HTTP Basic Authentication and HTTPS

HTTP Basic Authentication

Primavera Data Service uses HTTP basic authentication to authenticate requests. To authenticate using HTTP Basic Authentication, clients must provide the username and password of a valid Primavera user in the HTTP headers of their requests. Many tools and programming languages that support HTTP, such as curl and Java, provide mechanisms and abstractions for providing HTTP basic authentication data.

HTTPS

All requests to Primavera Data Service must be sent over HTTPS, which ensures sensitive data, such as the username and password used to authenticate your requests, is encrypted. The HTTPS protocol utilizes Transport Layer Security (TLS) to prevent third parties from accessing data as it is transmitted. Servers provide authorized certificates in order to authenticate their identity over HTTPS connections. Tools such as curl and modern web browsers verify the integrity of the server certificates before sending request data over HTTPS in order to guarantee your data is sent to your intended recipient. Oracle Primavera does not support insecure connections over HTTP. The combination of HTTP Basic Authentication and the HTTPS protocol provides a convenient way to authenticate your requests to Primavera Data Service while assuring your sensitive data remains secure.

Authentication Using curl

To authenticate using curl, pass the username and password for your Primavera account using the -u curl option:

Note: Text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation.

The variables in this example must be replaced with the following information:

• <username>: The user name of a user configured in your Primavera application with access to Primavera Data Service.
• <password>: The password associated with the user name.
• <url>: The url provided to you when Primavera Data Service was deployed.
• <endpoint>: A valid data service endpoint, excluding the data service base URL.

  curl -u <username>:<password> -H "Accept:application/json" -X GET https://<url>/pds/rest-service/dataservice/<endpoint>
  
  

Authentication Using Java

To use HTTP basic authentication with Java, you must convert your username and password to a base64 encoded string.

The following Java snippet demonstrates how to authenticate using HTTP basic authentication with Java.

The variables in this example must be replaced with the following information:

• <username>: The user name of a user configured in your Primavera application with access to Primavera Data Service.
• <password>: The password associated with the user name.

  import java.io.ByteArrayOutputStream;
  import java.io.OutputStreamWriter;
  import java.io.PrintWriter;
  import java.net.HttpURLConnection;
  import java.nio.charset.Charset;
   
  public class SampleProgram {
   
      private String userName = "<username>";
   
      private char[] password = new char[] { /*<password>*/ };
   
      // ...code omitted for brevity
   
      private String callRestURL(String restUrl, String method, String version) throws Exception {
   
          HttpURLConnection conn = null;
   
          try {
   
              // ...code omitted for brevity
   
              char userCredentials[] = new char[userName.length() + 1 + password.length];
              System.arraycopy((userName + ":").toCharArray(), 0, userCredentials, 0, userName.length() + 1);
              System.arraycopy(password, 0, userCredentials, userName.length() + 1, password.length);
   
              String base64Credentials = javax.xml.bind.DatatypeConverter.printBase64Binary(charToBytes(userCredentials));
   
              String basicAuth = "Basic " + base64Credentials;
   
              conn.setRequestProperty("Authorization", basicAuth);
   
              // ...code omitted for brevity
   
          } catch (Exception e) {
   
              // ...code omitted for brevity
   
          }
          return "";
   
      }
   
      public byte[] charToBytes(char[] credentials) {
          ByteArrayOutputStream baos = new ByteArrayOutputStream();
          OutputStreamWriter osw = new OutputStreamWriter(baos, Charset.forName("UTF-8").newEncoder());
          PrintWriter writer = new PrintWriter(osw);
          writer.print(credentials);
          writer.close();
   
          return baos.toByteArray();
      }
   
  }
  
  

Authorization

Primavera Data Service provides access control to ensure the security of your data. The user account you use when sending requests must be authenticated and authorized to access Primavera Data Service before it can access the service through the API endpoints. For example, to request a query result from the /runquery?{configCode} endpoint, you must connect to Primavera Data Service using an account configured in Primavera Administration for the appropriate role and provide either:

• a password (to use basic authentication).
• a valid OAuth token.

For information on configuring user access, see Primavera Administration Identity Management Guide.

If the OAuth security token has expired, the Primavera Data Service will return a 401 error response. If the account does not have authorization to access the Primavera Data Service, the API will return a 403 error response.