Client API Service Adoption using OAuth 2.0 Protocol

CME Group uses OAuth 2.0, a protocol that supports secure decoupled Authentication (Identity verification) and Authorization (Access Level), to access various CME Group Web Service APIs.

OAuth 2.0 Service Adoption Steps

A registered OAuth 2.0 API ID and password is required to access CME Group Web Service APIs.

New Clients of CME Group

Existing Clients with CME Group login

New Clients of CME Group

Existing Clients with CME Group login

  1. Create a CME Group Login.

  2. After creating and activating a CME Group Login ID, login to CME Customer Center under My Profile and create an OAuth API ID.

  1. Login to CME Customer Center and under My Profile create an OAuth API ID.

Clients can convert their existing Basic Auth ID to an OAuth ID. This action is irreversible and clients have to re-entitle the converted API ID to use with the desired CME Group Web Service API(s).

Authentication with CME OAuth 2.0 Service

Client systems use the OAuth API ID and Password to obtain an authorization token from the CME OAuth 2.0 service.

Authentication and Token retrieval

Client systems must use a HTTP POST method to the following URLs to obtain an authorization token to the relevant environment.

Detail

New Release

Production

Detail

New Release

Production

OAuth Token Endpoint

https://authnr.cmegroup.com/as/token.oauth2

https://auth.cmegroup.com/as/token.oauth2

Note that the OAuth API ID and Password is specific to the environment and cannot be used across environments.

POST Method Header and Body parameters

In the HTTP POST method, the following Header parameters are required:

  • Content-Type should be set to "application/x-www-form-urlencoded"

  • Authorization should be set to "Basic Base64encoded(APIID:Password)"

The Body of the HTTP POST must have grant_type=client_credentials.

Example

The following is an example authorization token request.

POST /as/token.oauth2 HTTP/1.1 Host: auth.cmegroup.com Content-Type: application/x-www-form-urlencoded Authorization:Basic base64EncodedValue grant_type=client_credentials

Authentication Responses

Successful Response

If the request for an access token is valid, the authorization server will generate an access token and send back to the client.

The response with an access token will contain the following properties:

  • access_token - The access token string to use on requests to the CME Group Web Service API(s).

  • token_type - Defines the type of token, typically just the string “bearer”.

  • expires_in - Defines the duration of time, in seconds, until the access token expires and a new token must be obtained.

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache {   "access_token":"tokenValue",   "token_type":"bearer",   "expires_in":1799, }

Unsuccessful Response

Error responses are returned with an HTTP 40x status code, with error and error description parameters.

HTTP 40x response - Client side error. Example error descriptions include:

  • Incorrect grant_type value or grant_type is missing.

  • Incorrect Content-Type header value or Content-Type is missing.

  • Invalid credentials in the Authorization or incorrect encoding.

HTTP 400 Example

HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error_description": "grant_type is required", "error": "invalid_request" }

HTTP 400 Example

HTTP 401 Example






How was your Client Systems Wiki Experience? Submit Feedback

Copyright © 2024 CME Group Inc. All rights reserved.