question

Upvotes
Accepted
daniel.schlingmann avatar image
3 1 0 1

Get access token via browser - Access-Control-Allow-Origin

I can not get a token using a web browser (e.g. Chrome), neither a refresh token nor an access token. The token endpoint (https://api.refinitiv.com/auth/oauth2/beta1/token) does not include an Access-Control-Allow-Origin response header in the response. For security reasons modern web browsers prevent connections to servers without this header.

Using postman or python we can generate access and refresh tokens.

As soon as a token pair has been generated the access token can be used to get data from an endpoint (e.g.https://api.refinitiv.com/data/environmental-social-governance/v1/views/measures-full?universe=BNPP.PA) using a web browser because the esg data endpoints includes this headers.

Is there a particular reason for preventing token generation directly from a browser?

rdp-apirefinitiv-data-platformhistoricaltoken
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

1 Answer

Upvotes
Accepted
Gurpreet avatar image
13k 32 12 18

Hi @daniel.schlingmann Currently EDP supports Password and Refresh grants only. We will be adding Implicit and Authorization Code grant types soon, which will enable browser based applications to request a code or a token and use EDP services.

You can use a reverse proxy to continue developing your application meanwhile.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Click below to post an Idea Post Idea