v2 authentication migration
Hello colleagues,
We are following refinitiv migration [guide](https://developers.lseg.com/en/article-catalog/article/webSocket-api-rto-v2-authentication-migration-guide) and have a trouble to connect to RTO via websockets.
Here is code snippet in python:
import websockets
import json
import asyncio
PING_TIMEOUT = 40
def _make_login_request(auth_token: str) -> dict:
return {
"ID": 1,
"Domain": "Login",
"Key": {
"NameType": "AuthnToken",
"Elements": {
"ApplicationId": "1",
"Position": "127.0.0.1",
"AuthenticationToken": auth_token
}
}
}
async def _consumer(websocket) -> None:
print("Starting messages consumer...")
try:
async for raw_message in websocket:
message_json = json.loads(raw_message)
print(f"<<< incoming {message_json}")
except websockets.exceptions.ConnectionClosed:
print(
"Message consumer stops because websocket disconnected."
)
finally:
print("Messages consumer stopped.")
async def _send_message(websocket, message: dict):
print(f">>> sending {message}")
await websocket.send(json.dumps(message))
async def main() -> None:
endpoint = "us-east-2-aws-3-sm.optimized-pricing-api.refinitiv.net"
port = "443"
token = OUR_SECRET_TOKEN
async with websockets.connect(
f"wss://{endpoint}:{port}/WebSocket",
subprotocols=["tr_json2"],
ping_interval=None,
ping_timeout=PING_TIMEOUT,
) as websocket:
req = _make_login_request(token)
await _send_message(websocket, req)
await _consumer(websocket)
if __name__ == "__main__":
asyncio.run(main())
This method worked perfectly for V1. But now it does not work.
For the token we use Application ID from PAA tool and get error:
[{'ID': 1, 'Type': 'Status', 'Domain': 'Login', 'Key': {'NameType': 5, 'Elements': {'AuthenticationErrorCode': 1026, 'AuthenticationEr
rorText': 'Request for token validation failed:Authentication server did not contain "active" in response'}}, 'State': {'Stream': 'Closed', 'Data':
'Suspect', 'Code': 'UserAccessToAppDenied', 'Text': 'Authentication failed (1026, Request for token validation failed:Authentication server did no
t contain "active" in response).'}}]
Then we tried access token which we obtain with `https://api.refinitiv.com/auth/oauth2/v2/token`. Got this error:
[{'ID': 1, 'Type': 'Status', 'Domain': 'Login', 'Key': {'Name': '<here is token>'}, 'State': {'Stream': 'Closed', 'Data':
'Suspect', 'Code': 'Error', 'Text': 'GE-XXX', unknown to system.'}}]
Where XXX - our service id in the PAA tool. We tried to change ApplicationId to GE-XXX but it did not work.
Please, help us with this problem.
Kind regards.
Best Answer
-
Hello @d.alishev
I did a quick test with the given code and the access token from my Version 2 Authentication credential.
curl -X POST \
'https://api.refinitiv.com:443/auth/oauth2/v2/token' \
--header 'Accept: */*' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_secret=my_client_secret' \
--data-urlencode 'client_id=my_client_id' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=trapi'The access token can connect to RTO both "us-east-2-aws-3-sm.optimized-pricing-api.refinitiv.net" and "ap-southeast-1-aws-3-sm.optimized-pricing-api.refinitiv.net" endpoints successfully.
The error message 'Authentication failed (1026, Request for token validation failed:Authentication server did not contain "active" in response).' is generated from the RTO server. Regarding your "For the token we use Application ID from PAA tool and get error:", could you please clarify this message? An application should use access token that received from the RDP Authentication (/auth/oauth2/v2/token) that logged in with client_id and client_secret.
- Note: The V2 client_id is not the same value as V1 client_id
Can you try your V2 credential with the market_price_rdpgw_client_cred_auth.py example?
- Note: This example requires the websocket-client library.
The 'Text': 'GE-XXX', unknown to system.' error message in the WebSocket Login response message indicates that the WebSocket server does not recognize that GE-XXXXXX client_id. This message is generated from the RTO side, so I strongly suggest you contact the RTO support team directly to verify this issue on the server side. You can submit a support ticket to the RTO support team via https://my.refinitiv.com/content/mytr/en/helpandsupport.html website.
1
Answers
-
"For the token we use Application ID from PAA tool and get error:", could you please clarify this message?
It was the first recomendation from refinitiv manager. Then, we used V2 Access token and got an error with 'Text': 'GE-XXX', unknown to system.'. I will be glad to try your python script, but could you clarify what options should I use? There are a lot of unknown to me parameters: standbyhostname, discovery_url, region and etc.
