question

Upvotes
Accepted
36 4 6 10

Does SSL Certificate for Tick History has impact on Authentication as well

Secure Sockets Layer (SSL) certificate used to secure the DataScope Select and Tick History web site and API endpoints accessed via the Internet and private network connections (DDN/FCN).

When client certificate expired; they did not received any error for Authentication Token Request. However While extracting the data they received the error.
Does authentication work without SSL certificate renewal or is this something to do about AWS direct download.

requestUrl = "https://selectapi.datascope.refinitiv.com/RestApi/v1/Authentication/RequestToken"
requestHeaders={
    "Prefer":"respond-async",
    "Content-Type":"application/json"
    }
requestBody={
    "Credentials": {
    "Username": USERNAME,
    "Password": PASSWORD
  }
}
authenticationResp = requests.post(requestUrl, json=requestBody,headers=requestHeaders)
print("Received the response for authentication request")
DownloadFromAWS=True
requestUrl="https://selectapi.datascope.refinitiv.com/RestApi/v1/Extractions/RawExtractionResults" + "('" + jobId + "')" + "/$value"
requestHeaders={
        "Prefer":"respond-async",
        "Content-Type":"text/plain",
        "Accept-Encoding":"gzip",
        "Authorization": "token " + token
}
if DownloadFromAWS==True:
    requestHeaders.update({"X-Direct-Download":"true"})
dataRetrieveResp=requests.get(requestUrl,headers=requestHeaders,stream=True)
print("Received the response for retreiving data using the jobId")
SSLCertVerificationError                  Traceback (most recent call last)
File d:\Research\Regime\.venv\lib\site-packages\urllib3\connectionpool.py:700, in HTTPConnectionPool.urlopen(self, method, url, body, headers, retries, redirect, assert_same_host, timeout, pool_timeout, release_conn, chunked, body_pos, **response_kw)
    699 if is_new_proxy_conn and http_tunnel_required:
--> 700     self._prepare_proxy(conn)
    702 # Make the request on the httplib connection object.
#technology#producttick-history-rest-api
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hello @Vinod A

Thank you for your participation in the forum. Is the reply below satisfactory in resolving your query?


If so please can you click the 'Accept' text next to the appropriate reply? This will guide all community members who have a similar question.

Thanks,


AHS

Please be informed that a reply has been verified as correct in answering the question, and has been marked as such.

Thanks,


AHS


Upvote
Accepted
22k 59 14 21

As pointed earlier, either there is a problem with your network stack - i.e. firewall re-signing the traffic, or your python instance might be old and certificates no longer supported. To verify the network issue, use-

verify=False 

as a parameter in your requests GET/POST call. Important - this is a temporary test and should not be used in a production application due to the security risk.

If it does indeed turn out to be the certificate error, then please update your python instance to a latest version - maybe reinstall Python 3 with newer packages. Also see this discussion about the certificate errors.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
22k 59 14 21

Hi @Vinod A,

Its not clear what you are describing.

Tick History endpoint is signed by Comodo Certificate Authority which is one of the build in CA within Python's trust store. There should be no need for any additional client certificates, and the Python requests module can connect and get data from DSS/TickHistory without any issues.

If your application is connecting through a secure network proxy, which is re-signing the network traffic, and if that certificate has changed or expired -- you will have to update it in your application accordingly.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
3 1 1 2

Following is the error when try to download data from AWS. it seems host is amazonaws.com domain, somehow DSS server points amazonaws host then somehow certification information to the aws server.

However, we consider that for some reason that part is not done correctly, resulting in a certification error for aws. please let us know the mechanism of how certification information is transmitted from DSS to AWS host.



SSLError: HTTPSConnectionPool(host='a205143-use1-prod-results-custom.s3.amazonaws.com', port=443): Max retries exceeded with url: /85B662A7AB7F4420AC16E45CCA79D819/data/merged/merged-Data.csv.gz?AWSAccessKeyId=AKIAJNJ6M4OJR7K3TWNA&Expires=1705056160&response-content-disposition=attachment%3B%20filename%3D_OnD_0x08c6d809ed09734d.csv.gz&Signature=o1VNzwmqzknzYIckmZbX83Qa8ag%3D (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
78.9k 250 52 74

@Zuka

When setting the X-Direct-Download to True, the server will return the 303 Found to the application.

1705896683154.png


Then, the application will redirect to the new URL (AWS) in the Location header.

According to the error, the AWS URL may be blocked by Firewall or network security Software.


1705896683154.png (32.9 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks a lot.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.