fileX transition from Basic Auth to OAuth 2.0 Deadline Extension
The deadline for transitioning from Basic Auth to OAuth 2.0 for fileX APIs has now been extended to Feb 28, 2022. The transition from Basic Auth to OAuth 2.0 method for authentication is necessary because Basic Auth is a less secure authentication mechanism, which could potentially expose long-lasting credentials. OAuth 2.0 replaces these long-lasting credentials with limited life span tokens, resulting in an improved security and control of FINRA applications.
What do I need to change?
Before invoking fileX APIs, send an API request to FINRA Identity Platform(FIP) service to obtain OAUTH token and use the token received to make further fileX API calls.
How to generate OAUTH token?
For detailed instructions on how to generate an OAUTH token see section 5 in fileX v1.3.0 user guide (new version).
Key Milestone Dates
| No. | Steps | Date |
|---|---|---|
| 1 | fileX started supporting OAUTH 2.0 in QA & CT | Sept 30, 2021 |
| 2 | fileX started supporting OAUTH 2.0 in PROD | Nov 05, 2021 |
| 3 | fileX turns off Basic Auth in QA and CT | Feb 1, 2022 |
| 4 | A follow up reminder will be sent 5 days before the PROD turn off date | Feb 23, 2022 |
| 5 | fileX turns off Basic Auth in PROD | Feb 28, 2022 |
This change only impacts HTTPS and S3 Direct Customers. It does not impact the SFTP method in fileX which still requires userid and password to connect and perform file transfers.