To interact with the ANZ Fileactive FX RFQ Pricing Service, authentication is managed via OAuth 2.0 using the Client Credential Grant flow. This method ensures secure access by obtaining a bearer token, which is then used for authorizing API requests within the FX RFQ service.

Key Points:

  • Endpoint: Authentication requests should be directed to the /v1.0/auth endpoint.
  • Grant Type: Use client_credentials as the grant type to acquire tokens.
  • Token URL: The token URL is https://api.fileactive.anzgcis.com/v1.0/auth.
  • Scopes: Specific scopes define access permissions, such as:
    • FX.RFQ.CREATE - For creating FX RFQ (Request for Quote) resources.
    • FX.RFQ.READ - For retrieving FX RFQ details.
    • FX.DEAL.CREATE - For creating FX Deal resources.
    • FX.DEAL.READ - For retrieving FX Deal details.
  • Headers: Include an API key in the request header using apikey as the parameter name.

Example Request:

To request a token, send a POST request with the required parameters in application/x-www-form-urlencoded format. The request must also include your API key in the header for authentication.

POST /v1.0/auth HTTP/1.1
Host: api.fileactive.anzgcis.com
Content-Type: application/x-www-form-urlencoded
x-api-key: <your_api_key_here>  # Include your API key in the header

grant_type=client_credentials&
client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&
scope=FX.RFQ.CREATE&
client_assertion=<your_client_assertion_here>

Example Response:

On success, you’ll receive a bearer token in the response, which is used for authorisation in subsequent API calls.

{
  "expires_in": 3600,
  "token_type": "Bearer",
  "access_token": "eaaa13ee-b596-a8cc-b9d4-f778f8bb9377"
}

Usage Notes:

  • authorisation Header: Include the access_token in the authorisation header as Bearer <access_token>.
  • Token Refresh: Tokens expire according to the expires_in value. Ensure you handle token renewal to maintain API access.

Important Note:

The client_assertion field in your request must be a JWT (JSON Web Token) that is signed with your private key. This ensures the integrity and authenticity of the request. The private key should correspond to the public key that ANZ has on file.

If the client assertion is not properly signed, the authentication request will fail.