Core Structural Modernization: WSO has rolled out comprehensive operational enhancements to its enterprise-wide technical infrastructure to guarantee complete compliance alignment with S&P Global's harmonized Information Security Standards. Legacy authentication mechanisms utilizing local database keys are fully deprecated.
New Multi-Tier Authentication Matrix:
- User-to-API Pipelines (Individual Queries): Individual clients must execute interaction sequences using a unique **Personal Access Token (PAT)** issued directly via the S&P Secure Access Management (SAM) platform. Tokens can be managed as a self-service item at
https://mvprofile.ihsmarkit.com, must maintain a maximum validity lifetime of 90 days, and require permissions specifically mapped to theWSOAPIandWSOWebReportingAPIscopes. - Machine-to-Maching Pipelines (Programmatic Daemons): Server-to-server integrations require secure **Client Credentials** dynamically authenticated against an **Amazon Cognito** identity service manager. Company Administrators can generate these programmatic tokens via the core WebAdmin panel by triggering the Request New Cognito Client module. WSO architectural guidelines highly recommend executing an updated Client ID & Client Secret rotation protocol every 90 days. Credentials can only be generated or regenerated once per rolling calendar day.
Header Evaluation & API Gateway Handshake: All downstream incoming transactional payloads now route through an integrated **API Security Gateway**. Programmatic applications must append the standard HTTP Authorization: Basic <Base64-string> string along with a designated grant_type: client_credentials parameter inside the request metadata. Individual query transactions require mapping the target WSO user configuration using an explicit X-Profile string declaration passed concurrently inside the request headers.