Hi @Tony.Zhu_R
The refresh tokens typically last 18 hours.
When your application detects that the expires_in key in the Refresh Grant response is not equal to the original expires_in key, this implies that your refresh token has expired and the application should use Password Grant to continue.
How long will RDP Refresh Token be expired?
Tony.Zhu_R
LSEG
As asked in the subject, can you advise when there is a need to re-send the request for a new Refresh Token before the previous one is expired? The post states that Access Token is expired in 5 mins but doesn't mention that of Refresh Token.
Tagged:
0
Best Answer
-
Hi @Tony.Zhu_R
A few points of clarification.
There are two types of credential a user may use to access RDP APIs + data
- username e.g. first.lastname@company.com
- Machine ID e.g. GE-A-01234565-7-8910
A username is designed for display type usage only (e.g. for testing with the RDP API Playground) and will therefore expire within 18hrs and only allow a single connection at a time. It must not be used for programmatic access to RDP data.
A MachineID is for programmatic access to RDP data and a correctly configured one should never expire under normal circumstances and it should also allow 5 concurrent connections.
If a MachineID is expiring on a regular basis then this means the MachineID was incorrectly configured and needs to be recreated.
Having said all the above, a MachineID may occasionally expire due to various exceptional circumstances. Therefore, a robust application should be coded defensively to handle this possibility. Both the above techniques that myself and my colleague Gurpreet mention should be included in a robust application i.e. using a password grant login to obtain a new Refresh token when:
- receiving a response status code of 400 or 401
- expires_in key in the Refresh Grant response is not equal to the original expires_in key
I hope this clarifies the position on Refresh Token expiry
0
Answers
-
Hi @Tony.Zhu_R
Whilst I cannot confirm how long a Refresh Token lasts, the various RDP Websocket API examples (Python, C# and Java) demonstrate that when you are trying to get a new Access Token; if you get error 400 or 401 - but you already have an existing RefreshToken - then you should log in again using username and password etc to get new Refresh Token
e.g. Python snippet:
def get_sts_token(current_refresh_token, url=None):
....elif r.status_code == 400 or r.status_code == 401:
# Retry with username and password
print('EDP-GW authentication HTTP code:', r.status_code, r.reason)
if current_refresh_token:
# Refresh token may have expired. Try using our password.
print('Retry with username and password')
return get_sts_token(None)....
where r is the response from the requests.post call
Any developer writing an application that uses OAuth2 with Refresh and Access tokens should implement the above functionality - rather than hardcoding any particular value for getting a new Refresh Token
0 -
Hi @Tony.Zhu_R
The refresh tokens typically last 18 hours.
When your application detects that the expires_in key in the Refresh Grant response is not equal to the original expires_in key, this implies that your refresh token has expired and the application should use Password Grant to continue.
0 -
Thanks, @Gurpreet. May I know what's 'Refresh Grant Response' you referred to? By calling Token service endpoint https://api.refinitiv.com/auth/oauth2/v1/token, the value of key 'expires_in' in the response is for Access_Token only, right? I didn't see Refresh_Token value changes through a series of calls during an hour.
0 -
See the expire_time usage in this sample code - https://github.com/Refinitiv/websocket-api/blob/master/Applications/Examples/RDP/python/market_price_edpgw_service_discovery.py
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 689 Datastream
- 1.4K DSS
- 627 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 559 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 24 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 279 Open PermID
- 45 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 708 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 96 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