Rest API


	This chapter describes various REST API endpoints to perform all types of ingestion and the procedure to ingest integrated and automated metadata from a JSON file.

Authenticating REST APIs

All the REST APIs can be authenticated against access token or bearer token. There are two ways of getting the access token:

Using username and password combination

Base64 encode a string made up of your username and password, in the format <username>:<password>.
To generate the access token, make an API call to GET: /v3/security/authenticate with the authorization header. For example, header-key: Authorization header-value: Basic dGVzdEBpbmZvd29ya3MuaW86dGVzdHBhc3N3b3Jk

NOTE To use your own scripts, check for appropriate functions to pass the basic authentication.

Most of the libraries used to call Rest API have an in-built base64 encoding which takes username and password, and generates base64 encoded string. For example, python requests have an authentication function to pass username and password.

 Sample code 
    
xxxxxxxxxx
 
requests.get('https://infoworks.io/v3/security/authenticate', auth=('username', 'password'))
Copy

In response to the API call, a bearer token is received at result.authentication_token. These tokens are short lived (valid for 15 minutes by default, but are configurable), and can be used in subsequent REST API calls.

 Sample code 
    
xxxxxxxxxx
 
{  "message": "Authentication Success",   "result": {       "authentication_token": "eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MzI0ODkxMjEsInN1YiI6IntcbiAgXCJlbWFpbFwiIDogXCJhZG1pbkBpbmZvd29ya3MuaW9cIixcbiAgXCJzY29wZVwiIDoge1xuICAgIFwiYWN0aW9uXCIgOiBcInJlZnJlc2hfdG9rZW5cIlxuICB9XG59IiwianRpIjoiNTI1YWJkZjEtOTM3OC00NTU0LWIwZTYtMDk3NGEyYmY2NzI1IiwiZXhwIjoxNjMyNDkwMDIxfQ.wZ_etS_HbokTRfdT_1aP3TgPZYAAxEBNRYiiMw0cAos",       "is_authenticated": true   }}
Copy

NOTE The username and password combination cannot be used for SAML authentication.

Using Refresh token

The refresh tokens are generally valid for longer duration. To get refresh token, follow the steps below:

In Infoworks, navigate to My Profile > Settings, and copy the refresh token from the Refresh Token section.

To generate the access token, make an API call to GET: /v3/security/token/access with the authorization header. For example, header-key: Authorization header-value: Basic 5XgEBU521UyjOZzVCuHuBGt8WXdSQENdniX9Aqcq8AnFYxxPiMg9tITp6HyIan2ppDuuXTI5K63AceUULZvHRXdikUBHUc9hJjVC
In response to the API call, a bearer token is received at result.authentication_token. These tokens are short lived (valid for 15 minutes by default, but are configurable), and can be used in subsequent REST API calls.

NOTE The refresh tokens can be used for any authentication mechanism.

Refer: Infoworks Rest API V3API.

Last updated by Monika Momaya on Jun 4, 2025

Was this page helpful?