Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X
how to do basic authentication through REST API in thingworx without passing user name and password in Header
Hi @KG_10929768 ,
You can use with Application Key in API header for the authentication.
https://community.ptc.com/t5/IoT-Tips/Use-REST-API-to-Access-ThingWorx-Part-1/ta-p/825305
https://community.ptc.com/t5/IoT-Tips/Use-REST-API-to-Access-ThingWorx-Part-2/ta-p/825684
https://community.ptc.com/t5/IoT-Tips/Use-REST-API-to-Access-ThingWorx-Part-3/ta-p/826227
https://community.ptc.com/t5/IoT-Tips/Use-REST-API-to-Access-ThingWorx-Part-4/ta-p/826284
Thanks & Regards,
Arun C
Ok. But we have Login screen in android app and we want Thingworx user should login from android app. i.e we need basic authentication through API.
Is this possible with API.
1)What about all user -means every user has separate Key?
2)What about API key expiry- means we need to manually adjust date?
2)we dose not want to send login credential in header.
Hello @KG_10929768,
It looks like you have some responses from some community members. If any of these replies helped you solve your question please mark the appropriate reply as the Accepted Solution.
Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.
Thanks,
Vivek N.
Community Moderation Team.
You say you want basic auth, and then you say you don't want to sent credentials in the header.
This is a contradiction, as Basic Auth defines sending credentials in the header: https://en.wikipedia.org/wiki/Basic_access_authentication
Note that header information is encrypted when you use a HTTPS connection, which should be standard procedure today. So it's not going be sent in clear text over the network.
You can configure ThingWorx to delegate authentication to an external Identity Provider via OAuth -- this way your users will be able to authenticate with whatever credentials they have, and you'll be able to use one of the many OAuth authentication libraries in your Android app.
Configuring OAuth is described in ThingWorx Help.
Thanks for the replay ....
we have to use session login and fetch the data from ThingWorx server.
Is their any other way?
Also please provide link for Configuring OAuth details.
Here's the configuration guide for configuring OAuth with PingFederate. I would expect the steps to be similar if you use another IdP like Keycloak or Auth0.