How do i GET /projects using BuildingConnectedAPI’s two-legged authentication method?

Question

I am currently using the two-legged basic auth flow to retrieve a Bearer token. I use the scope “data:write”. It works great.

My use case is that I then want to use this bearer token to GET /projects on a regular basis without having to involve a user.

However, when I make that request, I get the error, “Token does not have the privilege for this request.” With error code AUTH-010.

If I change my scope in the auth request to data:read, the error returned with I GET /projects is “You are not authorized to use a 2-legged token. Please use a 3-legged token…”

I see that the /projects endpoint requires user context. In fact, all endpoints in the API docs require user context, which I’m guessing means 3-legged auth. However, if I have to involve a user, the API is not useful to me.

How can I GET projects without user involvement (2-legged)?

Answer 1

I think the online doc has an issue (I'll let the team know) - I have not seen any other GET endpoint that required data:write scope - and that's why you get the first error you mentioned:
https://aps.autodesk.com/blog/token-does-not-have-privilege-request

It does look like you need a 3-legged token for that endpoint, but that only requires the user to log in once, just to authorize your app's access to their data. From then onwards you can create new tokens without user interaction. Have a look at these:
https://aps.autodesk.com/blog/more-about-refresh-token
https://aps.autodesk.com/blog/maintaining-refresh-tokens-mongodb-triggers