For a deeper look into our Elektron API, look into:

Overview |  Quickstart |  Documentation |  Downloads |  Tutorials |  Articles

question

Upvotes
Accepted
19 2 3 8

Request for authentication token fails with "Missing required parameter 'grant_type'" error

Because of obsolescence of Enterprise Integration Lab, we are evaluating switching to Elektron in Cloud with ETA. As part of login process authentication token has to be obtained first.

However, none of the session management samples are working.

Some are trying to request token by using /getToken url, which seems to be outdated.

Others are requesting token from https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token. And fail too.

To make a clean test, we try to get authetication token using following curl command:

curl --data-urlencode "username=<user>&password=<password>&grant_type=password&scope=trapi"

-X POST -H "Accept: application/json" -H "Content-Type:
application/x-www-form-urlencoded" -v
https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

This command returns "Missing required parameter 'grant_type'" error. See below.

* About to connect() to api.edp.thomsonreuters.com port 443 (#0) * Trying 52.22.204.128... connected * Connected to api.edp.thomsonreuters.com (52.22.204.128) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA * Server certificate: * subject: CN=api.refinitiv.com,OU=EDS Request Response,O=Thomson Reuters Inc,STREET=3 Times Square,L=New York,ST=NY,postalCode=10036,C=US * start date: Jul 08 00:00:00 2019 GMT * expire date: Jul 07 23:59:59 2021 GMT * common name: api.refinitiv.com * issuer: CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB > POST /auth/oauth2/beta1/token HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: api.edp.thomsonreuters.com > Accept: application/json > Content-Type: application/x-www-form-urlencoded > Authorization: Basic R0UtQS0wMDIwNDEyMi0zLTIwMDA= > Content-Length: 117 > < HTTP/1.1 400 Bad Request < Date: Mon, 22 Jul 2019 06:25:48 GMT < Content-Type: application/json < Content-Length: 204 < Connection: keep-alive < Access-Control-Allow-Origin: * < Server: edsgw < X-Amzn-Trace-Id: Root=1-5d3556ec-e48f35e88663fa88756f2588 < X-Tr-Requestid: 708cf542-a25c-41c8-a5c5-deb3cd0dff7b < {"error":{"id":"708cf542-a25c-41c8-a5c5-deb3cd0dff7b","code":"400","message":"Validation error","status":"Bad Request","errors":[{"key":"grant_type","reason":"Missing required parameter 'grant_type'"}]}} * Connection #0 to host api.edp.thomsonreuters.com left intact * Closing connection #0

If we omit 'username' parameter in curl command, the error changes to "Missing required parameter 'username'", so it's clearly POSTing all data parameters including 'grant_type'.

Can anyone explain why this returns error and/or perhaps point in direction to some samples that are actually working.

Thank you.

Serge

elektronrefinitiv-realtimeelektron-sdkauthentication
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
45.2k 103 43 60

@Serge

If you would like to use --data-urlencode, you need to use only one parameter for each --data-urlencode. Moreover, you may need to provide the client_id.

curl --data-urlencode "username=<user@domain>" --data-urlencode "password=<password>" --data-urlencode "grant_type=password" --data-urlencode "scope=trapi" --data-urlencode "client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token 

Otherwise, you can use -d option.

curl -d "username=<user%40domain>&password=<password>&grant_type=password&scope=trapi&client_id=<client_id>" -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -v https://api.edp.thomsonreuters.com/auth/oauth2/beta1/token

Users can generate/manage their client_id/application ID's here or refer to the second step in this QuickStart.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
19 2 3 8

Thank you very much. Both your suggestions were necessary to get through (especially 'client_id' parameter).

Wonder why this is not reflected in API samples or Elektron documentation.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

As I know, there are two kinds of username (email and machine ID). If you are using the machine ID, the client ID is the same as machine ID.

Upvotes
19 2 3 8

I see. I got access token by using generated AppKey from the link you provided.
By the way, at that time 'expires_in' was 300, so I assumed after 5 minutes I could request a new access token using grant_type=password, but even now (more than 1 hour later) it is failing with "Session quota is reached." error.
Not part of the original question, but can you please help?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
7.6k 15 6 9

@Serge

If the refresh token is still valid, and the machine wants to authenticate the new attempt, maybe it will require to set “takeExclusiveSignOnControl=true" in the request body to terminate the old session.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
19 2 3 8

@moragodkrit

Thanks a lot! It did the trick.

Is there a documentation about all these parameters?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

There is online documentation at https://api.refinitiv.com. Then, find the /auth/oauth2/beta1/token API. It will list all available parameters with description.

parameter.png (12.3 KiB)
Upvotes
14.3k 23 8 12

Hello @Serge

There are two types of username for EDP and ERT in Cloud

  • Machine ID: The Machine ID (GE-xxxx) username is requires for ERT in Cloud (Streaming RSSL/WebSocket) usage. You can use that Machine ID as a client_id value.
  • Email based username: The email based username is required for EDP (HTTP REST). You need specific client_id value which you can generate from the link provided by Jirapongse.

Note: You will receive your Machine ID as a user name and a link to activate your machine account and set your password via the Welcome Email that you receive when you subscribe to ERT in Cloud.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
14.3k 23 8 12

Hello @Serge

The list of /token parameters and other EDP services are available it EDP API Docs web page. However, the page requires the EDP account (email based username type) to access it.

The supported /token parameters from the above page are following:

  • grant_type: Supported values "password" and "refresh_token" (*required)
  • username: The resource owner username (*required)
  • password: The resource owner password.
  • scope: The scope of the access request.
  • refresh_token: The refresh token issued to the client
  • client_id: The client_id = Application ID. Alternatively, can be provided in Authorization header.
  • Authorization: "Basic" + base64 encoded "client_id:client_secret", where client_id=Application ID and client_secret is empty
  • takeExclusiveSignOnControlstring: OPTIONAL. This is a Boolean that will allow the API Caller to create session if the nb of concurrent session have been reached (of course, by doing this a valid session will be killed) - default = false
  • multiFactorAuthenticationCode: OPTIONAL. This a string that will have to be send only if MFA is required to authenticate the identity. This code will be send by SMS or Email (depending on how MFA has been setup). - default = null
  • newPassword: OPTIONAL. This is a string that will have to be send if a new Password
    is required to authenticate. (Note: the current and new passwords
    will be required in order to authenticate) - default = null
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.