RTO - Technical Questions

Hi Team,

some tech questions from one of the client

1) The request for a token comes back with a field “expires_in” with value 7199, which I assume to mean 1 hour 59 minutes. Is this a meaningless parameter, as I thought this new method of authentication did not require refreshing tokens? Or do I have to acquire a new token every 2 hours?

2) Private Link - the documentation has improved, but is still not great. I have created local endpoints pointing to the Refinitiv service - we are in EU-west-1, so seemingly straightforward. However, the documentation has this on page 25:

“Note: To request authentication tokens or do service discovery, you must establish an AWS PrivateLink connection to RDP Gateway and make requests using that connection”

Does this mean I have to gain the initial authentication token using the Private Link? If so, how? Or is this poorly worded, and these initial requests are performed over the internet and subsequent traffic through the private link will work with the same authentication token? (It seems very circular to use a private link in order to do a service discovery request to tell me that the private link works).

2) Having created the 3 private links on the 3 different tiers (as the docs recommend), which one should we be using? I assume there should be a choice hierarchy based on whether a service is available or not.

3) With Private DNS names enabled for the link, and DNS hostnames and DNS resolution also both enabled for the VPC, does this mean that using a (valid) private link endpoint returned by service discovery will automatically be routed to the endpoint I created in our VPC, and I don’t need to do any more routing/aliasing?

Find more posts tagged with

refinitiv-real-time-optimised

#technology

#product

Accepted answers

wasin.w

Hello @piotr.wroblewski

The questions are mostly related to the AWS technical questions (network monitoring, private network setup, etc.). I admit that I am not the AWS expert, I can help the client with the LSEG APIs questions only.

I suggest the client contact the AWS support team or post these AWS questions on the AWS developer community and forum such as:

I hope this information helps.

All comments

wasin.w

Hello @piotr.wroblewski

I can answer some questions.

Question 1: The request for a token comes back with a field “expires_in” with value 7199, which I assume to mean 1 hour 59 minutes. Is this a meaningless parameter, as I thought this new method of authentication did not require refreshing tokens? Or do I have to acquire a new token every 2 hours?

Answer: With the Authentication Version 2, the application/API does not need to renew an Access Token (HTTP/RSSL-WebSocket) as long as the streaming channel (WebSocket/RSSL) is active, even if that session time passes the expires_in period.

However, the application still needs to keep the expires_in value within the application. The reason is the application only need to re-request Access Token in the following scenarios:

When the consumer disconnects and goes into a reconnection state
If the streaming channel stays in reconnection long enough to get close to the expiry time (expires_in period) of the Access Token

The client can find more detail on section "Version 2 Authentication Streaming Workflow" of the Getting Started with Version 2 Authentication for Refinitiv Real-Time and Data Platform: Overview article.

The client can find more detail about the Version 2 authentication and related APIs from this Changes to Customer Identity and Access Management: Refinitiv Real-Time - Optimized and Data Platform article.

Question 2: Private Link - the documentation has improved, but is still not great. I have created local endpoints pointing to the Refinitiv service - we are in EU-west-1, so seemingly straightforward. However, the documentation has this on page 25:

“Note: To request authentication tokens or do service discovery, you must establish an AWS PrivateLink connection to RDP Gateway and make requests using that connection”

Answer: The client does not require a Private Link in order to request RDP Authentication (auth/oauth2/v2/token) and the Service Discovery (/streaming/pricing/v1/). The consumer application can connect to RTO via a public internet.

I never test the Private Link connection, so I cannot help on question 3 and question 4.

I will pass the client's feedback about the document to the Product team.

I hope this helps.

piotr.wroblewski

Hi @wasin.w and thank you for the answers. Here is the client's input:

Based on your reply, I am getting a token over standard internet and then submitting feed queries over the PrivateLink - I think…

The end point I am connected to is eu-west-1-aws-3-sm.optimized-pricing-api.refinitiv.net This is the private link DNS name to which we have attached an endpoint.

I have also submitted RICs and getting data messages back, all of which is very promising.

What I can’t tell is whether the messages are coming through the link or over the internet. This might sound like a very stupid question, but the AWS endpoint dashboard doesn’t show any connections packages passing on the minoring page. Can I ask if this is expected?

To confirm, our AWS endpoint page has the Service Name as com.amazonaws.vpce.eu-west-1.vpce-svc-0bcf9da83ec687ab9

The Private DNS names are as above (eu-west-1…..)

Private DNS names, DNS hostnames, and DNS resolution are all enabled

Here is a screen shot of the monitoring page:

wasin.w

Hello @piotr.wroblewski

I strongly suggest the client submit a support ticket to the RTO team to help the client width a cloud connection in detail. The client can submit a ticket via https://my.refinitiv.com/content/mytr/en/helpandsupport.html website.

piotr.wroblewski

Hi @wasin.w ,

the RTO team actually asked to raised it here, as the questions are technical.

Kind regards,

Piotr

wasin.w

Hello @piotr.wroblewski

I hope this information helps.

piotr.wroblewski

Hi @wasin.w Thank you for this. Appreciate your feedback

EXPLORE OUR SITES