Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Model Driven MES 7​.0

TABLE OF CONTENTS

Configure MES Web API authentication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 24, 2026
  • 2 minute read

The MES Web API is intended to be used from a web application with user interaction such as the Work Tasks Enterprise Console. The user will be prompted to log in with their user credentials through AVEVA Identity Manager (AIM). Once the user is authenticated, the client application will have a bearer token that is passed to the MES middleware as part of the Web API header call. This is managed by the application as it knows it is registered with AIM. The MES middleware will then check to see if the user is a valid MES user and either allow or deny the call.

Note: While Work Tasks and Model Driven MES support AVEVA Identity Manager (AIM) redundancy, user access tokens are not synchronized across redundant AIM nodes. Seamless session continuation across AIM nodes is not supported. If an AIM failover occurs, users must log out and log back in to obtain a new authentication token from the active AIM node.

For instructions on how to create an MES Web API list item that authenticates by the logged-in user, see Configure the MES Web API to use a user access token.

The MES middleware also has the ability to handle a call from another application without a known user. This service-to-service mechanism is similar to how the MES background maintenance tasks and the MES Application Server Objects interact with the MES middleware. With this approach, the service must still register with AIM. One example is a workflow that is triggered from some external source and has an activity to call the MES Web API, such as a call to a workflow based on a schedule in Work Tasks. This call will not have any user context and will still complete using the service-to-service flow.

For instructions on how to create an MES Web API list item that authenticates using service‑to‑service, see Configure the MES WEB API to use a service-to-service access token.

Note the following about the MES Web API and AIM authentication tokens:

  • The MES Web API is used with MES model‑driven application content through Work Tasks. Both use AIM tokens for user logins. Work Tasks can also use AIM tokens for service-to-service connections.

  • Each access method (user access token mode and service-to-service token mode) requires a different WEB API to be defined inside of Work Tasks.

  • If the System Management Server on which AIM runs is offline and an authentication token cannot be obtained or verified for an MES Web API call, a 500 error is returned.

For a list of methods that are excluded from the MES model‑driven application content Swagger file, see Web API exceptions.

TitleResults for “How to create a CRG?”Also Available in