CME Group is committed to providing the highest levels of market integrity, including the security of CME Group and adjacent ecosystems. Effective Saturday, October 30, access to OAuth authenticated services will require a case-sensitive API ID on all requests.

Currently, the following services use OAuth authentication:

  • Reference Data API
  • CME GC Allocator API

To avoid any service interruptions, please verify all applications, scripts and services are using the API ID case (uppercase and/or lowercase) registered with CME Group.

To verify or modify the case of an existing API ID, use your CME Group Login to access the CME Customer Center, then select the User icon > My Profile > API Management tab.

OAuth is an open protocol that allows secure authorization in a simple and standard method from web, mobile and desktop applications. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.

Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.