Access Token (v2-v3)
Download OpenAPI specification:Download
SEI uses OAuth 2.0, the authorization and authentication mechanism preferred in the industry. OAuth 2.0 ensures security by granting deliberate and verified permissions through API Keys. In order to be able to access API product endpoints, you must first authenticate by calling for an OAuth token.
SEI's API products have various environments available depending on your stage of integration. The server URL should correspond with the environment of your application.
Note For all Client applications, the Two-way TLS URL must be used. This is essential in order for the client server making API calls to establish a successful Two-Way SSL communication with SEI.
An application making Investment Manager Services (IMS) API Requests from a Client/Server or Server/Server type of infrastructure will leverage the grant_type client_credentials while minting an oAuth from the Token API. The oAuth has a 60 minutes active TTL and 30 minutes inactive TTL. The OAuth obtained from client_credentials cannot be refreshed.
header Parameters
Authorization required | string Example: aD5hypOjp9YYMxYBEix8Rluatan7bY0w4vWLjfqOT4cHrLAFthQGEJj1W820fPL92e== The Base64 encoded form of the AppKey:AppSecret provided during application registration. |
Content-Type required | string Example: application/x-www-form-urlencoded Request content type. The valid value is application/xxx-form-urlencoded. |
Request Body schema: application/x-www-form-urlencoded
username | string The Siteminder service account userid that is used to mint the OAuth Token. |
password | string The Siteminder service account password that is used to mint the OAuth Token. |
grant_type | string Enum: "client_credentials" "password" "refresh_token" "sessionToken" "invalidate_token" OAuth 2.0 grant types available depending on the characteristics of the authorization required. client_credentials For use for a Client/Server or Server/Server application. password For use for an internal, user-defined application. refresh_token The Apigee refresh token. The OAuth obtained from client_credentials cannot be refreshed. sessionToken The IDP Siteminder session token. invalidate_token |
Responses
Request samples
- cURL
curl --location --request POST \ 'https://test.mtls.api.seic.com/v2/oauthtoken' \ --header 'Authorization: aD5hypOjp9YYMxYBEix8Rluatan7bY0w4vWLjfqOT4cHrLAFthQGEJj1W820fPL92e==' \ --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'username=jsmith' \ --data-urlencode 'password=mypassword123!'
Response samples
- 200
- 401
{- "refresh_token_expires_in": "0",
- "api_product_list": "[Investors]",
- "api_product_list_json": [
- "Investors"
], - "organization_name": "sei",
- "developer.email": "jsmith@seic.com",
- "token_type": "BearerToken",
- "issued_at": "1529525648451",
- "client_id": "ADsgdnnkjnfdIKJN",
- "access_token": "QxHKdx0nk2i",
- "application_name": "21c2fcd4-03ed-48815cf168",
- "scope": "",
- "expires_in": "3599",
- "refresh_count": "0",
- "status": "approved"
}
An application making SEI API Requests from a Client/Server or Server/Server type of infrastructure will leverage the grant_type client_credentials while minting an oAuth from the Token API. The oAuth has a 60 minutes active TTL and 30 minutes inactive TTL. The oAuth obtained from client_credentials cannot be refreshed.
header Parameters
Authorization required | string Example: aD5hypOjp9YYMxYBEix8Rluatan7bY0w4vWLjfqOT4cHrLAFthQGEJj1W820fPL92e== The Base64 encoded form of the AppKey:AppSecret provided during application registration. |
Content-Type required | string Example: application/x-www-form-urlencoded Request content type. The valid value is application/xxx-form-urlencoded. |
Request Body schema: application/x-www-form-urlencoded
username | string The Siteminder service account userid that is used to mint the OAuth Token. |
password | string The Siteminder service account password that is used to mint the OAuth Token. |
grant_type | string Enum: "client_credentials" "password" "refresh_token" "sessionToken" "invalidate_token" OAuth 2.0 grant types available depending on the characteristics of the authorization required. client_credentials For use for a Client/Server or Server/Server application. password For use for an internal, user-defined application. refresh_token The Apigee refresh token. The OAuth obtained from client_credentials cannot be refreshed. sessionToken The IDP Siteminder session token. invalidate_token |
Responses
Request samples
- cURL
curl --location --request POST \ 'https://test.mtls.api.seic.com/v2/oauthtoken' \ --header 'Authorization: aD5hypOjp9YYMxYBEix8Rluatan7bY0w4vWLjfqOT4cHrLAFthQGEJj1W820fPL92e==' \ --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'username=jsmith' \ --data-urlencode 'password=mypassword123!'
Response samples
- 200
- 401
{- "refresh_token_expires_in": "0",
- "api_product_list": "[Investors]",
- "api_product_list_json": [
- "Investors"
], - "organization_name": "sei",
- "developer.email": "jsmith@seic.com",
- "token_type": "BearerToken",
- "issued_at": "1529525648451",
- "client_id": "ADsgdnnkjnfdIKJN",
- "access_token": "QxHKdx0nk2i",
- "application_name": "21c2fcd4-03ed-48815cf168",
- "scope": "",
- "expires_in": "3599",
- "refresh_count": "0",
- "status": "approved"
}
Authorization Code Flow with Proof Key for Code Exchange (PKCE) uses the Authorization Code grant type. And it is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
query Parameters
client_id required | string The App Key or Consumer Key provided during Application Registration. |
response_type required | string The format in which Auth code is required. |
redirect_uri required | string The url to which the code needs to be re-directed. |
code_challenge required | string The value for code challenge encrypted in the format provided in 'code_challenge_method'. |
code_challenge_method required | string The encoding used to convert the 'code_challenge'. |
header Parameters
Content-Type required | string Request content type. The valid values are application/xxx-form-urlencoded. |