Support Central
Aconex provides a comprehensive suite of APIs for developers looking to integrate enterprise software applications or develop custom integrations that exchange data with Aconex.
All Aconex APIs are RESTful and comply with standards such as HTTPS, XML and JSON. Developers intending to integrate with Aconex APIs should be familiar with these standards.
All integrations with Aconex must be registered. See below in Implement an Aconex API Integration.
All Aconex APIs comply with security standards, as described below in API Security.
Oracle Aconex API Terms and Conditions apply to all Aconex API integrations.
Aconex supports the following integration personas. The process to register an Aconex integration is different for each persona:
Oracle Aconex Customer (Customer)
Oracle Aconex Customers are paying or non-paying organizations that have an active Aconex organization and user accounts for their employees who use Aconex for their daily project management activities. Customer integrations are built for internal use by the Customer and their employees.
Oracle Technology Partner (Partner)
Oracle Technology Partners are vendors that have registered with the Oracle PartnerNetwork (OPN) and who deliver, or intend to deliver, solutions to Oracle Aconex Customers. Partners build integrations between Aconex and their own software application (or another software application, with approval from the other party) with the intention of entering a commercial arrangement with Oracle Aconex Customers. Partner integrations can be published for use by Oracle Aconex Customers and their employees.
If you represent an Independent Software Vendor (ISV) or System Integrator (SI) who is building an integration:
All requests to Aconex APIs must be made using HTTPS on port 443. Any requests which are not performed over an encrypted channel will be rejected.
Aconex APIs are stateless, meaning the caller must provide valid user credentials (or a token representing an authenticated user) as part of every request.
The user's account must be active and the user must have access to the data being accessed.
Two methods of user authentication are supported when calling Aconex APIs:
Open Authorization (OAuth)
The OAuth 2.0 authorization framework enables a third-party application to obtain access to secured APIs based on authorization provided by an authenticated user.
The Oracle Construction and Engineering Lobby (or "Lobby" for short), provides an OAuth 2.0 implementation for all Oracle Smart Construction Platform applications, including Aconex. This implementation is sometimes referred to as "Lobby OAuth".
OAuth is the preferred method for user authentication when calling Aconex APIs, as it provides the highest level of security by making use of an access token to identify the authenticated user.
See Implement OAuth for more detailed information about how to implement SCP OAuth to integrate with Aconex APIs.
Basic Authentication (Basic Auth)
Basic Authentication is a simple approach used to identify an authenticated user that requires both the username and password to be specified every time an API is accessed.
Basic Auth is supported by Aconex APIs, but is not recommended due to the low level of security in this approach. Basic Auth does not support Two-Step Verification (2SV) or Single Sign-On (SSO) user accounts.
See Implement Basic Authentication for more detailed information about using Basic Auth to integrate with Aconex APIs.
Note: Oracle strongly recommends the use of OAuth over Basic Auth due to the much higher level of security provided by OAuth 2.0.
Legacy OAuth is supported on US High Compliance instances.
See the Legacy OAuth Developer Guide if you need to support a Legacy OAuth integration.
Some Customers and Partners have integrated with Aconex Cost APIs using Legacy Cost API User Tokens, which are deprecated in commercial Aconex environments. Legacy Cost API User Tokens will be supported until further notice, but new integrations with Cost APIs should be implemented using OAuth.
See Accessing Cost Data with APIs for more information about accessing Aconex Cost APIs.
Every integration with Aconex APIs must be registered with Oracle and you will receive credentials that will be used to uniquely identify the integration.
Your first step is to determine what API Security method you wish to use, as the registration steps are different for each method.
Read Implement OAuth and Implement Basic Authentication to learn more about each method.
If you are still unsure, contact Oracle Support.
Customers have two options for testing their integrations before enabling them in production on their live projects:
Oracle recommends that you complete all your integration testing in the Early Access Environment before connecting to production.
Taking this approach, your integration journey would be:
Otherwise, you could:
You can find API Developer Guides at REST API Documentation.
Oracle Technology Partners must join the Oracle PartnerNetwork and complete their testing in the Early Access (EA) environment before publishing to production. Having published your integration, it will be available to all users.
Your integration journey will be:
You can find API Developer Guides at REST API Documentation.
Aconex APIs support versioning and an API request or request content may be different depending on the version used.
The version used is specified in the request headers and Version 1 is used by default (if no header is specified).
Versioning is used to avoid breaking changes in the APIs, allowing developers time to migrate to a new version at their own pace. Eventually, older versions will be deprecated and finally removed.
Each API module (Mail, Documents, Projects, etc.) has its own version.
The version requested for GET and PUT requests is specified in the “Accept” header, per the table below.
The version used for POST requests is specified in the “Content-Type” header. The “Content-Type” value for the entire payload must be “multipart/mixed”. The “Content-Type” for the XML part contains the version value in table below and the header must be specified directly on the next line after the boundary identifier and after the header there must be an empty line before the XML payload.
