Security

Primavera Data Service supports the following authentication schemes:

• Basic authentication
• Bearer authentication using OAuth

  Note: Authentication using OAuth is only available to customers whose products are hosted on Oracle Cloud Infrastructure (OCI). If you do not know where your product is hosted, contact your Customer Success Manager or an application administrator.

If you choose to use basic authentication, use version one endpoints.

Version one endpoints use the format:

/pds/rest-service/dataservice/<service>/<task>

If you choose to use bearer authentication using OAuth, use version two endpoints.

Version two endpoints use the format

/pds/rest-service/v2/dataservice/<service>/<task>

The following topics provide information about Primavera Data Service security model, and suggest practices for using the data service securely.

• Transport Level Security using HTTPS
• HTTP Basic Authentication and HTTPS

The remainder of this chapter discusses authentication using Open Authorization (OAuth).

Cookies

Response headers returned by Primavera Data Service may include cookies set by WebLogic Server in order to maintain session information in accordance with the Java Servlet Specification. These cookies are not maintained by Primavera Data Service, and do not factor into client requests to Primavera Data Service. All client requests to Primavera Data Service must be authenticated using HTTP basic authentication and SSL authentication.