Start a topic
With the exception of Windchill, The PTC Community is on read-only status until April 6 in preparation for moving our community to a new platform. Learn more here
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The PTC Community is on temporary read only status in preparation for moving our community to a new platform. Learn more here

Translate the entire conversation x

How to send token for external API Service usage from JSP

PGLeduc
4-Participant
4-Participant
‎Jan 21, 2026 04:48 PM
‎Jan 21, 2026 04:48 PM

How to send token for external API Service usage from JSP

Hello,
I'm currently implementing an LLM chat box for Windchill 13.0 and need a secure solution to send a key to an outside service, which will be saved in the session and used to query the Windchill API to gather data. Security context is important, so I need to send a key for the current user. For example, I'm currently sending the wcadmin bearer token for testing purposes.
The code for the chat box is in a JSP file, so I need to be able to fetch the key from that context.

Thanks!

Labels:
0 Kudos
Notify Moderator
3 REPLIES 3
Fadel
23-Emerald I
23-Emerald I
(To:PGLeduc)
‎Jan 22, 2026 04:48 AM
‎Jan 22, 2026 04:48 AM

use the wrscaller to run WRS and then use 

<Server>/Windchill/servlet/odata/v5/PTC/GetCSRFToken()

 

Fede
0 Kudos
Notify Moderator
PGLeduc
4-Participant
4-Participant
(To:Fadel)
‎Feb 12, 2026 10:04 AM
‎Feb 12, 2026 10:04 AM

Hello Fadel,

 

Thanks for the reply! My situation has changed a bit since this post, so let me recapitulate:

 

First, I don't need a CSRFToken, as I only do GET queries, to get documents, parts, usage, etc...

Secondly, I need a way to have a 3rd party service (in this case a Pinecone LLM chat app) to query the Windchill API with the good security context. For this reason, I've implemented SSO (with Shibboleth) and need to be able to send a query to the API with the same authentication as the SSO session. During my latest tests, whenever I use "Authorization: Bearer <entra token>" in my HTTP headers, the API returns the HTML landing page for Shibboleth, which normally redirects to Entra. Is there a way to configure Windchill/Apache to check for the token and return the correct JSON instead of HTML?

 

Thank you,

Philippe

0 Kudos
Notify Moderator
Fadel
23-Emerald I
23-Emerald I
(To:PGLeduc)
‎Mar 11, 2026 04:19 AM
‎Mar 11, 2026 04:19 AM

I did some searches and coun't find much info , you can raise an SSO case ,my colleagues will be glad to assist you furher 

Fede
0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags