Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Refinitiv Data Platform /
avatar image
REFINITIV
Question by Nick.Straatsma · Aug 09 at 07:29 PM · rdp-apirefinitiv-data-platform

Error connecting to AAA STS for RDP access - username correct but suspecting URL migration from TR to Refinitiv is the cause

Hi

We are integrating with AAA retrieving the STS token for access to RDP streaming pricing. Until recently we have been successfully authenticating from the existing Thomson Reuters URL https://sts.login.cp.thomsonreuters.net/

Two weeks ago we tried to connect a new users on production with AAA. However when they use the above URL they get an error

2021-08-05 13:12:17.970 DEBUG SerializableWebMessageBase: {"BaseUri":https://sts.login.cp.thomsonreuters.net/,"ClientId":"*******","ClientSecret":"*****","RequestID":"1","HttpStatus":200,"UseJsonSerialization":true} Subject: SerializableAAAClient

2021-08-05 13:12:20.681 DEBUG {"error": "access_denied", "error_description": "Invalid username or password."}

We have tested the same credentials on:

- User's Eikon login = successful

- RDP playground = successful

We think this maybe due to the migration in domains. Is that correct? Could there be another cause for the failure to login and receive the STS token?

If the issue is the Domain, could someone confirm the correct URL is identity.ciam.refinitiv.net and when was this change expected to be made?


Thank you,

Nick

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Reply

  • Sort: 
avatar image
REFINITIV
Best Answer
Answer by Gurpreet · Aug 09 at 07:40 PM

Hi @Nick.Straatsma ,

The OAuth token URL has been: https://api.refinitiv.com:443/auth/oauth2/v1/token for a long time now. Can you try this endpoint.

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Nick.Straatsma · Aug 11 at 03:04 PM 0
Share

Hi @Gurpreet

Thanks very much for the answer. This helped and we also discovered that some of the problem was our TLS version and using JSON instead of URL encoded message body. Here is summary and open questions.

Doing this fixed/enabled us to connect:

  • https://sts.login.cp.thomsonreuters.net/
    1. Resource Owner Password Credential = Successful
    2. PKCE = successful
  • https://sts.identity.ciam.refinitiv.net
    1. Resource Owner Password Credential = Successful
    2. PKCE = failing
  • https://api.refinitiv.com:443/auth/oauth2/v1/token
    1. Resource Owner Password Credential = Successful
    2. PKCE = failing

Questions

  • Is there documentation for the URL migrations and supported connection types?
  • Do you expect PKCE to work on the new URLs? Attached is a code snippet. We don't get especially verbose responses on failure.
1628694184272.png (501.2 KiB)
avatar image
REFINITIV
Gurpreet ♦♦ Nick.Straatsma · Aug 11 at 03:36 PM 0
Share
Hi @Nick.Straatsma ,

I would recommend that you directly get in touch with STS gateway team to get details for which endpoints will support PKCE.


Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
11 People are following this question.

Related Questions

discrepancy between RDP API vs Excel RSearch for corporate bonds

Summaries.Definition("MyRIC").GetData() not working when invoking from WindowsFrom Application

RDP CommonName vs. DocumentTitle

Why I am getting failed to request a new token error in RDP platform session?

I have a client trying to use Refinitiv API to get surface of volatility and gets this error: {'code': 500, 'message': 'self signed certificate in certificate chain', 'statusMessage': 'Internal Server Error'}

  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Electronic Trading
    • Generic FIX
    • Local Bank Node API
    • Trading API
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Intelligent Tagging
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open Calais
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • RDMS
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • Workspace SDK
    • Element Framework
    • Grid
  • World-Check Data File
  • 中文论坛
  • Explore
  • Tags
  • Questions
  • Badges