Introduction

For your reference, find an example below that incorporates authentication and a successful invocation of State Street API.


Register New Application

  1. Login to State Street Developer Portal
  2. View your existing Application registrations at My Apps
    • Click "Add App"
  3. Configure your new Application
    • Enter a descriptive title in "App Name" field
    • Select the services you need to enable with for your application in "API Catalogs". You must select at least one service.
    • Click "Add App"
    • A green "COMPLETE" message will briefly appear at the top of the page
  4. Within "Credentials" section, you may view and copy OAuth 2.0 Client Credentials:
    • Client Identifier, in the "Consumer Key" field
    • Client Secret, in the "Consumer Secret" field

Retrieve Results

For your reference, find an example below that incorporates authentication and a successful invocation of an State Street API:

  1. Login and register an oauth app as described on the ___ get started browser link, following sections 
  2. Exchange your Client Identifier and Client Secret for an Access Token via OAuth 2.0 Client Credentials.
    • Note that a unique Client Identifier and Client Secret are generated for each Application you register in the State Street Developer Portal.
    • Credentials are only valid in the environment where they were issued, so credentials issued in UAT will not work in the PRODUCTION environment.
    • Learn more about Authentication in the platform documentation.
  3. Retrieve a set of example transaction records from the Sample Transactions using example OAuth 2.0 Client Credentials:
    • Client Identifier: example_id
    • Client Secret: example_secret
$ curl \
    --request "POST" \
    --header  "Accept: application/json" \
    --user    "Client Identifier:Client Secret" \
    --data    "grant_type=client_credentials" \
    --url     "https://api.statestreet.com/oauth/accesstoken"
{
    "access_token":"obAPdUGVlb8RCIQT7c7WR6P9zzzz",
    "scope":"read",
    "application_name": "65c652fe-2c5b-41d7-95ef-67fde1cd0000",
    "expires_in":"1799",
    "refresh_count" :"0",
    "status":"approved",
    "token_type":"Bearer"
}

$ curl \
    --request       "GET" \
    --header        "Accept: application/json" \
    --oauth2-bearer "obAPdUGVlb8RCIQT7c7WR6P9zzzz" \
    --url           "https://api.statestreet.com/sampleTransactions/v1/transactions"
import {URLSearchParams} from "node:url";

const hostname            = "api.statestreet.com";
const exampleClientId     = "example_id";
const exampleClientSecret = "example_secret";


const getAccessToken = async (clientId, clientSecret) =>
    fetch(`https://${hostname}/oauth/accesstoken`, {
        method: "POST",
        headers: {
            "Accept":  "application/json",
            "Authorization": `Basic ${btoa(`${clientId}:${clientSecret}`)}`
        },
        body: new URLSearchParams({"grant_type": "client_credentials"})
    })
        .then((response) => response.json())
        .then(({access_token: accessToken}) => accessToken);


const getTransactions = async (accessToken) =>
    fetch(`https://${hostname}/sampleTransactions/v1/transactions`, {
        method: "GET",
        headers: {
            "Accept":  "application/json",
            "Authorization": `Bearer ${accessToken}`
        }
    })
        .then((response) => response.json());


getAccessToken(exampleClientId, exampleClientSecret)
    .then(getTransactions)
    .then(console.info);
import base64
import json
import urllib.request
import urllib.parse

hostname              = "api.statestreet.com"
example_client_id     = "example_id"
example_client_secret = "example_secret"


def get_access_token(client_id, client_secret):
    btoa = lambda s: base64.b64encode(s.encode('ascii')).decode('ascii')
    request = urllib.request.Request(
        url=f"https://{hostname}/oauth/accesstoken",
        method="POST",
        headers={
            "Accept": "application/json",
            "Authorization": f"Basic {btoa(f'{client_id}:{client_secret}')}"
        },
        data=urllib.parse.urlencode({
            "grant_type": "client_credentials"
        }).encode('utf-8')
    )
    response = urllib.request.urlopen(request).read()
    return json.loads(response)['access_token']


def get_transactions(client_access_token):
    request = urllib.request.Request(
        url=f"https://{hostname}/sampleTransactions/v1/transactions",
        method="GET",
        headers={
            "Accept": "application/json",
            "Authorization": f"Bearer {client_access_token}"
        }
    )
    response = urllib.request.urlopen(request).read()
    return json.loads(response)


if __name__ == '__main__':
    access_token = get_access_token(example_client_id, example_client_secret)
    transactions = get_transactions(access_token)
    print(transactions)
package com.ssc.eam.api;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Base64;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Client {
	
	public static void main(String[] args) throws Exception {
		
		String hostname            = "api.statestreet.com";
		String exampleClientId     = "example_id";
		String exampleClientSecret = "example_secret";
		
