Using OAuth for Authentication and Authorization

Authentication

Pass the OAuth token generated by ROPC or JWT User Assertion grant type into an Authorization Header for user authentication when calling a P6 Web Service API endpoint.

Authentication Using OAuth Example

The variables in the example below should be replaced with the following information when accessing the API:

<host>: The name of the host on which the application is deployed. For example, localhost.
<OAuth-Access-Token>: The OAuth Token generated by ROPC or JWT User Assertion

<port>: The port number assigned to the application on the application host. For example, 7001.

Note: You can omit the port number if the HTTPS port is 443, because the interface assumes the HTTPS port to be the default. If your environment does not use port 443 for HTTPS, you must include the port number after the host variable.

POST https://<host>:<port>/p6ws/services/ProjectService
Headers:
  Accept-Encoding: gzip,deflate
  Content-Type: text/xml;charset=UTF-8
  SOAPAction: "ReadProjects"
  Authorization: Bearer <OAuth-Access-Token>
Body (non-linearized for clarity):
  <soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/'
                    xmlns:v2='http://xmlns.oracle.com/Primavera/P6/WS/Project/V2'>
    <soapenv:Header/>
    <soapenv:Body>
        <v2:ReadProjects>
            <v2:Field>ObjectId</v2:Field>
            <v2:Field>Id</v2:Field>
            <v2:Field>Name</v2:Field>
            <v2:OrderBy>ObjectId</v2:OrderBy>
        </v2:ReadProjects>
    </soapenv:Body>
  </soapenv:Envelope>

Authorization

P6 provides security at the application level. The user account you specify when sending requests to the API must be authorized to access the application and the objects requested through the API endpoints.

For information on configuring user access to the application, see: Application Level Security

Authentication

Authentication Using OAuth Example

Authorization

Related Topics