Security
The RISE API is SSL-enabled, accessible via https.
The RISE API implements the OAuth 2.0 authorization protocol and requires that you authenticate in order to use any of its endpoints. The client credentials flow is the only supported authorization flow for the time being. To obtain these client credentials, please contact Milliman FRM.
How to request a token
Tokens can be obtained by calling one of the following endpoints:
- http://www.riseapi.com/token (production environment)
- http://test.riseapi.net/connect/token (test environment)
To request a token you will need to invoke one of the above endpoints, passing the following form fields using the x-www-form-urlencoded content type:
- grant_type = “client_credentials”
- client_id = <YOUR CLIENT_ID>
- client_secret = <YOUR CLIENT_SECRET>
Once issued, tokens will expire in 1 hour. After this expiry, you are able to re-request additional tokens using the same method above.
It is advised that you perform the above token request on the server-side of your application so that your credentials are not made public.
HTTP example
An example HTTP request to obtain a token using the client credentials authorization flow:
POST /connect/token HTTP/1.1
Host: test.riseapi.net
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<YOUR CLIENT_ID>
&client_secret=<YOUR CLIENT_SECRET>
JavaScript example
An example AJAX call to obtain a token using the client credentials authorization flow:
$.ajax({
type: "post",
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
url: "https://test.riseapi.net/connect/token",
data: $.param({
grant_type: "client_credentials"
client_id: "YOUR CLIENT_ID",
client_secret: "YOUR CLIENT_SECRET",
}),
success: function (value) {
// Store/save the json token response (this just prints it out)
console.log(JSON.stringify(value, null, '\t'));
}
});
Token response
If authentication is successful, the server will respond with a JSON object containing the “token_type”, “access_token” and “expires_in” fields. The “token_type” and “access_token” is what is used to authenticate with subsequent calls to the API. “expires_in” is the number of seconds the token is valid for.
An example response from the authorization server:
{
"token_type": "Bearer",
"access_token": "CfDJ8D5qXoEybC9MowhLCWdLA8kTtM7RNSeEdTJs2_c0Wkapdik31hrOsS1_yXHzb0JcTh8XA-7ZF8qkdUXFbsXUfG-RF2nHZj8z_IhMtevu5xyOaTNIz_Jq-m3FREjR5XyZ67nl3-UcHJUDKREEYopjDgl-aLCS6N5cKLxFuzjVhkKTJM0v_rEdnjXMgRQIEJP6AfoVxohlcqirZOCZuq6lZihfWXCRHUjWYvTlj4GvNBlBRE3YjrfnOQAMOyklTMUypXBB9N8nxAWT3XI_yybl6hESBTo-sVBV8VTILRSxhyg_Dww4WbgFI_Ct1dMVlUmlE93ji3kFgHi9wLZWslCwqjSbnoMXS0jy9kEWGBBYkskMjWJZgxYGenQCNSnqTiWOiDtS52Ci1kgg-7hoN-QYh_CTqL8UFWve5pEsUGZphkn1-0ZH0KRl7_pCkutduyIu7sD1sVYZT0kSh8lgpJtIPU-Jb6nbx57gu72ho8zlY4sE",
"expires_in": 3600
}
How to use the token
To use the token, you will need to pass it along with any subsequent requests as an Authorization header in the form of
Authorization: <token_type> <access_token>
HTTP example
An example HTTP request passing the required access token:
POST /api/method HTTP/1.1
Host: test.riseapi.net
Authorization: Bearer CfDJ8D5qXoEybC9MowhLCWdLA8kTtM7RNSeEdTJs2_c0Wkapdik31hrOsS1_yXHzb0JcTh8XA-7ZF8qkdUXFbsXUfG-RF2nHZj8z_IhMtevu5xyOaTNIz_Jq-m3FREjR5XyZ67nl3-UcHJUDKREEYopjDgl-aLCS6N5cKLxFuzjVhkKTJM0v_rEdnjXMgRQIEJP6AfoVxohlcqirZOCZuq6lZihfWXCRHUjWYvTlj4GvNBlBRE3YjrfnOQAMOyklTMUypXBB9N8nxAWT3XI_yybl6hESBTo-sVBV8VTILRSxhyg_Dww4WbgFI_Ct1dMVlUmlE93ji3kFgHi9wLZWslCwqjSbnoMXS0jy9kEWGBBYkskMjWJZgxYGenQCNSnqTiWOiDtS52Ci1kgg-7hoN-QYh_CTqL8UFWve5pEsUGZphkn1-0ZH0KRl7_pCkutduyIu7sD1sVYZT0kSh8lgpJtIPU-Jb6nbx57gu72ho8zlY4sE
...
JavaScript example
An example AJAX call passing the required access token:
$.ajax({
type: "post",
headers: { 'Authorization': 'CfDJ8D5qXoEybC9MowhLCWdLA8kTtM7RNSeEdTJs2_c0Wkapdik31hrOsS1_yXHzb0JcTh8XA-7ZF8qkdUXFbsXUfG-RF2nHZj8z_IhMtevu5xyOaTNIz_Jq-m3FREjR5XyZ67nl3-UcHJUDKREEYopjDgl-aLCS6N5cKLxFuzjVhkKTJM0v_rEdnjXMgRQIEJP6AfoVxohlcqirZOCZuq6lZihfWXCRHUjWYvTlj4GvNBlBRE3YjrfnOQAMOyklTMUypXBB9N8nxAWT3XI_yybl6hESBTo-sVBV8VTILRSxhyg_Dww4WbgFI_Ct1dMVlUmlE93ji3kFgHi9wLZWslCwqjSbnoMXS0jy9kEWGBBYkskMjWJZgxYGenQCNSnqTiWOiDtS52Ci1kgg-7hoN-QYh_CTqL8UFWve5pEsUGZphkn1-0ZH0KRl7_pCkutduyIu7sD1sVYZT0kSh8lgpJtIPU-Jb6nbx57gu72ho8zlY4sE' },
url: "https://test.riseapi.net/api/method",
...
});