		String tokenUrl = "https://" + hostname + "/oauth/accesstoken";
		String apiUrl = "https://" + hostname + "/sampleTransactions/v1/transactions";
		
		String token = getAccessToken(tokenUrl, exampleClientId, exampleClientSecret);
		System.out.println("API Response: " + getAPIResponse(apiUrl, token));
		
	}
	
	private static String getAccessToken(String tokenUrl, String key, String secret) throws Exception{

	    String accessToken = "";
	    
    	URL url = new URL(tokenUrl);
    	HttpURLConnection connection = (HttpURLConnection) url.openConnection();
        connection.setRequestMethod("POST");
        connection.setDoOutput(true);
	    String authentication = Base64.getEncoder().encodeToString((key + ":" + secret).getBytes());
        connection.setRequestProperty("Authorization", "Basic " + authentication);
        connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        connection.setRequestProperty("Accept", "application/json");
        
        PrintStream os = new PrintStream(connection.getOutputStream());
        os.print("grant_type=client_credentials");
        os.close();
        
        int responseCode = connection.getResponseCode();
        StringBuffer response = new StringBuffer();
        if (responseCode == HttpURLConnection.HTTP_OK) { //success
        	response = getHttpResponse (connection.getInputStream());
			//log response
    		Pattern pat = Pattern.compile(".*\"access_token\"\\s*:\\s*\"([^\"]+)\".*");
            Matcher matcher = pat.matcher(response.toString());
            if (matcher.matches() && matcher.groupCount() > 0) {
            	accessToken = matcher.group(1);
            }
        	
        } else {
        	response = getHttpResponse (connection.getErrorStream());
			//log response
        	throw new Exception ("Authentication Failed.");
        }        
        connection.disconnect();
	    return accessToken;
	}

	
	 private static String getAPIResponse(String url,String authToken) throws Exception{	
		 	StringBuffer response = new StringBuffer();
	        URL obj = new URL(url);
	        String authHeaderValue = "Bearer " + authToken;

	        HttpURLConnection connection = (HttpURLConnection) obj.openConnection();
	        connection.setRequestMethod("GET");
	        connection.setRequestProperty("Authorization", authHeaderValue);
	        connection.setRequestProperty("Accept", "application/json");
	        connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
	        connection.setRequestProperty("User-Agent", "Java Client");
	        int responseCode = connection.getResponseCode();

	        if (responseCode == HttpURLConnection.HTTP_OK) { //success
	        	response = getHttpResponse (connection.getInputStream());
	        } else {
	        	response = getHttpResponse (connection.getErrorStream());
	        }
	        connection.disconnect();
	        return response.toString();
	    }
	 	
	 	private static StringBuffer getHttpResponse(InputStream in) throws IOException{
	 		StringBuffer response = new StringBuffer();
        	BufferedReader bfr = new BufferedReader(new InputStreamReader(in));
            String inputLine;
            while ((inputLine = bfr.readLine()) != null) {
                response.append(inputLine);
            }
            bfr.close();
            return response;
	 	}
	 

}

Potential Challenges

  • Connection timeout of no response received
  • Unable to retrieve Access Token (401 Unauthorized)
  • Retrieved Access Token, but unable to retrieve records (401 Unauthorized)

For support, email api-support@statestreet.com, call a Helpdesk, or engage your Client Service Manager.


Next Steps

You are ready to leverage API solutions

  • Develop solutions with common tools and languages
  • Learn more about how to configure and use OAuth Applications
  • Discover APIs within the API Catalog

For support, email api-support@statestreet.com, call a Helpdesk, or engage your Client Service Manager.