Using OAuth for Authentication and Authorization

Authentication

Pass the OAuth token generated by ROPC grant type into an Authorization Header for user authentication when calling a Primavera Administration REST API endpoint.

Authentication Using OAuth

Note: In the examples below, the text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation.

Generic Example

GET https://<server_URL>/cloudapi/restapi/v3/bgjobs/{bgJobName}
 
Headers:
Content-Type: application/json
Authorization: Bearer <OAuth-Access-Token>

The variables in the previous example should be replaced with the following information when accessing the API:

• <server_URL>: The URL of the host server on which the application is deployed.
• <OAuth-Access-Token>: The OAuth token generated by ROPC.

Example Using cURL

curl -X GET https://<server_URL>/cloudapi/restapi/v3/audits -H 'Content-Type: application/json' -H 'Authorization: Bearer <OAuth_access_token>'

The variables in the previous example should be replaced with the following information when accessing the API:

• <server_URL>: The URL of the host server on which the application is deployed.
• <OAuth_access_token>: The OAuth token generated by ROPC.

Authorization

Primavera Administration provides security at the application level. The user account for which an OAuth token was generated must be authorized to access the application and the objects requested through the API endpoints. For example, to request project information from the /user/{userid} endpoint, you must connect to the API using an account that is authorized to access the user with the specified ID value.

If the security token has expired, the API will return a 401. If the account does not have authorization to access the contents of an API endpoint, the API will return a 403 response.

Refer to the Application Administration Guide for information on configuring user access to the application.