@Serge

If you would like to use --data-urlencode, you need to use only one parameter for each --data-urlencode. Moreover, you may need to provide the client_id.

curl --data-urlencode "username=<user@domain>" --data-urlencode "password=<password>" --data-urlencode "grant_type=password" --data-urlencode "scope=trapi" --data-urlencode "client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token 

Otherwise, you can use -d option.

curl -d "username=<user%40domain>&password=<password>&grant_type=password&scope=trapi&client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

Users can generate/manage their client_id/application ID's here or refer to the second step in this QuickStart.

Thank you very much. Both your suggestions were necessary to get through (especially 'client_id' parameter).

Wonder why this is not reflected in API samples or Elektron documentation.

I see. I got access token by using generated AppKey from the link you provided.
By the way, at that time 'expires_in' was 300, so I assumed after 5 minutes I could request a new access token using grant_type=password, but even now (more than 1 hour later) it is failing with "Session quota is reached." error.
Not part of the original question, but can you please help?

@Serge

If the refresh token is still valid, and the machine wants to authenticate the new attempt, maybe it will require to set “takeExclusiveSignOnControl=true" in the request body to terminate the old session.

@moragodkrit

Thanks a lot! It did the trick.

Is there a documentation about all these parameters?

Hello @Serge

There are two types of username for EDP and ERT in Cloud

• Machine ID: The Machine ID (GE-xxxx) username is requires for ERT in Cloud (Streaming RSSL/WebSocket) usage. You can use that Machine ID as a client_id value.
• Email based username: The email based username is required for EDP (HTTP REST). You need specific client_id value which you can generate from the link provided by Jirapongse.

Note: You will receive your Machine ID as a user name and a link to activate your machine account and set your password via the Welcome Email that you receive when you subscribe to ERT in Cloud.

Hello @Serge

The list of /token parameters and other EDP services are available it EDP API Docs web page. However, the page requires the EDP account (email based username type) to access it.

The supported /token parameters from the above page are following:

• grant_type: Supported values "password" and "refresh_token" (*required)
• username: The resource owner username (*required)
• password: The resource owner password.
• scope: The scope of the access request.
• refresh_token: The refresh token issued to the client
• client_id: The client_id = Application ID. Alternatively, can be provided in Authorization header.
• Authorization: "Basic" + base64 encoded "client_id:client_secret", where client_id=Application ID and client_secret is empty
• takeExclusiveSignOnControlstring: OPTIONAL. This is a Boolean that will allow the API Caller to create session if the nb of concurrent session have been reached (of course, by doing this a valid session will be killed) - default = false
• multiFactorAuthenticationCode: OPTIONAL. This a string that will have to be send only if MFA is required to authenticate the identity. This code will be send by SMS or Email (depending on how MFA has been setup). - default = null
• newPassword: OPTIONAL. This is a string that will have to be send if a new Password
  is required to authenticate. (Note: the current and new passwords
  will be required in order to authenticate) - default = null