By continuing to browse this site you are agreeing to our use of cookies, which help us provide appropriate content and collect visit statistics. Find out more.

FAQ

Questions / Answers

6 topic(s) found in the FAQ :

PKI Hints 23 January 2019

PKI CERTIFICATE AUTHENTICATION

Introduction

 

Accessing RTE API is subject to an identity control process of the machine or person requesting data. This OAuth2 authentication process is based on an identifier/password mechanism ("the credentials").

Some data, property of RTE's clients or partners, have a so high confidentiality level that an enforced internal mechanism for authorization control is set up : PKI certificates.

 

Definitions

 

Authentication: Protection process set up to insure that RTE has verified the requester or responder's identity and that it's authorized to access the Information System, and to use applications.
Certificate: Electronic document used to prove the ownership of a public key by the certificate owner. The certificate format complies to the UIT-T X.509 standard.
PKI: A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to manage digital certificates and public-key encryption.

 

Getting your PKI Certificate

 

You don't have an online account yet :

You are a client or a partner, but you don't have an online account, you first have to declare a primary administrator for your company (see FAQ).

 

You already have an online account :

You are a client or a partner, and you have an online account, you simply have to ask your primary administrator to fill in this form, in order to ask for your certificate *.
Your certificate will be identified by the Electronic address you'll fill in the Register the user of the access section.

 

Still in the form, for the API usage context, it is advised to tick the The user of the access is a robot chekbox, and to set a "non-nominative" Electronic address (the certificate will usually be presented by one of your own IT application, and not by a user). For example, you could set the email address of your team (be careful it is a working and valid address).

 

* There is no need to request for a PKI certificate if you alread have one for other RTE services (Customer Services Portal, Publication, NEB, etc).

 

"PKI" type Application

 

You can't subscribe to "PKI" API with a "Web" or "Mobile" type application.
Your subscriptions for "PKI" API will only be held by a "PKI" type application, on which you'll have to set the mail that identifies your certificate (see the "You already have an online account" previous section).

You can't create more than one "PKI" application associated with the mail of your certificate. You'll have to own several separate certificates if you want to create several "PKI" applications.

Therefore, it's usual to ask RTE for separate PKI certificates, if more than one of your own IT applications will consume RTE "PKI" API.

 

PKI Certificate Lifecycle

 

The certificate has a 3 years lifetime. Several weeks before this period ends, RTE will send you an email with information in order to renew it.


Please consider informing RTE when a certificate becomes useless (either the application using the certificate is obsolete, or the certificate user leave your company, etc). Contact RTE Hotline to revoke the certificate. It will no longer be valid for accessing your data.

 

SoapUI example

 

SoapUI is an open source application that allows you to test Web Services or API calls. After downloading and installing SoapUI, you'll have to configure HTTPS calls with your client's certificate.

 

Follow these configuration steps :


1) Choose SoapUI Preferences...


2) ...change "SSL Settings"
In the Keystore and Keystore password set the path of your PKI Certificate file, with the associated password.
Click on the OK button.

 

Primary Administrator : how to declare a user 22 January 2018

API Hints 09 October 2017

APIs hosted on the Data Portal

 

What are the APIs available on the Data Portal ?

 

An API is an Application Programming Interface. An API is an interface a contract entered into between two computer systems so that they can communicate. APIs provide access to other developers'data and functionality – either inside or outside of a company.

 

As far as the APIs exposed on the Data Portal are concerned, data is accessed in three stages :

• Users subscribe to the API via the DATA Portal so they can get access via Oauth2.

• They use the OAuth2 open authorisation standard (see corresponding sheet) provided by RTE so they can be issued with a token.

• This token is then used to query RTE’s IT system using web standards (REST/SOAP), in order to obtain the data.

 

Two types of API are hosted on the Data Portal :

 

• Open APIs : these provide everyone with access to production, consumption, interconnections and balancing data in near real time.

• Partner APIs : these provide clients with access to their own private metering data in near real time.They are symbolized by a padlock.

 

What impacts are there the first time they are used ?

 

In order to access data using the Partner APIs, you need to have entered into a public transmission network access contracts with RTE, and to have declared a primary administrator, who will be in charge of the user accounts for your company.

 

Interpreting the data sent by RTE (Partner APIs)

 

Each piece of information sent by RTE is now defined using a unique European identifier : the EIC Code (system of identification defined by the ENTSO-E). You can view the table showing what the equivalent associated EIC codes are for the current identifiers by clicking here.

 

OAuth2 Hints 19 January 2018

The new OAuth2 authorisation mode

 

 

What is the new OAuth2 authorisation mode ?

 

The OAuth2 open standard for authorisation replaces the PKIs (that in volved certificates being accepted), significantly simplifying the way in which APIs can be accessed.

With OAuth2.0, a client application can access are source exposed as an API on be half of its owner via an access token for data hosted by a third party.

In practice, the client application sends the relevant credentials to the server which authenticates them and returns an access token.This access token is valid for aperiod of two hours.The application can then use this token to access the protected resource on the server hosting it.

For further information, click here to view the guide.

 

What does this mean for users ?

 

The new OAuth2 authorisation mode is transparent for the user.They no longer have to request certificates or perform any other operations.

All APIs hosted on the Data Portal can be accessed using this authorisation mode.

Links between API and Customer Portal's servlets 22 January 2018

You are an aware user of our Customer Portal (clients.rte-france.com), and you download data from this site using its servlets.

 

This following file lists the matching between the Customer Portal's servlets and the API exposed by the Data Portal:

How to Declare a Primary Administrator for your company 10 October 2017