Skip to main content

Authorization

The Data API platform uses Basic Authentication as its authentication model. API clients send HTTPS requests with the Authorization header containing the word Basic followed by a space and a base64-encoded string containing "apiclient:apisecret" (the apiclient and apisecret map to the username and password obtained when requesting test credentials as described here.)

With the exception of the Market Transparency APIs, all APIs require authentication.

Once you are ready to go live with your integration you will need to go through the production provisioning process to obtain access to the production datasets. See the Getting Started page for more information on this process.

NOTE: Existing integrations using the preview Market Transparency APIs will continue to work for the foreseeable future and we will provide sufficient notice as to when you will be required to go through the production provisioning process.

Example:

To authorize using the API Client ID "demo" and the API Client Secret "[email protected])rd" the API Client would include an Authorization Header in the request containing the string Basic ZGVtbzpwQDU1KXJk

Important:

  1. The API Client is the username you received when requesting test access
  2. The API Secret is the password received when requesting test access (after you changed it).
  3. The "colon" is required in the authorization token string prior to being base64 encoded.
  4. The example Client ID (demo) and Client Secret ([email protected])rd) shown above will not work as a test credential. They are for illustration purposes only.
  5. The API Secret expires and will have to be changed every 120 days.