Request for authentication token fails with "Missing required parameter 'grant_type'" error

Because of obsolescence of Enterprise Integration Lab, we are evaluating switching to Elektron in Cloud with ETA. As part of login process authentication token has to be obtained first.

However, none of the session management samples are working.

Some are trying to request token by using /getToken url, which seems to be outdated.

Others are requesting token from https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token. And fail too.

To make a clean test, we try to get authetication token using following curl command:

curl
--data-urlencode "username=<user>&password=<password>&grant_type=password&scope=trapi"

-X POST -H "Accept: application/json" -H "Content-Type:

application/x-www-form-urlencoded" -v
https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

This command returns "Missing required parameter 'grant_type'" error. See below.

* About to connect() to api.edp.thomsonreuters.com port 443 (#0)
* Trying 52.22.204.128... connected
* Connected to api.edp.thomsonreuters.com (52.22.204.128) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=api.refinitiv.com,OU=EDS Request Response,O=Thomson Reuters Inc,STREET=3 Times Square,L=New York,ST=NY,postalCode=10036,C=US
* start date: Jul 08 00:00:00 2019 GMT
* expire date: Jul 07 23:59:59 2021 GMT
* common name: api.refinitiv.com
* issuer: CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> POST /auth/oauth2/beta1/token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: api.edp.thomsonreuters.com
> Accept: application/json
> Content-Type: application/x-www-form-urlencoded
> Authorization: Basic R0UtQS0wMDIwNDEyMi0zLTIwMDA=
> Content-Length: 117
>
< HTTP/1.1 400 Bad Request
< Date: Mon, 22 Jul 2019 06:25:48 GMT
< Content-Type: application/json
< Content-Length: 204
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Server: edsgw
< X-Amzn-Trace-Id: Root=1-5d3556ec-e48f35e88663fa88756f2588
< X-Tr-Requestid: 708cf542-a25c-41c8-a5c5-deb3cd0dff7b
<
{"error":{"id":"708cf542-a25c-41c8-a5c5-deb3cd0dff7b","code":"400","message":"Validation error","status":"Bad Request","errors":[{"key":"grant_type","reason":"Missing required parameter 'grant_type'"}]}}
* Connection #0 to host api.edp.thomsonreuters.com left intact
* Closing connection #0

If we omit 'username' parameter in curl command, the error changes to "Missing required parameter 'username'", so it's clearly POSTing all data parameters including 'grant_type'.

Can anyone explain why this returns error and/or perhaps point in direction to some samples that are actually working.

Thank you.

Serge

Find more posts tagged with

authentication

elektron

elektron-sdk

refinitiv-realtime

Accepted answers

Jirapongse

@Serge

If you would like to use --data-urlencode, you need to use only one parameter for each --data-urlencode. Moreover, you may need to provide the client_id.

curl --data-urlencode "username=<user@domain>" --data-urlencode "password=<password>" --data-urlencode "grant_type=password" --data-urlencode "scope=trapi" --data-urlencode "client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

Otherwise, you can use -d option.

curl -d "username=<user%40domain>&password=<password>&grant_type=password&scope=trapi&client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

Users can generate/manage their client_id/application ID's here or refer to the second step in this QuickStart.

All comments

Jirapongse

@Serge

If you would like to use --data-urlencode, you need to use only one parameter for each --data-urlencode. Moreover, you may need to provide the client_id.

curl --data-urlencode "username=<user@domain>" --data-urlencode "password=<password>" --data-urlencode "grant_type=password" --data-urlencode "scope=trapi" --data-urlencode "client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

Otherwise, you can use -d option.

curl -d "username=<user%40domain>&password=<password>&grant_type=password&scope=trapi&client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

Users can generate/manage their client_id/application ID's here or refer to the second step in this QuickStart.

Serge

Thank you very much. Both your suggestions were necessary to get through (especially 'client_id' parameter).

Wonder why this is not reflected in API samples or Elektron documentation.

Jirapongse

As I know, there are two kinds of username (email and machine ID). If you are using the machine ID, the client ID is the same as machine ID.

Serge

I see. I got access token by using generated AppKey from the link you provided.
By the way, at that time 'expires_in' was 300, so I assumed after 5 minutes I could request a new access token using grant_type=password, but even now (more than 1 hour later) it is failing with "Session quota is reached." error.
Not part of the original question, but can you please help?

moragodkrit.chumsri_1

@Serge

If the refresh token is still valid, and the machine wants to authenticate the new attempt, maybe it will require to set “takeExclusiveSignOnControl=true" in the request body to terminate the old session.

Serge

@moragodkrit.chumsri_1

Thanks a lot! It did the trick.

Is there a documentation about all these parameters?

wasin.w

Hello @Serge

There are two types of username for EDP and ERT in Cloud

Machine ID: The Machine ID (GE-xxxx) username is requires for ERT in Cloud (Streaming RSSL/WebSocket) usage. You can use that Machine ID as a client_id value.
Email based username: The email based username is required for EDP (HTTP REST). You need specific client_id value which you can generate from the link provided by Jirapongse.

Note: You will receive your Machine ID as a user name and a link to activate your machine account and set your password via the Welcome Email that you receive when you subscribe to ERT in Cloud.

Jirapongse

There is online documentation at https://api.refinitiv.com. Then, find the /auth/oauth2/beta1/token API. It will list all available parameters with description.

wasin.w

Hello @Serge

The list of /token parameters and other EDP services are available it EDP API Docs web page. However, the page requires the EDP account (email based username type) to access it.

The supported /token parameters from the above page are following:

grant_type: Supported values "password" and "refresh_token" (*required)
username: The resource owner username (*required)
password: The resource owner password.
scope: The scope of the access request.
refresh_token: The refresh token issued to the client
client_id: The client_id = Application ID. Alternatively, can be provided in Authorization header.
Authorization: "Basic" + base64 encoded "client_id:client_secret", where client_id=Application ID and client_secret is empty
takeExclusiveSignOnControlstring: OPTIONAL. This is a Boolean that will allow the API Caller to create session if the nb of concurrent session have been reached (of course, by doing this a valid session will be killed) - default = false
multiFactorAuthenticationCode: OPTIONAL. This a string that will have to be send only if MFA is required to authenticate the identity. This code will be send by SMS or Email (depending on how MFA has been setup). - default = null
newPassword: OPTIONAL. This is a string that will have to be send if a new Password
is required to authenticate. (Note: the current and new passwords
will be required in order to authenticate) - default = null

EXPLORE OUR SITES