Sample GET or PUT Mail API accept header for version 2:
Accept: application/vnd.aconex.mail.v2+xml
Sample POST Mail API content-type for version 2:
... ------------------------------8d314ec2031d2eb Content-Type: application/vnd.aconex.mail.v2+xml ...
| Group | Version | Value | |
|---|---|---|---|
| 1 | None or "application/xml" | Default | |
| 2 | "application/vnd.aconex.mail.v2+xml" | - | |
| 3 | "application/vnd.aconex.mail.v3+xml" | - | |
| Document | 1 | None or "application/xml" | Default |
| Directory | 1 | None or "application/xml" | Default |
| Projects | 1 | None or "application/xml" | Default |
| Tasks | 1 | None or "application/xml" | Default |
Aconex APIs may return error codes that must be handled appropriately. An error may be returned due to an incorrect request structure, a login failure, or internal system error.
All error responses have the same structure as shown in the example below (an exception would be the consolidated validation error response provided by version 3 of the mail creation APIs).
<?xml version="1.0" encoding="UTF-8"?> <Error> <ErrorCode>CANNOT_SUPERSEDE_LOCKED_DOCUMENT</ErrorCode> <ErrorDescription>Cannot supersede document 6590 which is locked</ErrorDescription> <RequestID>g5g8l8dk</RequestID> <SystemTime>2010-02-09T16:13:44.208+11:00</SystemTime> </Error>
Each error response will contain:
It should also be noted that while an error description is provided to end users in the error response, it is not necessarily intended for display to clients who are using your third party application. Some of the error descriptions may be of a technical nature. Use the error code, along with the context of the operation, to devise a user friendly error message to end users who make use of your application.
While many errors are unique to individual API services, below is a list of errors that are common and can occur across all API services for all requests and should be handled appropriately.
|
Error Code
|
Error description
|
HTTP Status Code
|
|---|---|---|
| LOGIN_FAILED | The login credentials provided failed the validation process | 400 |
| ACCESS_FAILED_FOR_ORG | The organization of the user performing the request has not been provided with access to the Web Services API | 400 |
| ACCESS_FAILED_FOR_PROJECT | The user performing the request has not been provided with access to the Web Services API on the specified project | 400 |
| API_NOT_ENABLED_FOR_PROJECT | API key is missing in request or The Web Services API has not been enabled for the project specified | 400 |
| PROJECT_DISCONNECTED | The project specified in the request has been disconnected | 400 |
| PROJECT_NOT_ACTIVE | The project specified in the request has been de-activated | 400 |
| ACCESS_FAILED_FOR_USER | The user performing the request has not been provided with access to the Web Services API | 400 |
| USER_NOT_ON_PROJECT | The user performing the request is not on the specified project | 400 |
| USER_ACCOUNT_LOCKED | The user performing the request has had their account locked | 400 |
| USER_ACCOUNT_DISABLED | The user performing the request has had their account disabled | 400 |
| USER_PASSWORD_EXPIRED | The user's password has expired and needs to be reset | 400 |
| USER_PASSWORD_RESET | The user's password has been manually reset by an admin | 400 |
| NO_SUITABLE_AUTHENTICATION_METHOD | No suitable authentication method was found in the request, i.e. basic authentication headers were not present | 400 |
| TWO_STEP_VERIFICATION_REQUIRED_ FOR_ACCESS | User requires 2-step verification to access Aconex | 403 |
| SSO_REQUIRED_FOR_ACCESS | User requires SSO to login | 403 |
|
Error Code
|
Error description
|
HTTP Status Code
|
|---|---|---|
| INTERNAL_ERROR | An internal system error has occurred which was not expected | 500 |
| INVALID_PARAMETER_VALUE | A value provided for one of the query or path parameters was not valid | 400 |
| OPERATION_DEPRECATED | The version of this operation is no longer available | 405 |
| OPERATION_NOT_SUPPORTED | The operation targeted by the request could not be found | 405 |
| PROJECT_NOT_FOUND | The project specified in the path of the request was not found | 400 |
| UNEXPECTED_PARAMETER | A parameter provided in the request was not expected by the service being targeted | 400 |
An INTERNAL_ERROR may be returned by the system for a valid request. If this occurs, please contact Oracle Support and provide the following details to allow an investigation into the cause to be completed:
There are reasonable limits which apply to both volume and frequency of requests an API caller can make using Aconex web services. These limits have been put in place to ensure the quality of service is maintained for all, especially users of the Aconex web interface. The limits applied to Aconex API are based on the following conditions:
|
Error Code
|
Description
|
HTTP Status Code
|
|---|---|---|
| CONCURRENCY_THROTTLE_LIMIT_REACHED | The maximum number of concurrent requests the user can perform has been reached. | 503 |
| MAX_FREQUENCY_THROTTLE_LIMIT_REACHED | The frequency at which you are making requests to the web services API has exceeded the limit imposed by the server. You should make requests less frequently. | 503 |
More information about performance throttling on Aconex APIs can be found at Aconex web services performance throttling.
Character encoding
Character encoding used in Aconex web services is UTF-8, both for request and response messages. Invalid input will be rejected.
Multi-lingual content
Content is returned in the format provided by end users without any language identification, therefore your application should use this content 'as is'.
Localization
It is possible to get some of the data returned by the web services based on locales supported by Aconex. Aconex web services will currently return data in the locale specified by the user's preferences. Currently there is no ability to request the locale to use with the request.
If you have a technical support query relating to Aconex web services, please contact Oracle Support.
