Before issuing any requests against a Direct+ endpoint, you must obtain an Access Token. Once an Access Token is obtained, the same token should be used for all subsequent requests for the next 24 hours, after which, a new token should be generated. If you have not already received a consumer key and secret, contact your Dun & Bradstreet representative. Once you have the consumer key and secret you can begin using the API.
IMPORTANT: Your consumer key, consumer secret, and token should be considered as sensitive as a password, and must be used only by authorized parties as stated in the D&B Direct+ API agreement.
D&B Direct+ API calls utilize access tokens, generated from a consumer key/secret combination, for authentication (based on the Client Credentials Grant flow of the OAuth 2 specification). Here is a sample of a Consumer Key and Consumer Secret.
Note: These are not valid credentials.
To see the request code, press the Code link; it should look similar to the following:
POST /v3/token HTTP/1.1
Host: plus.dnb.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic yourEncodedKey
Cache-Control: no-cache
grant_type=client_credentials
Press Send. In the response, the value in place of "yourAccessToken", excluding the quotes, is the token you need to perform further calls.
{"access_token":"yourAccessToken","expires_in":86400, "token_type": "Bearer"}
Base64 encode the key and secret, in the format key:secret
For example, the sample values would yield the following encoded credential value:- UXQ2WUdZcFh2R2Z4V0FsUkhoNVdNNDZNc2I3NldLTnc6Y25oOFRDOVNlemxkM2M4NA==
Paste your D&B Direct+ Consumer Key and Secret in the format key:secret provided to you when you registered for access to the Direct+ API into the text box field and click on 'Generate' button.
Exchange credentials for a token. An application makes a request to the POST https://plus.dnb.com/v3/token endpoint to exchange these credentials for a bearer token.
Below are the list of Error and Information Codes supported for Authentication v3 API
HTTP Code | error | Description |
---|---|---|
400 | invalid_request | A required parameter is missing or a parameter value is missing/invalid value. Potential issues: - Request missing required Header parameter: 'Authorization'. ErrorCode: 05007. - Request missing required element: 'grant_type'. ErrorCode: 05007. - 'Authorization' Header parameter contains Invalid value. ErrorCode: 10002. - Invalid HTTP method for the request. ErrorCode: 00009. - Additional parameters found in the request. ErrorCode: 10002. - Request missing required Header parameter: 'Content-Type'. ErrorCode: 05007. - Invalid Content-Type for the request. ErrorCode: 00009. |
400 | invalid_grant | Request grant_type is incorrect. Potential issues: - Request grant_type is incorrect. The grant_type must be "client_credentials". ErrorCode: 00006. - Repeated grant type is found in the request". ErrorCode: 10002. |
401 | invalid_client | The supplied credentials are not valid or contract issue. Potential issues: - The supplied credentials are not valid; please verify and try again. ErrorCode: 00041. - The contract for this subscriber has either not started or has expired. Please contact Dun & Bradstreet customer support. ErrorCode: 00005. Note : HTTP Header will be populated with WWW-Authenticate: Basic realm="Access to the Direct+ API", charset="UTF-8" |
404 | invalid_request | Potential issues: - Requested resource not found. Please retry with a correct URL. ErrorCode: 00038. |
429 | access_denied | Potential issues: - Customer transactions per second limit has been reached. Requests should be submitted at a slower pace. ErrorCode: 00046. |
500 | server_error | Potential issues: - Internal server error. Resubmit request. ErrorCode: 00035. |
It is the customer's responsibility to treat their credentials as confidential and ensure that access is limited to personnel who develop the applications that will integrate D&B data. Password expiration, forced change and/or lockout rules are not implemented as part of this API.
Customers who would like to change the password associated with a specific API username should contact D&B Customer Support. Note, changes to passwords will go into effect immediately. An industry standard hashing algorithm is used for encryption and storage of passwords.
Generally, once an Authentication Token is obtained, the same token should be used for all subsequent requests for the next 24 hours, after which, a new token should be generated using the Authentication Service. Various scenarios may invalidate a generated token before the 24 hour period, such as, release updates, disaster recovery, or contract expiration. Please use the following information for taking further action based on response codes returned from services.
HTTP Status Code | errorCode | errorMessage | Advised Action |
---|---|---|---|
401 | 00040 | Access token expired | Generate a new token once using the Authentication Service. If the same error occurs while generating a new token, please contact D&B Customer Support. |
401 | 00041 | Invalid credentials | Generate a new token once using the Authentication Service. If the same error occurs while generating a new token, please contact D&B Customer Support. |
401 | 00004 | You are not currently authorised to access this product. Please contact your D&B account representative | Generate a new token once using the Authentication Service. If the same error occurs while generating a new token, please contact D&B Customer Support. |
401 | 00005 | This request was issued outside the contract start/end date | Contact D&B Customer Support |
401 | 00012 | Contract data not found | Contact D&B Customer Support |
401 | 00014 | There is an issue with the subscriber record. Please contact Dun & Bradstreet customer support. | Contact D&B Customer Support |
429 | 00045 | Too Many Requests | Subsequent requests are blocked when exceeding the set limit and time frame defined per customer contract. Please wait a moment and try again using the same token. |
429 | 00046 | Too Many Requests | Subsequent requests are blocked when exceeding the set limit and time frame defined per customer contract. Please wait a moment and try again using the same token. |
429 | 00047 | Too Many Requests | Subsequent requests are blocked when exceeding the set limit and time frame defined per customer contract. Please wait a moment and try again using the same token. |
429 | 00050 | You have reached your allocated transaction quota. | Subsequent requests are blocked when exceeding the set limit and time frame defined per customer contract. Please wait a moment and try again using the same token. |