Hello @manjinder.singh

The RDP team found that your Machine-ID generated too many password grant calls (new sessions), so it invalided the session for the refresh token request.

According to their log, there are other password grant calls during the <10:42> initial password request and <10:50> refresh token request.

Please confirm if you are using this single Machine-ID with multiple sessions or applications in your environment.

Hello @manjinder.singh

The error message "Error Text Received HTTP error 400 status code with data body : {"error":"invalid_grant" } ." is generated from the RDP HTTP API Gateway. It is most likely caused by an issue with the RDP Authentication system being used by the RRTO service.

I have tested the given View request code with the EMA C++ 3.6.6 (RTSDK 2.0.3.L1) example Cons450. The example code works fine without any errors.

Can you replicate the issue on demand? If so, please enable the HTTP REST API Log, replicate the issue and share the REST log file. You can enable the REST Log file with the following EMA parameters:

Note: Please remove your credentials from the REST log file before posting.

Hi @manjinder.singh

Additionally, are you using a single RTO Machine-ID with multiple applications/sessions?

If you use a single Machine-ID with multiple sessions, the applications may encounter an error when an access token expires or when the applications attempt to refresh an access token. I highly recommend you reach out to your Refinitiv representative to get multiple Machine-IDs if you want to run multiple applications/sessions.

Hello @manjinder.singh

The example of programmatic config for the RestEnableLog and RestLogFileName is as follows:

void createProgramaticConfig( Map& configDb )
{
    Map elementMap;
    ElementList elementList;

    if (connectWebSocket)
    {
        ...
    }
    else
    {
        EmaString restFileLocation = "C:\\<my path>\\450_MP_QueryServiceDiscovery\\rest.log";
        elementMap.addKeyAscii("Consumer_1", MapEntry::AddEnum,
            ElementList().addAscii("Channel", "Channel_1").addUInt("RestEnableLog", 1).addAscii("RestLogFileName", restFileLocation).complete()).complete();
    }

    elementList.addMap( "ConsumerList", elementMap );
    elementList.complete();
    elementMap.clear();

    configDb.addKeyAscii( "ConsumerGroup", MapEntry::AddEnum, elementList );
    elementList.clear();
    ...

Note: The code is based on the Cons450 example.

Hi @wasin.w,

Here is the output from the log. I've shorted some text using <text> including the successful tokens.

We use websocket option and also go through a proxy.

The error occurs every 8 minutes or so.

REST log redirected to file.

--- REST REQUEST ---

<!-- Time: 10:42:34:277 -->

URL: https://api.refinitiv.com/auth/oauth2/v1/token

HTTP method POST

HTTP header data:

Accept : application/json

Content-Type : application/x-www-form-urlencoded

HTTP body data: grant_type=password&username=<Machine ID>&client_id=<Client ID>&scope=trapi.streaming.pricing.read&takeExclusiveSignOnControl=true

Proxy host name: http://<proxy>

Proxy port: <port>

Request timeout: 90

--- REST RESPONSE ---

<!-- Time: 10:42:34:651 -->

HTTP header data:

Date : Mon, 25 Jul 2022 09:42:34 GMT

Content-Type : application/json

Transfer-Encoding : chunked

Connection : keep-alive

Content-Encoding : gzip

X-Amzn-Trace-Id : Root=1-62de658a-2b7afae21fc3979d5aa400d8

X-Served-By : region=eu-west-1; cid=1de27dcca9484296891c0de2dd844e89

X-Tr-Requestid : 6891f571-f55a-4c56-a64c-19b84cf242b0

HTTP body data: { "access_token":"<token>", "refresh_token":"<token>", "expires_in":"600" , "scope":"trapi.streaming.pricing.read", "token_type":"Bearer" }

Protocol version: HTTP/1.1

HTTP status code: 200

--- REST REQUEST ---

<!-- Time: 10:50:36:201 -->

URL: https://api.refinitiv.com/auth/oauth2/v1/token

HTTP method POST

HTTP header data:

Accept : application/json

Content-Type : application/x-www-form-urlencoded

HTTP body data: grant_type=refresh_token&username=<Machine ID>&client_id=<Client ID>&refresh_token=<same refresh token as above>

Proxy host name: http://<proxy>

Proxy port: <port>

Request timeout: 90

--- REST RESPONSE ---

<!-- Time: 10:50:38:565 -->

HTTP header data:

Date : Mon, 25 Jul 2022 09:50:38 GMT

Content-Type : application/json

Content-Length : 29

Connection : keep-alive

X-Amzn-Trace-Id : Root=1-62de676c-23d2cb7377848daa6adf8d71

X-Served-By : region=eu-west-1; cid=a61fe750a1394d6e84629ea87f17cac6

X-Tr-Requestid : 11c45ffa-29ed-4f80-ba5d-3311907d6f8c

HTTP body data: {"error":"invalid_grant" }

Protocol version: HTTP/1.1

HTTP status code: 400

I've double-checked and the refresh token in both cases match.

Any ideas?

Hello @manjinder.singh

It looks like the API cannot renew the RDP token. Can you please try the following curl commands?

Firstly, log in to the RDP Auth service.

curl --location --request POST 'https://api.refinitiv.com/auth/oauth2/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer ' \
--data-urlencode 'username=<Machine ID>' \
--data-urlencode 'password=<Password>' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=trapi' \
--data-urlencode 'takeExclusiveSignOnControl=true' \
--data-urlencode 'client_id=<App Key>'

Then copy the refresh_token response from RDP.

Next, run the following command to verify if the access token can be renewed.

curl --location --request POST 'https://api.refinitiv.com/auth/oauth2/v1/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic ' \
--data-urlencode 'username=<machine-id>' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id=<app_key>' \
--data-urlencode 'refresh_token=<refresh_token>'

Additionally, can you replicate the issue on demand?