Support Central
Basic Authentication (Basic Auth) is supported by Aconex APIs, but is not recommended due to the low level of security in this approach. Use this guide to migrate your existing Basic Auth integration to OAuth.
Open Authorization (OAuth) is the industry-standard protocol for authorization that allows third-party applications to access a user's data without exposing their credentials and is commonly used to provide secure API access and user authentication.
The OAuth 2.0 Authorization Framework was published as RFC 6749. You should be familiar with the concepts and terminology presented in this document.
The Oracle Construction and Engineering Lobby (or "Lobby" for short), provides an OAuth 2.0 implementation for all Oracle Smart Construction Platform applications, including Aconex. This implementation is sometimes referred to as "Lobby OAuth".
Oracle strongly recommends the use of OAuth over Basic Auth due to the much higher level of security provided by OAuth.
Basic Auth involves sending the credentials of a user account (username and password) with every API request.
While it's simple to implement, it's not the most secure authentication method because the user's credentials are stored and passed freely without encryption.
With OAuth the client requests an Access Token from the Authorization Server that represents the user and includes this access token with every API request.
This mechanism, together with a short token expiry period, provides a secure authorization solution for API access.
The Oracle Construction and Engineering Lobby (or "Lobby" for short), provides an OAuth 2.0 implementation for all Oracle Smart Construction Platform applications, including Aconex. This implementation is sometimes referred to as "Lobby OAuth".
All Aconex APIs support access tokens generated by the Lobby.
Lobby supports the following types of integrations:
When migrating from Basic Auth, you typically implement either a Non-Interactive Integration or a User-Bound Integration.
Understand the technical details of the Lobby OAuth solution at Implement OAuth.
Determine what type of integration is most appropriate based on your integration requirements.
When migrating from Basic Auth, you typically implement either a Non-Interactive Integration or a User-Bound Integration.
Each user account associated with your integration must be linked to a Lobby account. For convenience, you may wish to link all your service user accounts to a single Lobby account.
You can do this by following the instructions at Create a Lobby account.
Alternatively, your Org Admin can do this by following the instructions at Creating Lobby Accounts for Existing Aconex Users.
Follow the steps to create an OAuth Client.
Oracle recommends that all integrations are first registered in the Early Access (EA) environment and thoroughly tested there before being registered in production.
The EA environment is like a test environment, in which you can register your test organization, create test users, test projects and test data.
It has a separate Lobby (EA Lobby) and you will register your integration separately in both EA and production, with different credentials for each.
Refer to Integrate with the Early Access Environment for more information on setting up your own test environment in EA.
Create an OAuth Client in EA and follow the steps below, first for EA and then for production.
Remove all the code associated with Basic Auth, including the setting of the Authorization header on Aconex API calls.
Add a call to the Lobby's token endpoint to retrieve an access token (see Implement OAuth for technical details).
Add the access token to all Aconex API calls in the Authorization header.
If the access token expires, make the same call to retrieve a new one.
Deploy and test your integration thoroughly.
