Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Web API Reference

TABLE OF CONTENTS

Bearer Authentication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL

This topic explains using Bearer authentication when building PI Web API client applications. OpenID Connect is a protocol for authentication and is supported by various identity providers. When configured for Bearer authentication, access tokens may be supplied in the Authorization header of a request that provides claims based on the identity configured with the provider.

For information about enabling and configuring Bearer Authentication, please see the Bearer Authentication Settings and Configuration documentation.

Create client credentials

In most cases, it is recommended to first create a new client registration on the identity provider for your application. The client credentials may then be used to request access tokens to be included in PI Web API requests. The client will need to have the client_credentials grant type enabled on the identity provider and clientid mappings must be created on any AF or DA resources that the application will be accessing. Read more about client authentication with OpenID Connect here.

While client credentials are the preferred grant type in most cases, others may be used. Read more about OAuth grant types here: https://oauth.net/2/grant-types/

Retrieve an access token

Access tokens can be requested by making a POST request to the token endpoint of the configured identity provider. View the PI Web API OpenId configuration by going to the following endpoint:

https://{piwebapifqdn}/piwebapi/.well-known/openid-configuration

The token_endpoint property contains the identity provider access token URI. An access token may then be requested by posting to the endpoint with the application client_id and client_secret, a grant_type of client_credentials and scope should be system. See the below curl example:

curl --location --request POST 'https://myaimserver.mycompany.com/identitymanager/connect/token' `
--header 'Content-Type: application/x-www-form-urlencoded' `
--data-urlencode 'grant_type=client_credentials' `
--data-urlencode 'client_id=xxxxxxxxxxxx' `
--data-urlencode 'client_secret=xxxxxxxxxxxx' `
--data-urlencode 'scope=system'

The resulting response will include an access_token that may be used in subsequent requests to PI Web API.

Make a PI Web API request with Bearer authentication

To use Bearer authentication in a PI Web API request, include the Authorization header in your request with a value of Bearer followed by the access token. For example,

curl --location --request GET 'https://{piwebapifqdn}/piwebapi' `
--header 'Authorization: Bearer xxxxxxxxxxx'
TitleResults for “How to create a CRG?”Also Available in