LLM-ready API
Python Library
Authentication

Authentication

The Kensho LLM-ready API supports three methods of authentication:

  1. Browser Login
  2. Refresh Token
  3. Public/Private Key

Email commercial@kensho.com to obtain LLM-ready API Okta credentials.

Browser Login

This method is not applicable when working on a remote machine without direct access to a browser window and is not advisable for use in production workflows.

Browser login is a convenient way to quickly get started using the LLM-ready API and is available in the kFinance Python Library by executing the following code:

client = Client()

A browser window will open prompting Okta sign-in with LLM-ready API Okta credentials. Use the email address associated with the trial credentials as the username.

Refresh Token

Refresh tokens are not recommended for production workflows. Refresh tokens expire after 7 days and were designed for scenarios where a human is in the loop to re-authenticate when needed. For production use cases, use public-private keypair authentication instead.

Refresh tokens can be used for authentication in the Python Library and when making API calls directly during testing and development.

To authenticate with a refresh token:

  1. Navigate to LLM-ready API Manual Login (opens in a new tab)
  2. Log in with your LLM-ready API Okta credentials
  3. Copy the refresh token
  4. Use the refresh token to authenticate your API requests.
client = Client(refresh_token="your_refresh_token_here")

Public/Private Key

Public/Private keypair authentication is recommended when using Kensho APIs for production use cases. While it requires some additional setup, this method is the most secure and easy way to use Kensho APIs in the long term.

Authenticating with keys requires a number of steps:

  1. Generate a keypair.
  2. Send Kensho your public key.
  3. Obtain an access token.

Generating an RSA keypair

In this guide, we will use the OpenSSL (opens in a new tab) library, which is available on Unix systems (which includes Macs). First, open a terminal and generate a 2048-bit private key:

openssl genrsa -out private.pem 2048

Next, extract the public key:

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Send Kensho your public key

Important note

Do not send us your private key! While your public key and Client ID are not secret, your private key should not be shared outside of your organization.

Email support@kensho.com the following information:

  1. Your PEM encoded public key as an attachment.
  2. That you would like to be added to the users_kfinance group.

We will respond with your Client ID. You will need this ID in the following step. While typical response times are quick, please allow up to three business days for us to process your request.

Using Your Keypair

Once you have obtained your public/private keypair, you can use it with the kFinance Python Library. Load your private key from the PEM file and initialize the client:

with open('path/to/private.pem', 'rb') as key_file:
    private_key = key_file.read()
 
client = Client(client_id="your_client_id_here", private_key=private_key)

Obtaining an Access Token

Once the client has been initialized and authenticated, you can fetch the access token from the client through the access_token attribute.

access_token = client.access_token