fileX transition from Basic Auth to OAuth 2.0
On Jan 14, 2022, FINRA fileX APIs will no longer support Basic Auth and only support OAuth 2.0 method for Authentication. This change is necessary because Basic Auth is a less secure authentication mechanism, which could potentially expose long-lasting credentials. OAuth 2.0 replaces these long-lasting credentials with limited life span tokens, resulting in an improved security and control of FINRA applications.
Accordingly, we are reaching out to you to provide the information and guidance required to switch your applications to OAuth 2.0 from Basic Auth for file transfers via fileX APIs.
What do I need to change?
Before invoking fileX APIs, send an API request to FINRA Identity Platform(FIP) service to obtain OAUTH token and use the token received to make further fileX API calls.
How to generate OAUTH token?
For detailed instructions on how to generate an OAUTH token see section 5 in fileX v1.3.0 user guide (new version). The old user guide v1.2.4 that contained Basic Auth information will be available until 1/14/2022 and replaced with the new guide after that.
Key Milestone Dates
|1||A new version of fileX user guide (v1.3.0) with OAUTH 2.0 info available on FINRA.org||Sept 1, 2021|
|2||fileX starts supporting OAUTH 2.0 in QA and CT||Sept 30, 2021|
|3||fileX starts supporting OAUTH 2.0 in PROD||Nov 05, 2021|
|4||fileX turns off Basic Auth in QA and CT||Dec 03, 2021|
|5||A follow up reminder will be sent 5 days before the PROD turn off date||Jan 07, 2022|
|6||fileX turns off Basic Auth in PROD||Jan 14, 2022|
This change only impacts HTTPS and S3 Direct Customers. It does not impact the SFTP method in fileX which still requires userid and password to connect and perform file transfers.