Every call made to the LUSID API must be authorised by an API access token.
You can call the LUSID REST API directly, or perhaps more conveniently using an appropriate language LUSID SDK. The SDKs have helper classes that automate the process of obtaining an API access token and refreshing it upon expiry.
To enable an SDK to obtain an API access token, you must pass in your LUSID username and password, client ID and client secret, and dedicated Okta token URL using one of the following methods.
Using a secrets file
You can store your LUSID username, password, client ID and client secret in a file on disk and make it available to the SDK. To do this:
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and access > Applications.
- On the Applications dashboard, click the
View icon for an appropriate application. See how to create an application.
- In the Export credentials area, make sure Secrets file is selected and copy the data to the clipboard:
- Paste the data into an appropriate local file, for example
secrets.json. - In the file, replace the
<password>value with your actual LUSID account password.
Note: If you want to use a long-lived personal access token (PAT) instead of a short-lived (and more secure) Okta token, replace the tokenUrl field with an accessToken field and a value of your PAT.
The following snippet demonstrates passing the secrets file location into the Python SDK. An API access token is automatically generated each time a method is called:
import lusid # Obtain an API access token and automatically refresh it: secrets_file_path = "/path/to/secrets.json" api_factory = lusid.utilities.ApiClientFactory( api_secrets_filename=secrets_file_path ) # Build the instruments API: instruments_api = api_factory.build(lusid.api.InstrumentsApi) # Retrieve the instrument master: response = instruments_api.list_instruments
Using environment variables
You can store your LUSID username, password, client ID and client secret as environment variables and make them available to the SDK. To do this:
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and access > Applications.
- On the Applications dashboard, click the
View icon of an appropriate application. See how to create an application.
- In the Export credentials area, make sure Env variables for either Linux or Windows is selected and copy the data to the clipboard:
- Run the first five commands in an appropriate shell as-is to set those environment variables.
- For the last command, replace the <password> value with your actual LUSID account password and then run the command to set the FBN_PASSWORD environment variable.
Note: If you want to use a long-lived personal access token (PAT) instead of a short-lived (and more secure) Okta token, export the FBN_ACCESS_TOKEN variable with a value of your PAT instead of FBN_TOKEN_URL.
The following snippet demonstrates passing environment variables into the Python SDK. An API access token is automatically generated each time a method is called:
import lusid # Obtain an API access token and automatically refresh it: api_factory = lusid.utilities.ApiClientFactory() # Build the instruments API: instruments_api = api_factory.build(lusid.api.InstrumentsApi) # Retrieve the instrument master: response = instruments_api.list_instruments