1. Get StartedPrime Projects Open Integration API
  2. Security
  3. HTTP Basic Authentication and HTTPS

HTTP Basic Authentication and HTTPS

HTTP Basic Authentication

The API uses HTTP basic authentication to authenticate requests. To authenticate using HTTP Basic Authentication, clients must provide the username and password of a valid Prime Projects user in the HTTP headers of their requests. Many tools and programming languages that support HTTP, such as curl and Java, provide mechanisms and abstractions for providing HTTP basic authentication data.

HTTPS

All requests to the API must be sent over HTTPS, which ensures sensitive data, such as the username and password used to authenticate your requests, is encrypted. The HTTPS protocol utilizes Transport Layer Security (TLS) to prevent third parties from accessing data as it is transmitted. Servers provide authorized certificates in order to authenticate their identity over HTTPS connections. Tools such as curl and modern web browsers verify the integrity of the server certificates before sending request data over HTTPS in order to guarantee your data is sent to your intended recipient. Prime Projects does not support insecure connections over HTTP. The combination of HTTP Basic Authentication and the HTTPS protocol provides a convenient way to authenticate your requests to the API while assuring your sensitive data remains secure.

Authentication Using curl

To authenticate using curl, pass the username and password for your Oracle Prime Projects account using the -u curl option:

Note: Text surrounded in < > indicates a variable. You must replace variables with your own data to run the examples in this documentation. For example, replace the <username> variable with your username. 

curl -u <username>:<password> -H "Accept:application/json" -H "Version:<api-version>" -X GET https://<host>:<port>/primeapi/restapi/<endpoint>

The variables in the previous example should be replaced with the following information when accessing the API:

  • <username>: The username of an application user. This user will be used to access the API and must have permission to access requested application data. For example, jsmith.
  • <password>: The password associated with the user account used to access the API.
  • <host>: The name of the host on which the application is deployed. For example, localhost.
  • <port>: The port number assigned to the application on the application host. For example, 7001.
  • <endpoint>: A valid data service endpoint, excluding the data service base URL. For example, project/{id}

Authentication Using Java

To use HTTP basic authentication with Java, you must convert your username and password to a base64 encoded string.

The following Java snippet demonstrates how to authenticate using HTTP basic authentication with Java:

import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; public class SampleProgram { private static String userName = "<username>"; private static String password = "<password>";

//...code omitted for clarity private static String callRestURL(String restUrl, String method, String version) throws Exception { HttpURLConnection conn = null; try { //...code omitted for clarity String userCredentials = userName + ":" + password; String base64Credentials = javax.xml.bind.DatatypeConverter.printBase64Binary(userCredentials.getBytes()); String basicAuth = "Basic " + base64Credentials; conn.setRequestProperty("Authorization", basicAuth); //...code omitted for clarity