

CLI flags

Full flag list. You can also run --help on each binary:

futu-opend --help
futu-mcp --help
futucli --help

futu-opend

Flag Default Description
--login-account <id> Futu account (one of account/pwd is required)
--login-pwd <pwd> Plain-text login password (v1.4.18+ prints deprecation WARN; prefer keychain)
--login-pwd-md5 <hex> MD5 (same argv exposure as plaintext; same WARN)
--login-pwd-file <path> v1.4.18+: read password from file (friendly for Docker secrets / systemd LoadCredential)
--login-region <gz/sh/hk> Backend region (v1.4+)
--config <path> TOML config file (v1.4.2+); fields mirror CLI flags, CLI wins
--cfg-file <path> XML config, compatible with C++ FutuOpenD.xml
--ip <addr> 0.0.0.0 Listen IP
--port <n> 11111 FTAPI TCP port
--rest-port <n> REST port (also serves /ws)
--rest-keys-file <path> REST Bearer Token keys.json
--grpc-port <n> gRPC port
--grpc-keys-file <path> gRPC Bearer Token keys.json
--websocket-port <n> Core WS port (Futu SDK)
--ws-keys-file <path> Core WS handshake auth keys.json (v1.0+)
--telnet-port <n> Admin telnet
--lang <chs/cht/en> chs UI language
--log-level <level> info trace/debug/info/warn/error
--json-log false stdout JSON logs
--audit-log <path> Audit JSONL file or directory
--rsa-private-key <path> RSA private key PEM (for RSA-encrypted clients)
--platform <futunn/moomoo> futunn Account platform (v1.4.14+). futunn = Futubull (CN/HK), moomoo = US/SG/AU/JP/CA
--auth-server <url> derived from --platform Custom auth server URL; overrides --platform
--device-id <hex> auto-generated Device ID (16 hex chars, v1.4.16+). Overrides and updates ~/.futu-opend-rs/device-<hash>.dat
--reset-device false v1.4.17+: delete device + credentials files before starting, forces full first-login (SMS) on next run
--setup-only false v1.4.17+: finish auth + credentials cache, then exit without starting any server (systemd / Docker workflow)

futu-mcp

Flag Default Description
--gateway <addr> 127.0.0.1:11111 Gateway TCP address
--keys-file <path> keys.json (scope mode)
--api-key <plaintext> / env FUTU_MCP_API_KEY Plain-text key bound at startup
--enable-trading false (legacy) allow trade-write tools; ignored when keys-file is set
--allow-real-trading false (legacy) allow the real environment; ignored when keys-file is set
--audit-log <path> Audit JSONL
--http-listen <addr> HTTP transport (v1.0+); if unset, stdio is used
-v, --verbose false Debug logs

futucli

Global

Flag Default Description
-g, --gateway <addr> / env FUTU_GATEWAY 127.0.0.1:11111 Gateway address
-o, --output <format> table table / json
-v, --verbose false Debug logs
--audit-log <path> Audit JSONL (v1.2+)

Subcommands

Command Description
ping Ping the gateway
quote <symbols...> Real-time quotes
snapshot <symbols...> Snapshot
kline <symbol> [--type day] [--count 100] Candles
orderbook <symbol> [--depth 10] Level-2 book
ticker <symbol> [--count 100] Tick-by-tick
rt <symbol> Intraday time-series
static <symbols...> Static security info
broker <symbol> Broker queue
plate <market> Plate/sector list
sub <symbols...> -t <types> Subscribe (types: basic/orderbook/ticker/broker/rt/kline)
accounts List accounts
funds <acc-id> --market HK Funds
positions <acc-id> --market HK Positions
orders <acc-id> --market HK Orders
deals <acc-id> --market HK Fills
unlock-trade --env real Unlock trading (prompts for password)
set-trade-pwd Save trade password into the OS keychain (read by futu-mcp's futu_unlock_trade tool; v1.4+)
clear-trade-pwd Remove trade password from the OS keychain (v1.4+)
set-login-pwd --account <id> v1.4.18+: store an account's login password in the OS keychain (futu-opend reads it automatically)
clear-login-pwd --account <id> v1.4.18+: remove the stored login password for an account
gen-key --id <n> --scopes <list> Generate a key
list-keys List all keys
revoke-key <id> Revoke a key
bind-key <id> --this-machine / --replace / --clear / --freeze Edit machine binding in place
machine-id [--for-key <id>] Show this machine's fingerprint
repl Interactive REPL (shared long connection + live push display)