PermID API / questions from the internal review department

Tatsuo

We are conducting an internal review for using PermID APIs, and the review department has raised the following inquiries. Could you please provide answers?

■ I believe the API authentication method is "API token method," but is it "OAuth2.0"?

■ When issuing tokens, it is assumed that we will go through an authorization server. For access to the authorization server, will it be using "Client ID" and "Secret Key"? Could you please explain what kind of authentication it will be?

■ Could you please provide the validity period of the issued access tokens and the validity period of the refresh tokens?

Jirapongse

@Tatsuo

Thank you for reaching out to us.

To access the APIs, you must first register for a token (API Key). This token enables you to request the APIs for the three services. Note: For entity PermID lookup, you don’t need to use a token.

You will get the API key after logging in to the Website.

Then, you need to set an API token (API Key) in request messages to access the PermID services. For example:

https://api-eit.refinitiv.com/permid/search?q=<querystring>&access-token=<token>

For more information, please refer to the PermID User Guide.

Tatsuo

Thank your for your quick response.
We've already got the API key and have successfully got the data.
What we need are information mentioned above to answer qutionary from our company review department for security purpose.
Could you support us for that purpose?

Best,
Tatsuo

Jirapongse

@Tatsuo

This may be considered an enhancement request. Please share your concerns directly with the PermID feedback team at permid.feedback@LSEG.com for further consideration.