As per the user guide below on the authentication on the Tick History API:
-----------------------------------------------------------------------------------------
Creating an Authentication Token
The following example illustrates how to create an authentication token using the Authentication/RequestToken. You provide your Tick History user ID and password in the appropriate fields.
Request
POST https://selectapi.datascope.refinitiv.com/RestApi/v1/Authentication/RequestToken
Content-Type: application/json
Prefer: respond-async
{
"Credentials": {
"Username": "Your Username",
"Password": "Your Password"
}
}
Response HTTP/1.1 200 OK { "@odata.context": "https://selectapi.datascope.refinitiv.com/RestApi/v1/$metadata#Edm.String", "value": "iM3nRfyPWmrKF7RNjS7Hl2JGijKAt_lErD3LEhB6Ayn6CkMQ48aO8meIiij0L4SC1VNlZcRslGBntJT7AOl34c1Xv4epjcw5E_OabHmYVtq-J3mz_X-BW2Y2zFsntwv31ngtLV6qVwGEs12fcXvSUZL9LSx5BUlD2RVsR4lU_47AdX7eXLRsdmKl22_U1I0CuvLGJg-vAOkeX-Iw4FBokye5kSqcq9-aIQeryjkP35Dn1lafR7hLNUACPx2kjwojLgTvJDPsX4WlCkQuJrOx34e9mLZ4fY1rk8iY2qMQKYE=" }
Note that if an authentication token is used beyond 24 hours, the API will respond with an HTTP 401 (Authentication required) status code. This indicates that you need to request a new authentication token.
--------------------------------------------------------------------------------------------------------------------------------------------
Few questions related to above authentication model, that have been asked to put on this forum:
- What is the complexity of the password used for authentication i.e. credentials passed for generating the authN token?
- How is the credential i.e. username & password used for API authentication (for creating the token) passed? Assuming there's a secure mechanism - what is it?
- What are the ways the credentials and the auth token protected over the network, keeping in mind the connection is over internet and can be spoofed?
