question

Upvotes
Accepted
21 0 0 1

Real-Time Optimized Authentication problem

Greetings! We're having an issue with the very first authentication request. I.e. we registered app and got AppKey, got a machine ID with corresponding machine-specific password, and trying to arrange a REST POST request according to documentation.

Address:

https://api.refinitiv.com:443/auth/oauth2/v1/token

Headers:

Accept: application/json

Authorization: Basic our_app_key_value

Content-Type: application/x-www-form-urlencoded

content-length: actual_length_value

Body:

grant_type=password&scope=trapi&username=our_machine_id&password=our_machine_pwd&client_id=our_app_key_value

Sending this, we're getting {"error":"access_denied" ,"error_description":"Invalid username or password." }

If we change address to https://api.refinitiv.com/auth/oauth2/v1/token , we're getting {"error":"access_denied" ,"error_description":"Account locked out due to provide incorrect password." }

No matter if takeExclusiveSignOnControl is set or not.


Could anyone please help to reveal the root of problem? Support may only reset our machine password, however the problem is probably somewhere else.

elektronrefinitiv-realtimeelektron-sdkauthentication
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
Accepted
21 0 0 1

Ok, it seems issue was partially resolved. The real problem was password itself. It had symbols like ",?,=

I was able to got token with python example only at the moment, by adding framing "" for the password value and adding \ symbol before " symbol inside password. No luck with Advanced REST client, not sure how to pass such password there correctly.

Going to repeat attempts with custom C++ code using CURL library.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
13k 32 12 18

Hi @vakrckaj.

I assume that you are trying to use the realtime feed from Cloud. Please start by using the sample application and following the quick start guide here.

If it still does not work, I would ask that you contact your Refinitiv account manager to verify that your account has been properly setup for ERT Cloud. It is also advisable to open a service ticket with myRefinitiv, who can route it to appropriate support group.

We can only help with technical API related questions, as we do not have any visibility into the accounts and entitlements.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
13k 32 12 18

Hi @vakrckaj,

I saw your support ticket and was able to confirm that the credentials are fine.

Which language are you using to send the above request?

You didn't include enough information in the request headers above, but it seems like the Authorization header might be causing issues. Seems like you are sending the plain value in the header, where as it should be a base64 encoded (client id : client secret). Since RDP does not use client secret and uses the APP KEY for client ID, your authorization header should look like:

Authorization: Basic base64Encoded(app_key + ":")

Can you confirm that is indeed the case? Also, please look at the Quickstart link posted previously and use the working python sample to verify correct operation. More information in OAuth2.0 specification here.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
11.5k 16 7 10

Hi @vakrckaj

Could you please also give us a snippet code that creates an authentication request message and setting request headers?

Please note that you can find example codes that send and receives authentication information with ERT in Cloud in Python, Java and C# languages via GitHub and WebSocket API Download page (please choose "ERT in Cloud: Websocket API Sample Applications").

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
21 0 0 1

Hello @wasin.waeosri, @Gurpreet

I was using "Advanced REST Client" app to build and send POST message having required set of headers and body value, so there is no any code snippet at the moment.

Also, I am not sure if new machine password had been applied to my machine ID, as I see no new password in my mail yet, despite support confirmed password reset.

As for python example app you're referring to, does it actually apply Base64 encoding to provided AppKey ? I see it consumes client_id and see no function which uses Base64 on it. Or it requires already encoded AppKey as well?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Hello @vakrckaj

I am noticed that you are using the 3rd party tool to create the authentication POST message.

Could you please test with the RDP Postman Collection and Tutorial Samples tool?

The authentication script is Authentication --> Get Access Token. You can setup the username as your machine-id and client_id as your app_key value.

Please note that I have renamed the RDP Postman in my local machine as "RDP - October 2020"

rdp-postman.png (42.8 KiB)
rdp-postman2.png (104.4 KiB)
Upvotes
21 0 0 1

Also, should the password be also Base64-encoded?

Finally, we have to populate client_id in the body of request as well, and we shouldn't encode it, correct? Because we have "Invalid Application Credential" error if base64-encoded client_id is set in the body params. I.e. it is encoded togetger with ":" symbol in headers and not encoded in the body?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvote
11.5k 16 7 10

Hello @vakrckaj

I have tested the Advance REST Client tool and it works fine. I have set the app_key value in to client_id parameter "as is" and I did not set any additional request headers.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Many thanks for help! It might be an issue with password then. We started getting "Account locked out due to provide incorrect password", I will follow up with the support again.

Upvotes
21 0 0 1

Can I ask one more question related to logging using C++? I found refinitiv::ema::domain::login::Login message in the Elektron SDK, and trying to get, can it be configured to be used having our credentials avoiding REST API usage? Or we always have to use REST API only to get token and target host, and only then pass this data to Login message?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Yes, you can use Realtime SDK which is available in C++ and Java, and use one of the samples which shows the cloud usage (Consumer\100_Series\113__MarketPrice__SessionManagement). Even it uses REST API underneath for authentication, but all the mechanics are hidden from the user.

Start with the QuickStart guide to setup your build environment and follow steps in EMA Quick Start - Connecting to Elektron Real Time in Cloud.

Click below to post an Idea Post Idea