1. Get StartedP6 EPPM Rest API
  2. Security
  3. HTTP Standard Authentication and HTTPS (Traditional)

HTTP Standard Authentication and HTTPS (Traditional)

HTTP Standard Authentication

The API uses HTTP standard authentication to authenticate requests. To authenticate using HTTP standard authentication, clients must provide the base64 encoded username and password of a valid P6 user in the HTTP headers of their requests. Many tools and programming languages that support HTTP, such as curl and Java, provide mechanisms and abstractions for providing HTTP basic authentication data.

HTTPS

All requests to the API should be sent over HTTPS, which ensures sensitive data, such as the username and password used to authenticate your requests, is encrypted. The HTTPS protocol utilizes Transport Layer Security (TLS) to prevent third parties from accessing data as it is transmitted. Servers provide authorized certificates in order to authenticate their identity over HTTPS connections. Tools such as curl and modern web browsers verify the integrity of the server certificates before sending request data over HTTPS in order to guarantee your data is sent to your intended recipient. The combination of HTTP Basic Authentication and the HTTPS protocol provides a convenient way to authenticate your requests to the API while assuring your sensitive data remains secure.

Authentication Using curl

To authenticate using curl, pass the username and password for your P6 account using the -x curl option:

Note: Text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation. For example, replace the <username> variable with your username. 

curl -X POST "https://localhost:7001/p6ws/restapi/login?DatabaseName=orcl" -H "accept: */*" -H "authToken: YWRtaW46YWRtaW4"

The variables in the previous example should be replaced with the following information when accessing the API:

  • <authToken>>: The authToken contains base64 encoded username and password.
  • <host>: The name of the host on which the application is deployed. This is the URL for the P6 application.
  • <port>: The port number assigned to the application on the application host. The port is either included in the URL or is not required.
  • <endpoint>: A valid data service endpoint, excluding the data service base URL. For example, project?Fields=Name&Filter=ObjectId={id}.

Authentication Using Java

To use HTTP Standard authentication with Java, you must convert your username and password to a base64 encoded string.

The following Java snippet demonstrates how to authenticate using HTTP standard authentication with Java:

import java.net.HttpURLConnection;
 
public class SampleProgram {
 
    private static String userName = "<username>";
 
    private static String password = "<password>";
 
    // ...code omitted for clarity
 
    private static String callRestURL(String restUrl, String method, String version) throws Exception {
 
        HttpURLConnection conn = null;
 
        try {
            // ...code omitted for clarity
 
            String userCredentials = userName + ":" + password;
 
            String base64Credentials = javax.xml.bind.DatatypeConverter.printBase64Binary(userCredentials.getBytes());
 
            String basicAuth = base64Credentials;
 
            conn.setRequestProperty("authToken", basicAuth);
 
            // ...code omitted for clarity
        } catch (Exception e) {
            // ...code omitted for clarity
        }
    }
}