TRKD Create Service Token API should be open without credentials

Steven McCoy

REF: https://support-portal.rkd.refinitiv.com/SupportSite/TestApi/Op?svc=TokenManagement_1&op=CreateServiceToken_1

REF: https://community.developers.refinitiv.com/questions/41617/get-access-token-via-browser-access-control-allow.html

REF: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

There is no reason this API should be restricted by CORS, please add the header as required for full web access. The TRKD data APIs are not similarly restricted, this appears a simple implementation flaw.

Access-Control-Allow-Origin: *

Currently I am accessing as recommended in the documentation via a reverse proxy.

Gurpreet

Hi @Steven McCoy, welcome back.

Considering that Refinitiv's strategic platform product RDP, also follows same strategy - i.e. token endpoints are access restricted, I highly doubt that TRKD will be switched to an open access.

For client's intending to use RDP with browsers, we are advising to use Implicit or Authorization code grant. For TRKD, I think your only option is to use a reverse proxy.

wasin.w

Hello @Steven McCoy

I strongly suggest you contact the RKD support team directly via https://my.refinitiv.com/ (chose Product "Refinitiv Knowledge Direct API") for this kind of product feature request.