1. Get StartedP6 EPPM Rest API
  2. Security
  3. Authentication and Authorization (OAuth)

Authentication and Authorization (OAuth)

Authentication

The API supports HTTP token authentication and SSL authentication.

Authentication Using curl

To authenticate using curl, pass the username and password for your P6 account using the -u curl option:

Note: Text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation. For example, replace the <OAuth-Access-Token> variable with your access token. 

curl -X GET http://<host>:<port>/p6ws/restapi/eps?Fields=Name -H 'Authorization: Bearer <OAuth-Access-Token>' -H 'Content-Type: application/json'

The variables in the previous example should be replaced with the following information when accessing the API:

  • <OAuth-Access-Token>: The OAuth Token Generation with Standard Authentication.
  • <host>: The name of the host on which the application is deployed. For example, localhost.
  • <port>: The port number assigned to the application on the application host. For example, 7001.

Authentication Using Java

The following Java snippet demonstrates how to authenticate using HTTP token authentication with Java:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
 
public class SampleProgram {
 
    private static String token = "<Token>";
 
    // ...code omitted for clarity
 
    private static String callRestURL(String restUrl, String method, String version) throws Exception {
        HttpURLConnection conn = null;
 
        try {
            // ...code omitted for clarity
 
            String userToken = token;
 
            String tokenAuth = "Bearer " + token;
            conn.setRequestProperty("Authorization", tokenAuth)
 
            // ...code omitted for clarity
        } catch (Exception e) {
            // ...code omitted for clarity
        }
    }
}

Authorization

P6 provides security at the application level. The user account you specify when sending requests to the API must be authorized to access the application and the objects requested through the API endpoints. For example, to request project information from the project?Fields=Name&Filter=ObjectId={id} endpoint, you must connect to the API using an account that is authorized to access the project with the specified ID value. If the account does not have authorization to access the contents of an API endoint, the API will return a 401 or 404 response.

Refer to the Application Administration Guide for information on configuring user access to the application.