CODEWITHSUNDEEP
autodesk-forgeautodesk-bim360
david
david

Reputation: 133

Are three legged tokens supported in the Autodisk BIM360 Account Admin endpoints?

I have tried the endpoints to get projects and users with a three legged token, and in both cases I get a 403 with a response body that looks like:

{ "code": 1003, "message": "Only support 2 legged access token." }

This seems unequivocal, but doesn't seem to be consistent with the API documentation. Is access really only available using a 2 legged token or have I missed something?

Just to be clear, the endpoints I'm playing with are:

GET https://developer.api.autodesk.com/hq/v1/accounts/:account_id/projects 
and
GET https://developer.api.autodesk.com/hq/v1/accounts/:account_id/users

The documentation states "Must be Bearer , where is obtained via OAuth", but there is no mention that only two legged authentication tokens are supported.

Upvotes: 2

Views: 453

Answers (1)

Eason Kang
Eason Kang

Reputation: 7070

Yes, they are BIM360 HQ APIs (well known as Account Admin APIs), part of BIM360 API as I mentioned in the comment above.

Unfortunately, Account Admin APIs only allow access with 2 legged access token now. In contrast, other APIs like Issues, RFIs, and Checklists support 3 legged access token and 3 legged access token with the uid.

Note:

  1. Keyword user context required in the Authentication Context of the documentation means that it requires acting with a 3-legged OAuth token or a 2-legged OAuth token with user impersonation.
  2. Keyword app only means that it supports 2-legged OAuth token only.

Upvotes: 2

Related Questions