Skip to main content

Authorization

The Data API platform uses Basic Authentication as its authentication model. API clients send HTTPS requests with the Authorization header containing the word Basic followed by a space and a base64-encoded string containing "clientid:clientsecret"

As a general rule you should authenticate every API request to the FINRA API platform. In our preview release of some Market Transparency APIs it was possible to access the endpoint without authorization, however you should expect that all APIs will require authentication in the future, including the Market Transparency APIs, and therefore we strongly recommend that you include authorization in your plans as you utilize our test datasets.

You will also be required to go through the production provisioning process for any existing API integrations as well as any future planned integrations. See the Getting Started page for more information on this process.

NOTE: Existing integrations using the preview Market Transparency APIs will continue to work for the foreseeable future and we will provide sufficient notice as to when you will be required to go through the production provisioning process.

Example:

To authorize using the API Client ID "demo" and the API Client Secret "[email protected])rd" the API Client would include an Authorization Header in the request containing the string Basic ZGVtbzpwQDU1dzByZA==

Notes:

  1. The API Client is the username received as part of provisioning an API key.
  2. The API Secret is the password received as part of provisioning an API key (after you changed it).
  3. The example Client ID (demo) and Client Secret ([email protected])rd) shown above will not work as a test credential. They are for illustration purposes only.