HTTP Basic Authentication and HTTPS
HTTP Basic Authentication
The Primavera Data Service uses HTTP basic authentication to authenticate requests. To authenticate using HTTP Basic Authentication, clients must provide the username and password of a valid Primavera user in the HTTP headers of their requests. Many tools and programming languages that support HTTP, such as curl and Java, provide mechanisms and abstractions for providing HTTP basic authentication data.
HTTPS
All requests to the data service must be sent over HTTPS, which ensures sensitive data, such as the username and password used to authenticate your requests, is encrypted. The HTTPS protocol utilizes Transport Layer Security (TLS) to prevent third parties from accessing data as it is transmitted. Servers provide authorized certificates in order to authenticate their identity over HTTPS connections. Tools such as curl and modern web browsers verify the integrity of the server certificates before sending request data over HTTPS in order to guarantee your data is sent to your intended recipient. Oracle Primavera does not support insecure connections over HTTP. The combination of HTTP Basic Authentication and the HTTPS protocol provides a convenient way to authenticate your requests to the data service while assuring your sensitive data remains secure.
Authentication Using curl
To authenticate using curl, pass the username and password for your Primavera account using the -u curl option:
Note: Text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation. For example, replace the <username> variable with your username.
curl -u <username>:<password> -H "Accept:application/json" -X GET https://<url>/sync/rest-service/dataservice/<endpoint>
The variables in the previous example should be replaced with the following information when accessing the data service:
- <username>: The username of an application user. This user will be used to access the data service and must be assigned the application administrator privilege to access application data. For example, jsmith.
- <password>: The password associated with the user account used to access the data service.
- <url>: The URL provided to you when the application was deployed.
- <endpoint>: A valid data service endpoint, excluding the data service base URL. See: Summary of Available Endpoints
Authentication Using Java
To use HTTP basic authentication with Java, you must convert your username and password to a base64 encoded string.
The following Java snippet demonstrates how to authenticate using HTTP basic authentication with Java:
import java.io.ByteArrayOutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.nio.charset.Charset;
public class SampleProgram {
private String userName = "<username>";
private char[] password = new char[] { /*<password characters>*/ };
// ...code omitted for clarity
private String callRestURL(String restUrl, String method, String version) throws Exception {
HttpURLConnection conn = null;
try {
// ...code omitted for clarity
char userCredentials[] = new char[userName.length() + 1 + password.length];
System.arraycopy((userName + ":").toCharArray(), 0, userCredentials, 0, userName.length() + 1);
System.arraycopy(password, 0, userCredentials, userName.length() + 1, password.length);
String base64Credentials = javax.xml.bind.DatatypeConverter.printBase64Binary(charToBytes(userCredentials));
String basicAuth = "Basic " + base64Credentials;
conn.setRequestProperty("Authorization", basicAuth);
// ...code omitted for clarity
} catch (Exception e) {
// ...code omitted for clarity
}
return "";
}
public byte[] charToBytes(char[] credentials) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
OutputStreamWriter osw = new OutputStreamWriter(baos, Charset.forName("UTF-8").newEncoder());
PrintWriter writer = new PrintWriter(osw);
writer.print(credentials);
writer.close();
return baos.toByteArray();
}
}