Authentication

Thomson Reuters APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication. There is currently only one method for authentication, listed below.

OAuth 2.0

Oath 2.0 Bearer Token (also known as app-only)

OAuth 2.0 Bearer Token authenticates requests on behalf of your developer App. As this method is specific to the App, it does not involve any users. This method is typically for developers/services that need read-only access to information. 

This authentication method requires for you to pass a Bearer Token with your request, which you can generate within the Keys and tokens section of your developer Apps. 

Here is an example of what a request looks like with a fake Bearer Token:

API calls using app-only authentication are rate limited per endpoint at the App level.

To use this method, you'll need a Bearer Token, which you can generate by passing your API Key and Secret through the POST oauth2/token endpoint, or by generating it in the "keys and token" section of your App settings in the developer portal.

Bearer Tokens have a set maximum life of 60 minutes. After the 60 minutes timeframe expires, bearer tokens expire and access to the API is revoked. At this point a new bearer token will be required for access to the API to continue.