Authentication

The XML API and SOAP API support the following authentication methods:

• OAuth 2.0 access token – You can use the Auth (XML API) or use a session header [SessionHeader] (SOAP API) to send the OAuth 2.0 access token [access_token] with each request. See OAuth 2.0 Access Token Authentication.

  Note:

  You should use authentication by OAuth 2.0 bearer token instead of password or client session ID where possible. OAuth2. 0 access token authentication is a more secure and reliable way to access data than other supported authentication methods. Integration applications must be registered in SuiteProjects Pro to use the REST API to access SuiteProjects Pro data, and users must give the application explicit permission to access SuiteProjects Pro on their behalf. For more information about OAuth 2.0, see OAuth 2.0 for Integration Applications Developers.

  When using an OAuth 2.0 access token to authenticate API requests, the API uses cached filter set information —information about objects which the authenticated user can access according to the filter set assigned to that user— to optimize performance. By default, read requests using a valid access token do not include objects created after the access token was issued, even if the user can access the new objects in the UI. If new objects are expected, you can clear and regenerate the cached filter set information by using the clear_filter_cache attribute in your request. See Read Attributes.

• Password – You can use the Auth (XML API) or login() (SOAP API) command and pass user credentials (Company ID, User ID and Password). The login() (SOAP API) command starts a client session and returns a unique client session identifier that can be used to make subsequent calls. See Password Authentication.

• Client session ID – (SOAP API only) The login() (SOAP API) command starts a client session and returns a unique client session identifier [sessionId]. You can use a session header [SessionHeader] (SOAP API) to send this client session ID for subsequent calls to the SOAP API until the session expires or is ended for the authenticated user by a logout() call.

  Sessions expire automatically after a predetermined length of inactivity, which can be configured in the SuiteProjects Pro UI. See Session Timeout.

The login() (SOAP API) command also returns a URL for the active SuiteProjects Pro UI session for the authenticated user. With the XML API, you can use the RemoteAuth command to obtain a URL for the active SuiteProjects Pro UI session for the authenticated user.