Authentication

The XML API and SOAP API support the following authentication methods:

• OAuth 2.0 access token – You can use the Auth (XML API) or use a session header [SessionHeader] (SOAP API) to send the OAuth 2.0 access token [access_token] with each request. See OAuth 2.0 Access Token Authentication.

  Note:

  You should use authentication by OAuth 2.0 bearer token instead of password or client session ID where possible. OAuth2. 0 access token authentication is a more secure and reliable way to access data than other supported authentication methods. Integration applications must be registered in SuiteProjects Pro to use the REST API to access SuiteProjects Pro data, and users must give the application explicit permission to access SuiteProjects Pro on their behalf.

  For more information about OAuth 2.0, see OAuth 2.0 for Integration Applications Developers.

• Password – You can use the Auth (XML API) or login() (SOAP API) command and pass user credentials (Company ID, User ID and Password). The login() (SOAP API) command starts a client session and returns a unique client session identifier that can be used to make subsequent calls. See Password Authentication.

• Client session ID – (SOAP API only) The login() (SOAP API) command starts a client session and returns a unique client session identifier [sessionId]. You can use a session header [SessionHeader] (SOAP API) to send this client session ID for subsequent calls to the SOAP API until the session expires or is ended for the authenticated user by a logout() call.

  Sessions expire automatically after a predetermined length of inactivity, which can be configured in the SuiteProjects Pro UI. See Session Timeout.

The login() (SOAP API) command also returns a URL for the active SuiteProjects Pro UI session for the authenticated user. With the XML API, you can use the RemoteAuth command to obtain a URL for the active SuiteProjects Pro UI session for the authenticated user.