I cant login to the provided link https://my.refinitiv.com/content/mytr/en/helpandsupport.html. Seems like endless redirection.
So, for now I'm going to try to execute provided script and checking RTO help page.
Cheers.
0 -
I was able to run your script. Output:
➜ refexample poetry run python refexample/main.py
2024-06-28 12:30:18.327451 Sending authentication request with client credentials to https://api.refinitiv.com/auth/oauth2/v2/token ...
2024-06-28 12:30:19.100960 Refinitiv Data Platform Authentication succeeded. RECEIVED:
{
"access_token":"<TOKEN>",
"expires_in":7199,
"token_type":"Bearer"
}
2024-06-28 12:30:19.101339 Sending Refinitiv Data Platform service discovery request to https://api.refinitiv.com/streaming/pricing/v1/ ...
Refinitiv Data Platform service discovery HTTP code: 403 Forbidden
Unrecoverable error when performing service discovery: stopped retrying request
Failed to retrieve endpoints from Refinitiv Data Platform Service Discovery. Exiting...As I understand, we were able to get access token, but for some reason we can't use it (403 response).
0 -
I finally managed to submit ticket
0 -
Hello @d.alishev
It might be another issue. The market_price_rdpgw_client_cred_auth.py example uses the service discovery feature that sends a HTTP request message to RDP https://api.refinitiv.com/streaming/pricing/v1/ endpoint to get a list of RTO server that matched your account dynamically.
The "Refinitiv Data Platform service discovery HTTP code: 403 Forbidden" error message indicates that your Version 2 account does not have access to that /streaming/pricing/v1/ endpoint. If you need this feature, please contact your LSEG representative or Account Manager to verify and fix your permission.
Back to the original issue, you can run this market_price_rdpgw_client_cred_auth example without using a Service Discovery feature via the following command:
python3 market_price_rdpgw_client_cred_auth.py --clientid <clientid> --clientsecret <clientsecret> --hostname <hostname>
Example:
python3 market_price_rdpgw_client_cred_auth.py --clientid my_client_id --clientsecret my_client_secret --hostname us-east-2-aws-3-sm.optimized-pricing-api.refinitiv.net
Please see more detail about the example parameters from the project README.md file
0 -
Thank you for your patience. I tried market_price_rdpgw_client_cred_auth. Output:
➜ refexample poetry run python refexample/main.py --clientid GE-XXXXXX --clientsecret our_secret_code --hostname us-east-2-aws-3-sm.optimized-pricing-api.refinitiv.net
2024-06-28 13:04:40.953710 Sending authentication request with client credentials to https://api.refinitiv.com/auth/oauth2/v2/token ...
2024-06-28 13:04:41.796401 Refinitiv Data Platform Authentication succeeded. RECEIVED:
{
"access_token":"<access_token>",
"expires_in":7199,
"token_type":"Bearer"
}
2024-06-28 13:04:41.796834 Session1: Connecting WebSocket to wss://us-east-2-aws-3-sm.optimized-pricing-api.refinitiv.net:443/WebSocket...
2024-06-28 13:04:43.069283 Session1: WebSocket successfully connected!
2024-06-28 13:04:43.069518 SENT on Session1:
{
"Domain":"Login",
"ID":1,
"Key":{
"Elements":{
"ApplicationId":"256",
"AuthenticationToken":"<access_token>",
"Position":"127.0.1.1/vostok"
},
"NameType":"AuthnToken"
}
}
2024-06-28 13:04:43.479222 RECEIVED on Session1:
[
{
"Domain":"Login",
"ID":1,
"Key":{
"Name":"<access_token>"
},
"State":{
"Code":"Error",
"Data":"Suspect",
"Stream":"Closed",
"Text":"GE-XXXXXX, unknown to system."
},
"Type":"Status"
}
]
2024-06-28 13:04:43.479475 Error: Login failed, received status message, closing: StreamState=Closed, DataState=Suspect
2024-06-28 13:04:43.629641 Session1: WebSocket Closed0 -
Hello @d.alishev
The error with the example indicates that it might be something with your account.
I believe that you already have a support ticket with the RTO team. They will contact you via a separate email loop. I advise you include your LSEG representative or Account Manager in that email loop too.
1
Categories
- All Categories
- 6 AHS
- 37 Alpha
- 161 App Studio
- 4 Block Chain
- 4 Bot Platform
- 16 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 367 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 59 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