Collapse

Authorisation

Use Case

Client Credentials Grant Type

Openmarkets allows your application the ability to issue authenticated requests on behalf of your application itself. This is performed using the OAuth2 Client Credentials Grant.

When using this grant type, your application will not have the context of an authenticated user, and therefore requests will be unauthorised where endpoints require a user context.

Obtaining an access token via Client Credentials

# shell example
$ curl -X POST -u '{client_id}:{client_secret}'
-H "Content-Type: application/x-www-form-urlencoded"
-d 'grant_type=client_credentials&scope=market-data-api%20news-api%20oms-api'
'https://auth.openmarkets.com.au/connect/token'
// .Net Example (C#)
var authUrl = "https://auth.openmarkets.com.au/connect/token";
var clientId = "YOUR_CLIENT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";

var postData = "grant_type=client_credentials&scope=market-data-api%20news-api%20oms-api";

var client = new System.Net.Http.HttpClient();

client.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes($"{clientId}:{clientSecret}")));

var result = client.PostAsync(new Uri(authUrl), new StringContent(postData, Encoding.UTF8, "application/x-www-form-urlencoded"));

var tokenJson = result.Result.Content.ReadAsStringAsync().Result;

Request an access token using your client_id and client_secret, along with the list of scopes that you require by making a valid request to https://auth.openmarkets.com.au/connect/token

See each individual API documentation for the scopes required to access them. Attempting to use a scope that is not included in your plan will result in a 400 invalid_scope error.

The request is authenticated using basic authentication with the client_id and client_secret corresponding to a username and password respectively.

Sample token response

{
    "access_token": "b15ec944b77e2c7a92703bd969b3be92",
    "expires_in": 3600,
    "token_type": "Bearer"
}
  • access_token: the value which will be used as the bearer token to authorise requests
  • expires_in: The lifetime in seconds of the token. For example, the above sample response denotes that the token will expire in one hour from the time the response was generated
  • token_type: Indicates the type of token obtained, in our case a bearer token

The access_token should be cached for the duration specified the expires_in field. Rate Limits are applied.