Authentication and Authorization

Authentication

The P6 REST API supports HTTP Standard base64 encoded (<Base64-Encoded-value-of-user-password>: The Base64 encoded value of "user:password" for a valid P6 user in the HTTP headers of their requests) authentication and SSL authentication.

Authentication using cURL

To authenticate using cURL, pass the username and password for your P6 account using the -H cURL option:

curl -X POST "https://<hostName>:<portNumber>/p6ws/restapi/<service>?DatabaseName=orcl" -H "accept: */*" -H "authToken: Base64 encoded value of "user:password"
		

For example:

curl -X POST "https://localhost:7001/p6ws/restapi/login?DatabaseName=orcl" -H "accept: */*" -H "authToken: YWRtaW46YWRtaW4"
		

To authenticate using Node.js, pass the username and password for your P6 account using the auth property of an HTTP request object:

//...Code omitted for emphasis 
      var options = { 
          hostname: "<hostName>", 
          port: <portNumber>, 
          method: 'POST', 
          path: "/p6ws/restapi/<service>?DatabaseName=orcl", 
          headers: { 
          'authToken': 'YWRtaW46YWRtaW4' 
        } 
      //...Code omitted for emphasis
		

For example:

//...Code omitted for emphasis 
      var options = { 
          hostname: "localhost", 
          port: 7001, 
          method: 'POST', 
          path: "p6ws/restapi/login?DatabaseName=orcl", 
          headers: { 
          authToken': 'YWRtaW46YWRtaW4' 
        } 
      //...Code omitted for emphasis
		

Authorization

P6 provides security at the application level. The user account you specify when sending requests to the API must be authorized to access the application and the objects requested through the API endpoints. For example, to request user information from the /user?Fields=Name endpoint, you must connect to the API using an account that is authorized to access the user with the specified ID value. If the account does not have authorization to access the contents of an API endpoint, the API will return a 401 or 404 response.

Refer to the Application Administration Guide for information on configuring user access to the application.