Refinitiv Tick History (RTH) - REST API - Authentication

rajb
rajb
in TRTH

As per the user guide below on the authentication on the Tick History API:

-----------------------------------------------------------------------------------------

Creating an Authentication Token

The following example illustrates how to create an authentication token using the Authentication/RequestToken. You provide your Tick History user ID and password in the appropriate fields.

Request

POST https://selectapi.datascope.refinitiv.com/RestApi/v1/Authentication/RequestToken

Content-Type: application/json

Prefer: respond-async

{

"Credentials": {

"Username": "Your Username",

"Password": "Your Password"

}

}

Response HTTP/1.1 200 OK { "@odata.context": "https://selectapi.datascope.refinitiv.com/RestApi/v1/$metadata#Edm.String", "value": "iM3nRfyPWmrKF7RNjS7Hl2JGijKAt_lErD3LEhB6Ayn6CkMQ48aO8meIiij0L4SC1VNlZcRslGBntJT7AOl34c1Xv4epjcw5E_OabHmYVtq-J3mz_X-BW2Y2zFsntwv31ngtLV6qVwGEs12fcXvSUZL9LSx5BUlD2RVsR4lU_47AdX7eXLRsdmKl22_U1I0CuvLGJg-vAOkeX-Iw4FBokye5kSqcq9-aIQeryjkP35Dn1lafR7hLNUACPx2kjwojLgTvJDPsX4WlCkQuJrOx34e9mLZ4fY1rk8iY2qMQKYE=" }

Note that if an authentication token is used beyond 24 hours, the API will respond with an HTTP 401 (Authentication required) status code. This indicates that you need to request a new authentication token.

--------------------------------------------------------------------------------------------------------------------------------------------

Few questions related to above authentication model, that have been asked to put on this forum:

  1. What is the complexity of the password used for authentication i.e. credentials passed for generating the authN token?
  2. How is the credential i.e. username & password used for API authentication (for creating the token) passed? Assuming there's a secure mechanism - what is it?
  3. What are the ways the credentials and the auth token protected over the network, keeping in mind the connection is over internet and can be spoofed?
Tagged:

Best Answer

  • Gurpreet
    Gurpreet
    Answer ✓

    Hi @rajb,

    2: The username and password are exchanged for the OAuth token exactly as you show in the question - using the Authentication/RequestToken endpoint.

    3: The credentials are protected on the network using the Transport Level Security (TLS). The RequestToken endpoint starts with https.

Answers

  • rajb
    rajb
    Thanks for the response - My question (#2) is about the username and password used at the 1st instance. How is the username & password generated and how to Refinitiv/LSEG share the password?
  • Gurpreet
    Gurpreet
    Hi @rajb​,

    Your Refinitiv account manager will create an account for you and the generated welcome email will contain your user name and the instructions for the password.

Categories