Fastmarkets Authentication API
Table of Contents
Fastmarkets Authentication API
All the Fastmarkets APIs use well established modern security standards. This includes the use of OAuth 2.0, OpenID Connect and JSON Web Tokens.
Customers of Fastmarkets data will typically have their own services that will consume and process data. As such, authentication based on a single user’s credentials are not appropriate. Instead, a unique Service Key and Service Name is issued by Fastmarkets which can be used when calling the Fastmarkets Authentication API to generate an Access Token. The returned Access Token (in the form of a JSON Web Token) is then needed for any subsequent calls to other Fastmarkets APIs (such as the Fastmarkets Physical Prices API) to verify that the calling service has the necessary permissions to view the requested data.
Generating an Access Token
Using the provided Service Key and Service Name, a POST Connect Token request is required to the Fastmarkets Authentication API as described in the example below. The response includes the Access Token itself, an Expiry time (in seconds) and the type of Access Token (this will always be of type 'Bearer’).
Example Request:
import requests # use requests library
import json # use json library
url = "https://auth.fastmarkets.com/connect/token"
payload = {
'grant_type': 'servicekey',
'client_id': 'service_client',
'scope': 'fastmarkets.physicalprices.api',
'serviceName': 'service_name',
'serviceKey': 'service_key'
}
header = {'Content-Type': "application/x-www-form-urlencoded"}
token_response = requests.post(url, data = payload, headers = header)
accessToken = json.loads(token_response.content)Where service_name and service_key should be replaced by your credentials data Service Name and Service Key accordingly.
Example Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjdjZTkyOTQ4NDk0ODRkMDM4YzQ0N...eEJkMWKgeY4vumE1RY-h4pC1CT6w",
"expires_in":7200,
"token_type":"Bearer"
}Please note that the Access Token will expire. The expiry time is provided in the response. This is by design. Depending on requirements, a new Access Token will need to be generated in one or more of the following circumstances:
1. Before every request to an API that requires an Access Token (such as the Physical Prices API) - This could prove inefficient if making frequent data requests but can suit stateless processing.
2. When the current Access Token is close to expiry – The ‘expires in’ value returned with Connect Token request provides the expiry period in seconds. Alternatively, decoding the JSON Web Token (JWT) itself will reveal a parameter called ‘exp’ with a timestamp value representing the expiry time.
3. On receiving a Status 401 (Unauthorized) response from an API
Technical API information
To find out more about our APIs please see API technical information
Further help
If you have more questions or need further support please look at all the help content available on our Support Hub. If you can't find what you need and want to contact our support teams then Let’s get you some help.