Authentication and Authorization
Authentication
The P6 REST API supports HTTP Standard base64 encoded (<Base64-Encoded-value-of-user-password>: The Base64 encoded value of "user:password" for a valid P6 user in the HTTP headers of their requests) authentication and SSL authentication.
Authentication using cURL
To authenticate using cURL, pass the username and password for your P6 account using the -H
cURL option:
curl -X POST "https://<hostName>:<portNumber>/p6ws/restapi/<service>?DatabaseName=orcl" -H "accept: */*" -H "authToken: Base64 encoded value of "user:password"
For example:
curl -X POST "https://localhost:7001/p6ws/restapi/login?DatabaseName=orcl" -H "accept: */*" -H "authToken: YWRtaW46YWRtaW4"
To authenticate using Node.js, pass the username and password for your P6 account using the auth
property of an HTTP request object:
//...Code omitted for emphasis var options = { hostname: "<hostName>", port: <portNumber>, method: 'POST', path: "/p6ws/restapi/<service>?DatabaseName=orcl", headers: { 'authToken': 'YWRtaW46YWRtaW4' } //...Code omitted for emphasis
For example:
//...Code omitted for emphasis var options = { hostname: "localhost", port: 7001, method: 'POST', path: "p6ws/restapi/login?DatabaseName=orcl", headers: { authToken': 'YWRtaW46YWRtaW4' } //...Code omitted for emphasis
Authorization
P6 provides security at the application level. The user account you specify when sending requests to the API must be authorized to access the application and the objects requested through the API endpoints. For example, to request user information from the /user?Fields=Name
endpoint, you must connect to the API using an account that is authorized to access the user with the specified ID value. If the account does not have authorization to access the contents of an API endpoint, the API will return a 401 or 404 response.
Refer to the Application Administration Guide for information on configuring user access to the application.