ihistory and account authentication

The iHistory web service requires users to be authenticated via a login process before they can retrieve data. The process for this differs between AVEVA Historian Insight and AVEVA Insight:

• AVEVA Historian Insight (on-premises)
  Uses Windows integrated security. A user must belong to the aaAdministrators, aaPowerUsers, or aaUsers Windows group. The iHistory web service uses Negotiate authentication, which is supported by most modern browsers and web service clients (such as Microsoft Excel).

• AVEVA Insight (cloud-based)
  Uses OpenID Connect and Basic authentication. Users must be invited to a specific account within AVEVA Insight and can then access all data published to that account. When using OpenID Connect, the iHistory web service uses "bearer token" authentication, per the OpenID Connect standard. As relatively new standard, some web service clients (for example, Microsoft Excel) do not have native support for it. However, some of those same clients (for example, Microsoft Power BI) support Basic authentication.

When you query on-premises data via iHistory, you will be prompted for authentication to the Historian.

• If you have a valid Windows login on the historian, you can retrieve general information about the services and the kinds of data available.

• If you belong to the aaAdministrators, aaPowerUsers, or aaUsers Windows group, you can retrieve actual application data -- including events, process history, tag information, and so on.