Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Web API

TABLE OF CONTENTS

Bearer authentication settings

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 20, 2025
  • 1 minute read

OpenID Connect can be used with claims embedded in the access token as a JWT. When configured for Bearer authentication, PI Web API supports JWTs in the Authorization header.

Note: Starting with the PI Web API 2023 release, AVEVA Identity Manager (AIM) Server provides support for OpenID Connect bearer authentication.

The following bearer setting is available in the PI Web API:

BearerIssuer

Identifies the URL for the AVEVA Identity Manager identity provider (for example, https://{aimserverFQDN}/identitymanager/).

BearerIssuer also allows PI Web API to relay calls for metadata information from the identity provider. The URL and the client ID that are needed for client-side authentication is provided by the administrator of the identity provider.

The default value is OSIsoft.Invalid.ChangeMe. This setting is required for all OpenID Connect configurations.

Note: If the Authentication setting includes Bearer, an error occurs if BearerIssuer includes the known-illegal value OSIsoft.Invalid.ChangeMe. Additionally, if the Authentication setting includes Bearer, a warning displays if BearerIssuer is not present because the administrator removed the attribute or if it is set to legal-but-insecure values, such as null and empty-string. A warning also displays at startup and whenever the configuration is in an invalid state.

TitleResults for “How to create a CRG?”Also Available in