topic Re: How to send token for external API Service usage from JSP in Windchill Customization

How to send token for external API Service usage from JSP

PGLeduc — Wed, 21 Jan 2026 21:48:18 GMT

Hello,
I'm currently implementing an LLM chat box for Windchill 13.0 and need a secure solution to send a key to an outside service, which will be saved in the session and used to query the Windchill API to gather data. Security context is important, so I need to send a key for the current user. For example, I'm currently sending the wcadmin bearer token for testing purposes.
The code for the chat box is in a JSP file, so I need to be able to fetch the key from that context.

Thanks!

Re: How to send token for external API Service usage from JSP

Fadel — Thu, 22 Jan 2026 09:48:48 GMT

use the wrscaller to run WRS and then use

<Server>/Windchill/servlet/odata/v5/PTC/GetCSRFToken()

Re: How to send token for external API Service usage from JSP

PGLeduc — Thu, 12 Feb 2026 15:04:30 GMT

Hello Fadel,

Thanks for the reply! My situation has changed a bit since this post, so let me recapitulate:

First, I don't need a CSRFToken, as I only do GET queries, to get documents, parts, usage, etc...

Secondly, I need a way to have a 3rd party service (in this case a Pinecone LLM chat app) to query the Windchill API with the good security context. For this reason, I've implemented SSO (with Shibboleth) and need to be able to send a query to the API with the same authentication as the SSO session. During my latest tests, whenever I use "Authorization: Bearer <entra token>" in my HTTP headers, the API returns the HTML landing page for Shibboleth, which normally redirects to Entra. Is there a way to configure Windchill/Apache to check for the token and return the correct JSON instead of HTML?

Thank you,

Philippe

Re: How to send token for external API Service usage from JSP

Fadel — Wed, 11 Mar 2026 08:19:05 GMT

I did some searches and coun't find much info , you can raise an SSO case ,my colleagues will be glad to assist you furher