Every call made to the LUSID API must be authorised by an API access token.
You can call the LUSID REST API directly, or perhaps more conveniently using the LUSID SDK (available in multiple languages and frameworks). The SDK has helper classes that automate the process of obtaining an API access token and refreshing it upon expiry.
To enable the SDK to obtain an API access token, you must pass in your LUSID username and password, client ID and client secret, and dedicated Okta token URL using one of the following methods.
Using a secrets file
You can store your LUSID username, password, client ID and client secret in a file on disk and make it available to the SDK. To do this:
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and access > Applications.
- On the Applications dashboard, click the View icon for an appropriate application. See how to create an application.
- In the Export credentials area, make sure Secrets file is selected and copy the data to the clipboard:
- Paste the data into a local file such as
secrets.json
, supplying the user's actual LUSID password instead of<password>
.
Note: If you want to use a long-lived personal access token (PAT) instead of a short-lived (and more secure) Okta token, replace the tokenUrl
field with an accessToken
field and PAT as the value.
The following script demonstrates passing the secrets file into v2 of the LUSID Python SDK and calling the InstrumentsApi.list_instruments method (amending secrets_path
if necessary):
# Setup: import lusid, pprint from lusid.extensions import ( SyncApiClientFactory, ArgsConfigurationLoader, SecretsFileConfigurationLoader ) from lusidjam import RefreshingToken # Authenticate: secrets_path = "secrets.json" config_loaders=( ArgsConfigurationLoader(access_token = RefreshingToken(), app_name="My-app-name"), SecretsFileConfigurationLoader(secrets_path) ) api_factory = SyncApiClientFactory(config_loaders=config_loaders) # Build Instrument API and list instruments: instruments_api = api_factory.build(lusid.InstrumentsApi) response = instruments_api.list_instruments pprint.pprint(response.to_dict()["values"])
Using environment variables
You can store your LUSID username, password, client ID and client secret as environment variables and make them available to the SDK. To do this:
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and access > Applications.
- On the Applications dashboard, click the View icon of an appropriate application. See how to create an application.
- In the Export credentials area, make sure Env variables for either Linux or Windows is selected and copy the data to the clipboard:
- Run the commands sequentially in an appropriate shell to set those environment variables, supplying the user's actual LUSID password instead of
<password>
forFBN_PASSWORD
.
Note: If you want to use a long-lived personal access token (PAT) instead of a short-lived (and more secure) Okta token, export the FBN_ACCESS_TOKEN
variable with the PAT instead of FBN_TOKEN_URL
.
The following script demonstrates passing pre-set environment variables into v2 of the LUSID Python SDK and calling the InstrumentsApi.list_instruments method:
# Setup: import lusid, pprint from lusid.extensions import ( SyncApiClientFactory, ArgsConfigurationLoader, EnvironmentVariablesConfigurationLoader ) from lusidjam import RefreshingToken # Authenticate: config_loaders=( ArgsConfigurationLoader(access_token = RefreshingToken(), app_name="My-app-name"), EnvironmentVariablesConfigurationLoader(), ) api_factory = SyncApiClientFactory(config_loaders=config_loaders) # Build Instrument API and list instruments: instruments_api = api_factory.build(lusid.InstrumentsApi) response = instruments_api.list_instruments(limit=1) pprint.pprint(response.to_dict()["values"])