Autodesk API Forge Authentication Bearer - autodesk-forge

I'm the administrator of a Bim360 Docs Hub,and i'm trying to retrieve some data from the forge API. I've already created a test app, and i get a Bim 360 Account Id.
I'm not able to get an authentication bearear token (OAuth), to make simple get requests towards projects.
Where do i get the auth token ?
Thanks

See tutorial here to aquire OAuth tokens and note that you will need different permutations of OAuth scopes (esp. data:read data:write etc.) for different operations, as is specified in the docs of each and every API, see an example here.
You may use a RESTful client like Postman to talk to our APIs and manage the authentication flow and operate on response data with JavaScript as you like so as to build workflows such as to create a new project.
Last but not least before you can access BIM360 APIs make sure you provision access to your app.

Related

Forge - Direction of Model Derivative API

The Forge documentation mentions “If you need an end user to authorize your app to act on the user’s behalf, you’ll want to check out this tutorial.” This makes it sound as if our app will be doing something from OurApp → Forge, reaching into Fusion data, pulling it out. Our desired action would be the user acting on their own behalf, with authorized permission, sending files to their account on OurApp.
I've genericized it, but our specific situation is as follows: we want Fusion360 users to be able to install our plugin and then send models in STL format (model derivative v2 API) to our service for 3D Printing or sharing with others. This same behavior exists for Tinkercad and is very popular, but the requirements change for Fusion, now that it is not a web app like Tinkercad.
Autodesk Forge uses OAuth 2.0 as its authentication strategy, and as part of that, the platform allows you to choose between two-legged and three-legged authentication.
Two-legged authentication means that a trust is established between your own application (with credentials that are generated for you when you create a Forge app on https://forge.autodesk.com) and the Forge services. Your application can manage its own data but it does not have access to your users data in other Forge applications.
Three-legged authentication means that a trust is established among 3 entities: your application, Forge, and your user. With an access token generated using 3-legged authentication, your application can also access the user's content in other Forge applications, for example, in BIM360 or Fusion Teams.
With that, if you plan on having your users upload STL files from a locally running instance of Fusion 360, you can use the simple 2-legged authentication and have your Forge application own and manage the uploaded data and the translated derivatives. But if you wanted to upload or download STLs to/from something like Fusion Teams, you would need the 3-legged auth workflow.

Create Signed URL for Object in BIM360 OSS

I'm trying to set up an Signed URL for an Design Automation Workflow which is triggered by an Webhook inside of the BIM360 OSS. If a file is added the webhooks triggers an endpoint to start a Design Automation. The webhook is working. And the Design Automation is working too. The Problem occurs if i try to wire both up. I#m trying to create a Signed URL of the File like suggested in this post from Petr Broz link stackoverflow.
To use this API it is requierd to use an Token which is obatined by 2-Legged-Auth which is working with all necessary Scopes. In the response of the Webhook is an ID for the Folder and Version. The API is recognizing the ID.
The problem occurs in the response of this endpoint to create the signed url: https://developer.api.autodesk.com/oss/v2/buckets/:bucketKey/objects/:objectKey/signed
I'm using the wip.dm.emea as bucket because the file is stored in the EU BIM360 OSS.
The response is a 403 Forbidden:
{
"reason": "Only the bucket creator is allowed to access this api."
}
Is it even possible to get the File ID like in this example Forge how to Download File ?
Because this Solution requires a 3-Legged-Auth Flow which is not possible for a complete Automation.
The thing which makes me question is, that you can achieve this Workflow in plane Forge. But not in BIM360 where i have no control over the Buckets that are created by the System!?
I think this is an architectural missmatch between the Forge API and the BIM360 implementation!? Will there be a solution for this in the future?
Best regards
Jan
Unfortunately, I can confirm that it's not possible to create a signed URL for your BIM360 storage currently, as the error message mentioned, the endpoint requires the bucket owner to do this operation, this is what it is now. But I agree with you that this should be an architecture mismatch between Forge OSS and BIM360 implementation, and it's already been requested in our system, please keep "CPOSS-1066" to check with us about the progress.
As for the current way, you can keep the 3 legged token and using that for the output Url and also in the onComplete() callback, I have the blog post https://forge.autodesk.com/blog/upload-your-design-automation-output-file-bim360-docs which details the way to work, hope it helps at this moment.

Scripted Authentication for Autodesk Forge TokenFlex API

This question pertains to the Autodesk Forge TokenFlex Usage API. We would like to run an application that pulls data on a scheduled basis. Our understanding is that the Forge TokenFlex API requires 3 Legged authentication. We have successfully adapted the Autodesk GitHub code sample "A Forge Python Script Demonstrating new TokenFlex Usage API" to pull our data but this requires 3-Legged Authentication.
Is there a way to pull data using the TokenFlex Usage API without requiring user intervention for Authentication?
Unfortunately TokenFlex requires 3 legged auth for enhanced security purposes.
However you can minimize user intervention but rotating the token periodically in your backend using the refresh_token that comes with the token to get refreshed tokens implicitly and store them securely (encryption recommended for security reasons) where your script can use them, see here for details

Users Import: The client_id specified does not have access to the api product

I get an issue when I call endpoint Users import:
{fault.name} - The client_id specified does not have access to the api product
see attachment
note: when I use endpoint v1, I don't have problems. Also I use 2-legged token and can access anothers endpoint (ie: Add a project admin)
Please help me out of this problem.
I mean v2 of endpoints where I can't access (see attachments)
Best,
image_1
image_2
The reason mainly could be the following:
I don't think there is a V2 of BIM 360 API, or because you probably do not have an enable integration for the use of the BIM 360 API. You can check this post in order to get the necessary steps to request such access.
https://fieldofviewblog.wordpress.com/2017/08/18/no-custom-integrations-tab/
Here you can also read more about why do you need such access and why this specific API does not work in the same way as the other Forge services.
https://fieldofviewblog.wordpress.com/2017/01/17/bim-360-and-forge-overview/

Unable to use Box API Enterprise API with OAuth2 authenticated app

What I understand is Enterprise API from Box works only with server-server JWT auth and not like OAuth2 based authentication.
Box integrations which haveOAuth2 based authentication support only Content API and not the Enterprise API.
Is there way to have OAuth & Ebterprise API at the same time? (I essentially want to manage users & groups any third party enterprise)
Any thoughts/pointers? Thanks in advance!
What I understand is Enterprise API from Box works only with server-server JWT auth and not like OAuth2 based authentication.
This is not correct, though I can see how you could arrive at that understanding. You can work with the Box Enterprise API using traditional 3-Legged OAuth. In fact, for many years 3-Legged OAuth was the only way to work with the Box API.
In order for a 3-Legged OAuth access token to make Enterprise API calls:
The appropriate Enterprise scopes must be selected in the app configuration.
The token must have been issued for a user with enterprise admin/co-admin privileges.
The relationship between JWT auth and the Enterprise API is one of convenience. Enterprise API apps are often non-interactive server-side scripts and/or scaled out to multiple processes. In these scenarios JWT is much easier to work with than 3-Legged OAuth.