👉🏼 A Comprehensive Response on Apache Log4J Vulnerabilities 👈🏼

If your organization has not addressed the Apache Log4J Vulnerabilities in Adept or if you are not sure if this has been addressed, please read the following post with our comprehensive response on Apache Log4J Vulnerabilities .
Register for "The Adept FALL '22 Release" webinar on September 14 at 2:00pm EDT (alternate times are available).

Save Your Spot at this link:
Save my Spot.

Example WEBAPI Access

BCranstonBCranston Forum Moderator Posts: 46 Moderator
I'm not an API guy (yet) so forgive me if my terminology is off. The Adept WEBAPI is documented in parallel on your Adept Web Client server.

As an example, this link should let you query your Adept server based on a field search criteria.

I enter search criteria I expect should return results but it fails because I don't have an authorization token.  Where or how do I get one?  Should this even work?



  • ElaineWElaineW Synergis Employees, Deactivated Accounts Posts: 12 Synergis Employee

    Here is some information that should help. 

    The page displayed when a user browses to http://localhost/synergis.webapi/swagger/ui/... Is a part of a self-documenting framework called Swagger that we use to display the WebAPI object model. We’ve used the framework as it’s provided without much modification and some of the “out of the box” features and buttons on the interior pages are not implemented. It’s best used as a point of reference at this time.


    Specifically as it relates to issuing commands and logging in, The WebAPI, which powers the Web Client as well as the new class of 2018 Task Panes (currently as of the 2018 release, the SOLIDWORKS 2018 Task Pane) require a mechanism to first login in and then gain an access token that is regularly refreshed – this is an important aspect of application security in the new architecture. In order for any WebAPI search to be successful, the issuer must have a valid token and it must be regularly refreshed. The error is being displayed because one or both of these conditions is not true. The token referred to is called a Bearer Token, and has to be acquired by successfully logging in to the Adept WebAPI. The Bearer Token is returned as data from the WebAPI Login call and that token must be passed in along with any subsequent WebAPI calls. This mechanism protects the Adept Web Server from unauthorized access.


    A search request issued from this page is unlikely to be successful at this time, especially since tokens must be refreshed at regular intervals measured in seconds. We encourage our customers that want to get a deeper understanding of developing applications using the WebAPI to participate in an API Training class, it will help tremendously in their understanding of how this and other mechanisms in the new architecture work.

  • jtomejtome Deactivated Accounts Posts: 18
    Are tokens issued by Adept or by Microsoft (AD)?
    James Tome
  • ToddCummingsToddCummings Staff Moderator, Synergis Employees Posts: 15 Synergis Employee
    Access tokens and refresh tokens are issued by the security subsystem implemented in the WebAPI, which is OAUTH.
Sign In or Register to comment.