Using Basic Authentication

Authentication

The Primavera Administration API supports HTTP basic authentication and SSL authentication.

Note: In the examples below, the text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation.

Authentication using cURL

To authenticate using cURL, pass the username and password for your Primavera Administration account using the -u cURL option: 

curl -u <username>:<password> -H "Accept:application/json" -X GET https://<server_URL>/cloudapi/restapi/<service>

The variables in the previous example should be replaced with the following information when accessing the API:

  • <username>: The username of the user authorized for access to the API.
  • <password>: The password of the user authorized for access to the API.
  • <server_URL>: The URL of the host server on which the application is deployed.
  • <service>: The service endpoint you intend to call.

For example:

curl -u jsmith:mypassword1 -H "Accept:application/json" -X GET https://localhost/cloudapi/restapi/user

To authenticate using Node.js, pass the username and password for your Primavera Administration account using the auth property of an HTTP request object: 

//...Code omitted for emphasis
var options = {
    hostname: "<hostName>",
    port: <portNumber>,
    method: 'GET',
    path: "
    auth: "<username>:<password>"
}
//...Code omitted for emphasis

For example: 

//...Code omitted for emphasis
var options = {
    hostname: "localhost",
    port: 7001,
    method: 'GET',
    path: "
    auth: "jsmith:mypassword1"
}
//...Code omitted for emphasis

Authorization

Primavera Administration provides security at the application level. The user account you specify when sending requests to the API must be authorized to access the application and the objects requested through the API endpoints. For example, to request user information from the /user/{userid} endpoint, you must connect to the API using an account that is authorized to access the user with the specified ID value.

If the security token has expired, the API will return a 401. If the account does not have authorization to access the contents of an API endpoint, the API will return a 403 response.

Refer to the Application Administration Guide for information on configuring user access to the application.