For a deeper look into our Elektron API, look into:

Overview |  Quickstart |  Documentation |  Downloads |  Tutorials |  Articles

question

Upvotes
Accepted
1 1 0 0

Getting {"error":"access_denied"} when trying to get access token

Here is the part of code that calls the endpoint (to get a glimpse of headers, method etc.):


Unirest.setTimeouts(0, 0);

HttpResponse<String> response = Unirest.post("https://api.refinitiv.com:443/auth/oauth2/v1/token")

.header("Content-Type", "application/x-www-form-urlencoded")

.field("grant_type", "password")

.field("username", "***************")

.field("password", "***************")

.field("takeExclusiveSignOnControl", "True")

.field("scope", "trapi")

.field("client_id", "********************")

.asString();


Here’s what I get from server:

Response body:
{"error":"access_denied" }


HTTP status: 400

Headers:

Date Tue, 30 Jun 2020 14:24:59 GMT

Content-Type application/json

Content-Length 29

Connection keep-alive

X-Amzn-Trace-Id Root=1-5efb4b3b-4a278e16d28720ec9826d572

X-Served-By region=eu-west-1; cid=9b0a08d5-13b9-4b70-bc36-90e6c60e0089

X-Tr-Requestid 52ddba1d-31a4-4b9f-bc55-30d1834d5c81


Credentials are ok, because if I change them to the wrong ones - I get different message.

I've tried sending request with Postman, Refinitiv provided Python script: https://raw.githubusercontent.com/Refinitiv/websocket-api/master/Applications/Examples/EDP/python/market_price_edpgw_service_discovery.py

Result is totally same.

treprdp-apiapiwebsocketsrrtoauthentication
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
16.8k 31 9 12

The ERT in Cloud team has verify the issue and found the root cause. The issue comes from corrupted DNS cache in the network level. The issue is now resolved.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
16.7k 42 12 19

Hi @adomm, Have you generated the AppKey and using that parameter in the client ID. Please see this step-by-step quick start guide. If you are still getting access denied message, it would imply that your credentials are incorrect. Please contact you Refinitiv account manager in that case.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 1 0 0

Thank you for answer Gurpeet. Forgot to mention that code worked successfully before for quite a while and it stopped working just out of the blue. And yes, I did follow Quick start and yes, I generated AppKey and used as client id.
Password doesn't seem to be a problem as if I actually change the password to the wrong one - I get a different message.
I'm in contact with support and no one has a slightest clue what's going on.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
16.7k 42 12 19

What is the message when wrong password is used. Could you post complete return messages.

Here is what I get on wrong username/password:

HTTP 400:
{"error":"access_denied"  ,"error_description":"Invalid username or password." }

And on incorrect client ID:

HTTP 401:
{"error":"invalid_client"  ,"error_description":"Invalid Application Credential." } 


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 1 0 0

When wrong password is used I get HTTP status 400 and Body: {'error': 'access_denied', 'error_description': 'Invalid username or password.'}

When password is right I get just: {"error":"access_denied" }

If needed - I can provide X-Amzn-Trace-Id, X-Served-By and X-Tr-Requestid header values which might help debugging, I guess.



icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
16.7k 42 12 19

Please take it up with your account manager. Thanks.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
11 3 3 3

Hi @Gurpreet.

Can you please investigate the bold/italic part above with development? This is the point where things go wrong on Adomas environment.

I have used his credentials and get the following.

* Connection state changed (MAX_CONCURRENT_STREAMS updated)!


Regards,

Erol



Note: Unnecessary use of -X or --request, POST is already inferred.2JmZDY0NmY4NGE1MGE2MjJlMzYyNDRlYW

* Trying 52.19.116.133:443...

* TCP_NODELAY set

* Connected to api.refinitiv.com (52.19.116.133) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

* CAfile: /etc/ssl/certs/ca-certificates.crt

CApath: /etc/ssl/certs

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

* ALPN, server accepted to use h2

* Server certificate:

* subject: C=US; postalCode=10036; ST=New York; L=New York; street=3 Times Square; O=REFINITIV US LLC; OU=RDP; CN=api.refinitiv.com

* start date: May 29 00:00:00 2020 GMT

* expire date: May 29 23:59:59 2021 GMT

* subjectAltName: host "api.refinitiv.com" matched cert's "api.refinitiv.com"

* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Organization Validation Secure Server CA

* SSL certificate verify ok.

* Using HTTP2, server supports multi-use

* Connection state changed (HTTP/2 confirmed)

* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0

* Using Stream ID: 1 (easy handle 0x564ee25fddb0)

> POST /auth/oauth2/v1/token HTTP/2

> Host: api.refinitiv.com

> user-agent: curl/7.68.0

> accept: application/json

> content-type: application/x-www-form-urlencoded

> authorization: Basic MDA1N2JmZDY0NmY4NGE1MGE2MjJlMzYyNDRlYWIzMWM2ZGI4NjQ1ODo=

> content-length: 188

>

* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!

* We are completely uploaded and fine

< HTTP/2 400

< date: Thu, 02 Jul 2020 13:16:30 GMT

< content-type: application/json

< content-length: 29

< x-amzn-trace-id: Root=1-5efdde2d-6a3384aa010ef27c7d3289cc

< x-served-by: region=eu-west-1; cid=7936fa55-77dc-4fa7-a9f8-80bc66a20408

< x-tr-requestid: 8f714e38-d958-4a68-a128-6535002deab2

<

* Connection #0 to host api.refinitiv.com left intact

{"error":"access_denied" }



icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi Erol, We can provide technical API support, but don't have any visibility into product deployment. It is best to raise a service ticket at my.refinitiv.com for product team to look into the issue.