Questions / Answers
12 topic(s) found in the FAQ :
OAuth2 Hints 19 January 2018
The new OAuth2 authorisation mode
What is the new OAuth2 authorisation mode ?
The OAuth2 open standard for authorisation replaces the PKIs (that in volved certificates being accepted), significantly simplifying the way in which APIs can be accessed.
With OAuth2.0, a client application can access are source exposed as an API on be half of its owner via an access token for data hosted by a third party.
In practice, the client application sends the relevant credentials to the server which authenticates them and returns an access token.This access token is valid for aperiod of two hours.The application can then use this token to access the protected resource on the server hosting it.
For further information, click here to view the guide.
What does this mean for users ?
The new OAuth2 authorisation mode is transparent for the user.They no longer have to request certificates or perform any other operations.
All APIs hosted on the Data Portal can be accessed using this authorisation mode.
Video Tutorial 1 - Subscribing to an OAuth2 API 13 May 2020
This tutorial shows how to subscribe to an API, which requires an OAuth2 authentication
Video Tutorial 2 - Subscribing to a PKI API 13 May 2020
This tutorial shows how to subscribe to an API, which requires an authentication by PKI Certificate
Video Tutorial 4 - Getting an OAuth2 Token 13 May 2020
This tutorial shows how to get an OAuth2 token, needed to call OAuth2 APIs
Video Tutorial 5 - Calling an OAuth2 API 13 May 2020
This tutorial shows how to call an OAuth2 API :
- Finding the API URL in the User Guide,
- Creating your test in the SOAPUI tool,
- Setting the OAuth2 token in the header's request,
- Calling the API.
Video Tutorial 6 - Calling a PKI API 13 May 2020
This tutorial shows how to call a PKI API :
- Finding the API URL in the User Guide,
- Creating your test in the SOAPUI tool,
- Setting the PKI certificate token in SOAPUI,
- Calling the API.
Video Tutorial 3 - Visualize your Applications 13 May 2020
This tutorial shows how to visualize your applications, which represent your subscription to APIs, with their associated authentication data :
- Client ID/Client Secret for OAuth2 APIs,
- Certificate associated mail for PKI APIs.
API Hints 09 June 2020
APIs hosted on the Data Portal
What are the APIs available on the Data Portal ?
An API is an Application Programming Interface. An API is an interface – a contract entered into between two computer systems so that they can communicate. APIs provide access to other developers'data and functionality – either inside or outside of a company.
As far as the APIs exposed on the Data Portal are concerned, data is accessed in three stages :
• Users subscribe to the API via the DATA Portal so they can get access via Oauth2.
• They use the OAuth2 open authorisation standard (see corresponding sheet) provided by RTE so they can be issued with a token.
• This token is then used to query RTE’s IT system using web standards (REST/SOAP), in order to obtain the data.
Two types of API are hosted on the Data Portal :
• Open APIs : these provide everyone with access to production, consumption, interconnections and balancing data in near real time.
• Partner APIs : these provide clients with access to their own private metering data in near real time.They are symbolized by a padlock.
What impacts are there the first time they are used ?
In order to access data using the Partner APIs, you need to have entered into a public transmission network access contracts with RTE, and to have declared a primary administrator, who will be in charge of the user accounts for your company.
Interpreting the data sent by RTE (Partner APIs)
Each piece of information sent by RTE is now defined using a unique European identifier : the EIC Code (system of identification defined by the ENTSO-E). You can view the table showing what the equivalent associated EIC codes are for the current identifiers by clicking here.
PKI Hints 23 June 2020
PKI CERTIFICATE AUTHENTICATION
Accessing RTE API is subject to an identity control process of the machine or person requesting data. This OAuth2 authentication process is based on an identifier/password mechanism ("the credentials").
Some data, property of RTE's clients or partners, have a so high confidentiality level that an enforced internal mechanism for authorization control is set up : PKI certificates.
|Authentication:||Protection process set up to insure that RTE has verified the requester or responder's identity and that it's authorized to access the Information System, and to use applications.|
|Certificate:||Electronic document used to prove the ownership of a public key by the certificate owner. The certificate format complies to the UIT-T X.509 standard.|
|PKI:||A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to manage digital certificates and public-key encryption.|
Getting your PKI Certificate
You don't have an online account yet :
You are a client or a partner, but you don't have an online account, you first have to declare a primary administrator for your company (see FAQ).
