question

Upvotes
Accepted
1.2k 23 29 44

TRKD Create Service Token API should be open without credentials

REF: https://support-portal.rkd.refinitiv.com/SupportSite/TestApi/Op?svc=TokenManagement_1&op=CreateServiceToken_1

REF: https://community.developers.refinitiv.com/questions/41617/get-access-token-via-browser-access-control-allow.html

REF: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

There is no reason this API should be restricted by CORS, please add the header as required for full web access. The TRKD data APIs are not similarly restricted, this appears a simple implementation flaw.

Access-Control-Allow-Origin: *

Currently I am accessing as recommended in the documentation via a reverse proxy.

rkd-apirkdtoken
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
17.1k 46 13 19

Hi @Steven McCoy, welcome back.

Considering that Refinitiv's strategic platform product RDP, also follows same strategy - i.e. token endpoints are access restricted, I highly doubt that TRKD will be switched to an open access.

For client's intending to use RDP with browsers, we are advising to use Implicit or Authorization code grant. For TRKD, I think your only option is to use a reverse proxy.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
17.4k 34 12 12

Hello @Steven McCoy

I strongly suggest you contact the RKD support team directly via https://my.refinitiv.com/ (chose Product "Refinitiv Knowledge Direct API") for this kind of product feature request.


rkd-request.png (22.6 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.