URM Username & Password

Authentication and authorization

When calling APIs, participants authenticate their identity using Basic Authentication — passing their URM username and password.

The username and password is provided by your company’s participant administrator (PA) and is encoded into a Base64 authorisation token. To do this you need an application such as Postman (for help, see https://www.getpostman.com/).

User Rights Access

For access to APIs, participant administrators select the relevant entity in the MSATS “Maintain Rights” menu and assign the right to their participant users.

For example, the entity required for the Generator Recall APIs is:

  • EMMS - Offers and Submissions - Generator Recall

For help with user access rights, see: Guide to User Rights Management


The HTTP Basic authentication header takes the following format: Authorization: Basic {Base64 hash of user:password}, for example:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Changing Password

The identityService API allows Participant Users to reset their password for a specific Participant ID account. Passwords expire every 90 days but you can reset your password any time, even after the expiry date (provided the account has not been locked due to multiple incorrect password attempts, which will require the PA to reset).

Your user ID and password is the same one for all participant IT system, MSATS, EMMS, NOS, and OPDMS so changing your password in one system, changes it for all.