You already have an online account :
You are a client or a partner, and you have an online account, you simply have to ask your primary administrator to fill in this form, in order to ask for your certificate *.
Your certificate will be identified by the Electronic address you'll fill in the Register the user of the access section.
Still in the form, for the API usage context, it is advised to tick the The user of the access is a robot chekbox, and to set a "non-nominative" Electronic address (the certificate will usually be presented by one of your own IT application, and not by a user). For example, you could set the email address of your team (be careful it is a working and valid address).
* There is no need to request for a PKI certificate if you alread have one for other RTE services (Customer Services Portal, Publication, NEB, etc).
"PKI" type Application
You can't subscribe to "PKI" API with a "Web" or "Mobile" type application.
Your subscriptions for "PKI" API will only be held by a "PKI" type application, on which you'll have to set the mail that identifies your certificate (see the "You already have an online account" previous section).
You can't create more than one "PKI" application associated with the mail of your certificate. You'll have to own several separate certificates if you want to create several "PKI" applications.
Therefore, it's usual to ask RTE for separate PKI certificates, if more than one of your own IT applications will consume RTE "PKI" API.
PKI Certificate Lifecycle
The certificate has a 3 years lifetime. Several weeks before this period ends, RTE will send you an email with information in order to renew it.
Please consider informing RTE when a certificate becomes useless (either the application using the certificate is obsolete, or the certificate user leave your company, etc). Contact RTE Hotline to revoke the certificate. It will no longer be valid for accessing your data.
SoapUI is an open source application that allows you to test Web Services or API calls. After downloading and installing SoapUI, you'll have to configure HTTPS calls with your client's certificate.
Follow these configuration steps :
1) Choose SoapUI Preferences...
2) ...change "SSL Settings"
In the Keystore and Keystore password set the path of your PKI Certificate file, with the associated password.
Click on the OK button.
How to Declare a Primary Administrator for your company 23 June 2020
How to declare a Primary Administrator for your company
Your company have to hold a contract with RTE and an EIC code (unique user ID). RTE provide you with a list ("Local EIC codes" tab) so you can check if you already have an EIC code. If you don't have one, you can get yours from RTE by filling in this form ("Form request" tab).
1. Contact your Account Manager
Request an access to the Data Portal.
2. You have received a message!
RTE sends an email with an activation link to the administrator you have chosen.
3. The administrator clicks on the link to complete the registration
The administrator chooses the password and agrees to the General Terms and Conditions of Use. The activation link is valid for 3 days. If it expires, contact your Account Manager to have a new one generated.
4. Access to the Portal!
Discover the APIs available and authorize other users for your company.
Primary Administrator : how to declare a user 23 June 2020
Primary Administrator : how to declare a user
Prerequisite: the administrator needs to have his account validated before declaring other users/administrators
1. The administrator accesses the user management interface
On the Data Portal, cick on this icon in the header to the right of his name.
2. The administrator clicks on « Add a collaborator »
If the employee has already created a public account, they must contact the hotline to have it attached.
3. The administrator fills in the form
On this form, fill in the user personal information, his role (developer or administrator) and set the user's password.
4. The user receives an email from RTE
The mail contains an activation link, to validate the account, valid for 3 days. Should it expire, the account is deleted and the administrator has to recreate the account by following this process.
The mail does not contain the password. At the same time, the administrator communicates the password to the user.
5. The user clicks on the link to activate his account
6. Access the Data Portal!
The user receives an email confirming that his account has been activated : he can then access the portal.
Links between API and Customer Portal's servlets 23 June 2020
You are an aware user of our Customer Portal (clients.rte-france.com), and you download data from this site using its servlets.
This following file lists the matching between the Customer Portal's servlets, the API exposed by the Data Portal, and the vizualisation pages on the Services Portal :