Authorization for API resources - Intergraph Smart Instrumentation - Version 2.3.5 - Training - Intergraph

Intergraph Smart Instrumentation Web API Tutorial

Intergraph Smart Instrumentation
Search by Category
Smart Instrumentation Web Version

All Web APIs are secured with the OAuth2 protocol. As a user, you must identify yourself and be authorized to access API resources. Authorization is provided via an access token, which you must request from an authorization server (in this case, the security token service bundled with Smart API Manager).

Smart API Manager lets you perform the following tasks, all of which are required before you can get an access token:

  • Register Web APIs

  • Create and manage Users and Groups.

  • Authorize a group to access a Web API, including configuring any required claims for the API.

  • Register Smart Clients. You must have a Client ID to request an access token.

See the Smart API Manager Online Help for details on how to configure all the required settings in Smart API Manager. If you do not have permission to log in with Smart API Manager, you will need to speak with the person at your company responsible for installing and configuring Smart API Manager and Web APIs to get the required information.

Get an access token

You must get and include an access token with every call to protected resources exposed from your API. For this tutorial, the predefined Get Token POST request retrieves a new access token from the authorization server.

The token request includes a key named acr_values in the body. This key should only be used when the system is configured for Windows Authentication. If your system is configured for a SAM user, this key must be removed.


To get a token, do the following:

  1. In the Collections tab, click the first request 01.01 Get Token.

  2. Move the cursor over the variable {{samServerUri}} in the address bar. Verify that the CURRENT VALUE in the tool tip displays the value you have configured in the environment.

  3. Click .

    The response returns a string with a success status.

    An access token will expire based on configuration in Smart API Manager. If your access token has expired when you make a request, the API returns a 401 Unauthorized status and error message: Token validation failed...

    Obtaining Client Credentials (9)

When this happens, return to the Collections tab, click the Get Token query, and click .