PermID API / questions from the internal review department

Tatsuo
Tatsuo Newcomer
edited August 27 in Open PermID

We are conducting an internal review for using PermID APIs, and the review department has raised the following inquiries. Could you please provide answers?

■ I believe the API authentication method is "API token method," but is it "OAuth2.0"?

■ When issuing tokens, it is assumed that we will go through an authorization server. For access to the authorization server, will it be using "Client ID" and "Secret Key"? Could you please explain what kind of authentication it will be?

■ Could you please provide the validity period of the issued access tokens and the validity period of the refresh tokens?

Tagged:

Answers

  • Jirapongse
    Jirapongse ✭✭✭✭✭

    @Tatsuo

    Thank you for reaching out to us.

    To access the APIs, you must first register for a token (API Key). This token enables you to request the APIs for the three services. Note: For entity PermID lookup, you don’t need to use a token.

    You will get the API key after logging in to the Website.

    image.png

    Then, you need to set an API token (API Key) in request messages to access the PermID services. For example:

    https://api-eit.refinitiv.com/permid/search?q=<querystring>&access-token=<token>

    For more information, please refer to the PermID User Guide.

  • Tatsuo
    Tatsuo Newcomer

    Thank your for your quick response.
    We've already got the API key and have successfully got the data.
    What we need are information mentioned above to answer qutionary from our company review department for security purpose.
    Could you support us for that purpose?

    Best,
    Tatsuo

  • Jirapongse
    Jirapongse ✭✭✭✭✭
    edited August 27

    @Tatsuo

    This may be considered an enhancement request. Please share your concerns directly with the PermID feedback team at permid.feedback@LSEG.com for further consideration.

Categories