I would use the /maximo/api (the /maximo/oslc API without security constraints) instead of the legacy /maxrest/rest API. But if you want to use API keys with the legacy maxrest you would have to comment out the security constraints in the web.xml for the applications\maximo\maxrestweb\webmodule\WEB-INF. We didn't always support API keys for the MAXREST but I think we had added by 7.6.1.2. When we first added API keys it was only for the new API (/maximo/oslc) and then we started adding it to the other web services.
The reason you can't authenticate with an API key when you have the security constraints is the security constraints tell WebSphere to handle authentication but the API keys are specific to Maximo. By removing the security constraints, WebSphere won't try to authenticate the request and allows the request to make it to Maximo so that it can validate the API key.
------------------------------
Steven Shull
------------------------------
Original Message:
Sent: Thu August 17, 2023 03:36 AM
From: sivageetha gudivada
Subject: Will Maximo REST api service get authenticate with apikey to the Maximo SAML SSO enabled application
Hi All,
We have implemented SAML based sso in our maximo application(7.6.1.2) and installed workcenter also, we generated the apikeys for few users, we have rest api urls which are working initially with the basic authentication (with username and pwd) , we are trying to get the response for the REST api service with the apikey authentication from the sso enabled maximo application, it is giving 401 saml unauthorized error from postman, Want to understand if the rest api service will not or will work with apikey and will they get authenticate to the sso enabled maximo and get the response, Your comments and answers help us.
------------------------------
sivageetha gudivada
------------------------------
#Maximo
#MaximoEAM