EDP API throws 403

ludwig.arndt · September 2019

Hello,

Since like 2h ago, I'm receiving 403 - forbidden errors from the EDP api, trying to look at the FRTB bucket.

Could you help with this please? (To be clear - it did work yesterday & this morning - but just stopped working.)

Thanks very much

Kind Regards

Ludwig

Christiaan Meihsl · September 2019

@ludwig.arndt,

Do not modify your code, it is fine :-)

I have just received confirmation that your permissioning was changed. The team is looking into this, and will come back to you shortly.

Gurpreet · September 2019

Hello @ludwig.arndt,

Please raise this issue with Refinitv Helpdesk. They can check the entitlements/logs and validate the source of this error.

Christiaan Meihsl · September 2019

@ludwig.arndt,

As you are using the API, I am assuming you renew your access token on a regular basis, as it expires after 5 minutes. I also say this because an expired token would normally result in a 401, not a 403.

To help us debug, can you tell us:

What is the content of the error message delivered in the body of the 403 response ?
What is the exact query you are posting ?

This might be a permissioning issue; maybe your account permissions were modified by mistake. This has been escalated to the appropriate team, to check.

ludwig.arndt · September 2019

@christiaan.meihsl - i do handle token expiries and that used to work (catching the 401 and just refreshing the token).

Obtaining an "initial" access token does work too. However i'm denied endpoint

https://api.refinitiv.com/file-store/beta1/file-sets?bucket=frtb-bucket

and - thanks for the suggestion - get the error message

'{"error":{"id":"18ed201e-fca4-4f1b-aeff-626fb608c5eb","code":"insufficient_scope","message":"access denied. Scopes required to access the resource [trapi.cfs.publisher.read] or [trapi.cfs.subscriber.read]","status":"Forbidden"}}'

On fruther debugging, i see i am currently sending below credentials to obtain the initial token - maybe the scope is wrong now?

{

"credentials": {

"username": "ludwig.arndt1@db.com",

"password": "<notmypassword>",

"grant_type": "password",

"scope": "trapi",

"takeExclusiveSignOnControl": true

},

"cfs_credentials": {

"client_id": "<some hash>",

"client_secret": "<secret>"

}

Thanks for your help!

ludwig.arndt · September 2019

actually sorry - the credentials i send for log in is only part of it, here:

"credentials": {

"username": "ludwig.arndt1@db.com",

"password": "<notmypassword>",

"grant_type": "password",

"scope": "trapi",

"takeExclusiveSignOnControl": true

}

and the CFS credentials come in the request header.

Christiaan Meihsl · September 2019

@ludwig.arndt,

Thank you for the details, they are helpful.

The endpoint (https://api.refinitiv.com/file-store/beta1/file-sets?bucket=frtb-bucket) is correct, as well as the scope (trapi) you use when requesting the token.

Before you change anything in your code, can you confirm that the same code you are using was working correctly yesterday or earlier today ?

The error message seems to indicate a permissioning issue; maybe your account permissions were modified by mistake. I have escalated this additional information to the appropriate team, to check.

Christiaan Meihsl · September 2019

@ludwig.arndt, I have just received confirmation that your permissioning was changed. The team is looking into this.

ludwig.arndt · September 2019

Hi Christiaan, yes, this is exactly why I'm wondering: The above error started some time this morning (like around 10 FFT??). I didn't change anything to my code and it did work before.

EDP API throws 403

Best Answer

Answers

Categories