1. Get StartedP6 EPPM Rest API
  2. Security
  3. Authentication and Authorization (OAuth)

Authentication and Authorization (OAuth)

Authentication

Use the OAuth token generated by ROPC or JWT User Assertion grant type for user authentication when calling a P6 Web Service API endpoint.

Authentication Using curl

To authenticate using curl, pass the OAuth token into an Autorization Header using the -H curl option:

Note: Text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation. For example, replace the <OAuth-Access-Token> variable with your access token. 

curl -X GET https://<host>/p6ws/restapi/eps?Fields=Name -H 'Authorization: Bearer <OAuth-Access-Token>' -H 'Content-Type: application/json'

The variables in the previous example should be replaced with the following information when accessing the API:

  • <OAuth-Access-Token>: The OAuth Token Generation with Standard Authentication.
  • <host>: The name of the host on which the application is deployed. For example, localhost.
  • <port>: The port number assigned to the application on the application host. For example, 7001.

Note: The curl example above omits the port number. You can omit the port number if the HTTPS port is 443, because the interface assumes the HTTPS port to be the default. If your environment does not use port 443 for HTTPS, you must include the ":<port>" after the host variable.

Authentication Using Java

The following Java snippet demonstrates how to authenticate using OAuth token authentication with Java:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
 
public class SampleProgram {
 
    private static String token = "<Token>";
 
    // ...code omitted for clarity
 
    private static String callRestURL(String restUrl, String method, String version) throws Exception {
        HttpURLConnection conn = null;
 
        try {
            // ...code omitted for clarity
 
            String userToken = token;
 
            String tokenAuth = "Bearer " + token;
            conn.setRequestProperty("Authorization", tokenAuth)
 
            // ...code omitted for clarity
        } catch (Exception e) {
            // ...code omitted for clarity
        }
    }
}

Authorization

P6 provides security at the application level. The user account you specify when sending requests to the API must be authorized to access the application and the objects requested through the API endpoints. For example, to request project information from the project?Fields=Name&Filter=ObjectId={id} endpoint, you must connect to the API using an account that is authorized to access the project with the specified ID value. If the account does not have authorization to access the contents of an API endoint, the API will return a 401 or 404 response.

Refer to the Application Administration Guide for information on configuring user access to the application.