Skip to main content
V
VV_141053154-Participant
4-Participant
December 29, 2025
Solved

How to Authenticate the API for Windchill Odata connector in Thingworx when using SSO Authentication

  • December 29, 2025
  • 2 replies
  • 187 views

Hi Folks,

 

I have a requirement to download the files of Windchill objects into Thingworx repository. I am getting the Link of files inside Thingworx using Odata Connectors. I am able to generate the file in Repository but when I try to open the file getting error "Failed to load PDF document."

 

Below is the code I am using :

// result: JSON
let inputJson = Things["ptc-windchill-integration-connector"].downloadAsZip({
respondWithZip: false /* BOOLEAN {"dataShape":""} */,
$expand: undefined /* STRING {"dataShape":""} */,
    objectId: <objectId>
});
 
// result: JSON
let csrf = Things["Thing.ODataConnector.ProdMgmt_TH"].GetCSRFToken({
$select: undefined /* STRING {"dataShape":""} */
});
 
 
    item = inputJson.items[0];
let params = {
url: <file_url> /* STRING */ ,
headers: {
"CSRF_NONCE": <Nonce token>,
                "Accept": "*/*",
                "X-Requested-With": "XMLHttpRequest"
}
        };
// result: BLOB
let binaryContent = Resources["ContentLoaderFunctions"].LoadBinary(params);
    result = binaryContent;
    
    let fullPath = "/test4/" + item.name;
    Things["SupportRepository"].SaveBinary({
path: fullPath /* STRING */,
content: binaryContent /* BLOB */
});
 
What is wrong in my code to authenticate it while downloading it in Thingworx Repository.
 
Thanks in advance.
 
Regards,
VV
 
 
Best answer by MarekP.Nowaczyk

Hello VV,

 

You should be getting the CSRF_NONCE token first and then pass it to subsequent calls - see example bellow:

let ParamA = { 
 url: Windchill_URL + "/servlet/odata/v3/PTC/GetCSRFToken()",
 ...
}; 
const NONCE_VALUE = Resources["ContentLoaderFunctions"].GetJSON(ParamA);
...
let ParamB = { 
 ...
 headers: {
 ...
 CSRF_NONCE: NONCE_VALUE
 }
};
result = Resources["ContentLoaderFunctions"].PostJSON(ParamB);

 If you still get some error it would be helpful if you provide ThingWorx/WC log snippets.

2 replies

M
MarekP.Nowaczyk15-MoonstoneAnswer
15-Moonstone
January 6, 2026

Hello VV,

 

You should be getting the CSRF_NONCE token first and then pass it to subsequent calls - see example bellow:

let ParamA = { 
 url: Windchill_URL + "/servlet/odata/v3/PTC/GetCSRFToken()",
 ...
}; 
const NONCE_VALUE = Resources["ContentLoaderFunctions"].GetJSON(ParamA);
...
let ParamB = { 
 ...
 headers: {
 ...
 CSRF_NONCE: NONCE_VALUE
 }
};
result = Resources["ContentLoaderFunctions"].PostJSON(ParamB);

 If you still get some error it would be helpful if you provide ThingWorx/WC log snippets.

    V
    VV_141053154-ParticipantAuthor
    4-Participant
    January 22, 2026

    Yes Using the Nonce token I fetch the objects then bearer token I download the file in repository. Thank you so much.

    S
    slangleyCommunity Manager
    Community Manager
    January 14, 2026

    Hi @VV_14105315 

     

    Was the response you received helpful?  If you still have questions, please let us know.  Otherwise, please mark the response as the Accepted Solution for the benefit of others in the community.

     

    Regards.

     

    --Sharon

    Terms & ConditionsCookie settingsAccessibility statement