Factset API Keys Authentication: Version 1.0

Developer's Manual and Reference
October 2018

Overview

FactSet Research Systems Inc. provides access to Analytics and content through RESTful APIs. To ensure the integrity and confidentiality of this data, FactSet leverages API Keys using Basic HTTP Authentication Scheme described in RFC 7617.

The workflow of API key authentication is as follows:

  • Register with FactSet to obtain FactSet Username and Serial.
  • Generate the API key using the Developer Portal.
  • Construct the HTTP Authorization header as per the Basic HTTP Authentication Scheme with username-serial as username and API key as the password.
  • Authorization: Basic dXNlcm5hbWUtc2VyaWFsOlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWA==
  • Encode this value using Base64 encoding into a sequence of US-ASCII characters
  • The Authorization header needs to be included with all API requests

Obtaining an API Key

  • Under the user profile menu, select "Manage API Keys".

  • A list of previously generated API keys will be displayed on the API Key Management page. On this page, the user can either revoke existing keys or generate new ones by clicking on “Generate New API Key”.

  • In the pop-up window, provide a brief description stating the purpose of this key. Please note, this description also acts as way to identify and distinguish between existing keys. The next step is to provide the IP address range of the devices that will be used for accessing APIs with this key. Click "Create" to generate the key.

  • If the key is successfully generated, it will display the key on the pop-up window. Please note that the key cannot be viewed again so make sure it’s copied and stored before clicking the “Close” button.

  • The API Key Management page will now list the newly generated key with the specified description as the identifier. This key or any other existing key can be revoked by clicking on the “Revoke” button.

Issuing a request with an API Key

The specifics of an API request differ by the FactSet API being used, but the authentication remains the same. A valid Authorization header must be provided using Basic HTTP Authentication Scheme. This scheme requires a username and password. The FactSet credentials (username and serial separated by a single hyphen “-“ character) forms the username and the API key is the password. This username and password concatenated by a single colon “:“ character must be Base64 encoded and included with the Authorization header for all API requests.

Below is an example of GET request to the FactSet API using “username-serial:XXXXXXXXXXXXXXXXXXXXXXXXXXX” as the credentials.

$ echo "username-serial:XXXXXXXXXXXXXXXXXXXXXXXXXXX" | base64
dXNlcm5hbWUtc2VyaWFsOlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWAo=

$ curl -X GET "https://api.factset.com/analytics/pa/v1/currencies"
-H "Accept: application/json"
-H "Authorization: Basic dXNlcm5hbWUtc2VyaWFsOlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWAo="

If the credentials are not valid, then the server will respond with a 401 HTTP status code (Unauthorized).