Security

Each api call expect the authorization token in the request header.

To generate it, you should follow the next steps.

Generate token

Important: the generated token will be valid for 24 hours.

1. Create a request with the following properties:

  • Base url: https://authorization.fxstreet.com/token
  • Http method: POST
  • ContentType: application/x-www-form-urlencoded
  • DataType: json

The body content depends of where is the call from:

  • Server body:
 
    {   grant_type: "client_credentials",
        client_id: "{YOUR_CLIENT_PUBLICKEY}",
        client_secret: "{YOUR_CLIENT_PRIVATEKEY}"  }
  • Client body:
    {   grant_type: "domain",
        client_id: "{YOUR_CLIENT_PUBLICKEY}"   }

Important: never send your private key from client side.

 

C# Sample (server):

    var restClient = new RestClient("https://authorization.fxstreet.com/token");
    var request = new RestRequest(Method.POST) { RequestFormat = DataFormat.Json };
    
    request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
    request.AddParameter("grant_type", "client_credentials");
    request.AddParameter("client_id", "{YOUR_CLIENT_PUBLICKEY}");
    request.AddParameter("client_secret", "{YOUR_CLIENT_PRIVATEKEY}");

 

jQuery Sample (client-domain):

    $.ajax({
        type: "POST",
        url: "https://authorization.fxstreet.com/token",
        contentType: "application/x-www-form-urlencoded",
        dataType: "json",
        data: {    
            grant_type: "domain",
            client_id: "{YOUR_CLIENT_PUBLICKEY}"
        }
    })


 

jQuery Sample (client-credentials) be careful, it is not safe only for testing pourpuses :

    $.ajax({
        type: "POST",
        url: "https://authorization.fxstreet.com/token",
        contentType: "application/x-www-form-urlencoded",
        dataType: "json",
        data: {    
            grant_type: "client_credentials",
            client_id: "{YOUR_CLIENT_PUBLICKEY}",
            client_secret: "{YOUR_CLIENT_SECRET}"
        }
    })



2. Call and capture the token:

You will recieve the following result format:

    { "access_token": ...
      "token_type": ...,
      "expires_in": ... }

We will use the values access_token and token_type.

Please check the Oauth Security Generator in order to generate quickly your OauthToken for the swagger documentation.

 

Append authorization token to api call

Once you have the token, you should to append it on the api call as a header in the following format:

  • Header key: Authorization
  • Value key: the token formatted as "{token_type} {access_token}"

C# Sample:

    var restClient = new RestClient("http://calendar.fxstreet.com/eventdate/?view=day&f=xml");
    var restRequest = new RestRequest(Method.GET);
    restRequest.AddHeader("Authorization", "{TOKEN_TYPE} {ACCESS_TOKEN}");    
    var response = restClient.Execute(restRequest);

jQuery Sample:

    $.ajax({
        type: "GET",
        url: "http://calendar.fxstreet.com/eventdate/?view=day&f=xml",
        contentType: "application/json; charset=utf-8",
        dataType: "json",
        beforeSend: function (xhr) {
            xhr.setRequestHeader ("Authorization", {TOKEN_TYPE} + ' ' + {ACCESS_TOKEN});
        }
    })