Skip to main content
P
PG_105110684-Participant
4-Participant
January 21, 2026
Question

How to send token for external API Service usage from JSP

  • January 21, 2026
  • 1 reply
  • 173 views

Hello,
I'm currently implementing an LLM chat box for Windchill 13.0 and need a secure solution to send a key to an outside service, which will be saved in the session and used to query the Windchill API to gather data. Security context is important, so I need to send a key for the current user. For example, I'm currently sending the wcadmin bearer token for testing purposes.
The code for the chat box is in a JSP file, so I need to be able to fetch the key from that context.

Thanks!

1 reply

Fadel
Fadel23-Emerald I
23-Emerald I
January 22, 2026

use the wrscaller to run WRS and then use 

<Server>/Windchill/servlet/odata/v5/PTC/GetCSRFToken()

 

Buiꓘa
P
PG_105110684-ParticipantAuthor
4-Participant
February 12, 2026

Hello Fadel,

 

Thanks for the reply! My situation has changed a bit since this post, so let me recapitulate:

 

First, I don't need a CSRFToken, as I only do GET queries, to get documents, parts, usage, etc...

Secondly, I need a way to have a 3rd party service (in this case a Pinecone LLM chat app) to query the Windchill API with the good security context. For this reason, I've implemented SSO (with Shibboleth) and need to be able to send a query to the API with the same authentication as the SSO session. During my latest tests, whenever I use "Authorization: Bearer <entra token>" in my HTTP headers, the API returns the HTML landing page for Shibboleth, which normally redirects to Entra. Is there a way to configure Windchill/Apache to check for the token and return the correct JSON instead of HTML?

 

Thank you,

Philippe

Fadel
Fadel23-Emerald I
23-Emerald I
March 11, 2026

I did some searches and coun't find much info , you can raise an SSO case ,my colleagues will be glad to assist you furher 

Buiꓘa
Terms & ConditionsCookie settingsAccessibility statement