Maximo Open Forum

From IBM Maximo version 7.6.0.2 onwards, IBM has provided a new REST APIs. The new REST APIs for Maximo is a rewrite of the existing REST APIs that were released after Maximo Asset Management version 7.1. These new APIs are also known as REST/JSON APIs or OSLC APIs and provide multiple benefits.

Authentication of these APIs depends on the kind of deployment that has been done on Maximo. There are 2 kind of authentication which Maximo provides-

1. Maximo Native authentication
2. LDAP based authentication

LDAP based authentication can be subdivided further into 2 types of configuration-

a. Basic <login-config> based

b. Form <login-config> based

OSLC API Authentication for Maximo Native :

In System Properties if mxe.useAppServerSecurity=0 then Maximo uses Native authentication and validates user credentials from MAXUSER table in its DB schema.

For Native authentication enabled deployment, to access OSLC API, we have to pass the MAXAUTH parameter with API header and get the result. MAXAUTH is Base-64 encoded username: password combination.

Using MAXAUTH authentication will return JSESSIONID as Cookies which should be used to maintain sessions. This session id will ensure that Maximo doesn't open new connections and utilize the existing session. Tools like Postman automatically save these cookies and utilizes them for subsequent calls but it can be catch and pass programmatically as well.

OSLC API Authentication for LDAP based:

In System Properties if mxe.useAppServerSecurity=1 then Maximo uses LDAP authentication and validates user credentials from LDAP Directory configured in Websphere or Weblogic. Security settings are defined in web.xml files. We make changes to the web.xml file in each of the following directories:

• install_home/maximo/applications/maximouiweb
• install_home/maximo/applications/maxrestweb
• install_home/maximo/applications/mboweb
• install_home/maximo/applications/meaweb

In these files <login-config> section will have either FORM or BASIC login.

a. BASIC Authentication:

When Basic authentication is enabled then we have to pass Basic authentication and provide LDAP Maximo credentials.

When LDAP is enabled then API returns LtpaToken2 and JSESSIONID for session management.

b. FORM Authentication:

When Form-based authentication is enabled then we have to call first /maximo/j_security_check and pass j_username and j_password as params. Parameters j_username and j_password are nothing but the same user credentials which users use to login to Maximo.

This will provide Start Center page as response body and after making this call we have to make a call to subsequent APIs.

JSESSIONID, LTPA Token, and other cookies returned will be used to get data from subsequent APIs. In subsequent API, we have to pass j_username and j_password but users need to be mindful of that if we are not calling /j_security_check first and directly calling any other API, we'll not be getting any data as Cookies (LTPA Token) will not be available.

In case you have FORM-based authentication enabled on Maximo UI and you don't want to use the above method of calling first j_security_check and then calling subsequent APIs then you can use /maxrest context for authentication.

In your Maximo deployment, you can enable Form-based authentication on maximouiweb for Maximo UI and Basic authentication on /maxrest context for API calls. In IBM documentation, many places IBM has given /maximo/oslc/os as context to be used with OSLC API but we can utilize /maxrest/oslc/os context as well to get the same OSLC API's response.

Below are 2 system properties provided by IBM which you can utilize to change the context as required:

The blog has very good content. I am still confused between REST API and OSLC  integration. In Rest, we have two resource types either mbo/os. Also the resource response representation can either be XML/JSON. As we know, the default representation is xml, configured in system properties. 

I appreciate, if you could make one blog that show differences. 

Thank you

Pavan Uppalanchu

From IBM Maximo version 7.6.0.2 onwards, IBM has provided a new REST APIs. The new REST APIs for Maximo is a rewrite of the existing REST APIs that were released after Maximo Asset Management version 7.1. These new APIs are also known as REST/JSON APIs or OSLC APIs and provide multiple benefits.

Authentication of these APIs depends on the kind of deployment that has been done on Maximo. There are 2 kind of authentication which Maximo provides-

1. Maximo Native authentication
2. LDAP based authentication

LDAP based authentication can be subdivided further into 2 types of configuration-

a. Basic <login-config> based

b. Form <login-config> based

OSLC API Authentication for Maximo Native :

In System Properties if mxe.useAppServerSecurity=0 then Maximo uses Native authentication and validates user credentials from MAXUSER table in its DB schema.

For Native authentication enabled deployment, to access OSLC API, we have to pass the MAXAUTH parameter with API header and get the result. MAXAUTH is Base-64 encoded username: password combination.

Using MAXAUTH authentication will return JSESSIONID as Cookies which should be used to maintain sessions. This session id will ensure that Maximo doesn't open new connections and utilize the existing session. Tools like Postman automatically save these cookies and utilizes them for subsequent calls but it can be catch and pass programmatically as well.

OSLC API Authentication for LDAP based:

In System Properties if mxe.useAppServerSecurity=1 then Maximo uses LDAP authentication and validates user credentials from LDAP Directory configured in Websphere or Weblogic. Security settings are defined in web.xml files. We make changes to the web.xml file in each of the following directories:

• install_home/maximo/applications/maximouiweb
• install_home/maximo/applications/maxrestweb
• install_home/maximo/applications/mboweb
• install_home/maximo/applications/meaweb

In these files <login-config> section will have either FORM or BASIC login.

a. BASIC Authentication:

When Basic authentication is enabled then we have to pass Basic authentication and provide LDAP Maximo credentials.

When LDAP is enabled then API returns LtpaToken2 and JSESSIONID for session management.

b. FORM Authentication:

When Form-based authentication is enabled then we have to call first /maximo/j_security_check and pass j_username and j_password as params. Parameters j_username and j_password are nothing but the same user credentials which users use to login to Maximo.

This will provide Start Center page as response body and after making this call we have to make a call to subsequent APIs.

JSESSIONID, LTPA Token, and other cookies returned will be used to get data from subsequent APIs. In subsequent API, we have to pass j_username and j_password but users need to be mindful of that if we are not calling /j_security_check first and directly calling any other API, we'll not be getting any data as Cookies (LTPA Token) will not be available.

In case you have FORM-based authentication enabled on Maximo UI and you don't want to use the above method of calling first j_security_check and then calling subsequent APIs then you can use /maxrest context for authentication.

In your Maximo deployment, you can enable Form-based authentication on maximouiweb for Maximo UI and Basic authentication on /maxrest context for API calls. In IBM documentation, many places IBM has given /maximo/oslc/os as context to be used with OSLC API but we can utilize /maxrest/oslc/os context as well to get the same OSLC API's response.

Below are 2 system properties provided by IBM which you can utilize to change the context as required:

The legacy REST API (/maxrest) which had MBO & OS is no longer being enhanced. It's still currently supported if you identify an issue, but everyone should use the new JSON API for any new development (and potentially even consider rewriting older developments). There are so many different enhancements we have made and continue to make to the JSON API that it wouldn't be possible to list even a majority of them.

If you want JSON, CSV, XML, etc. you can do that with the JSON API. You can do bulk imports including asynchronously processing the messages. You have caching of related objects that you can control. You have support for formula or automation script-based attributes. The list goes on and on. 

The only thing you can do in the legacy REST API that you can't do with the JSON API is to send updates directly to a MBO. However, a lot of objects in Maximo won't support this. You can't retrieve or update a POLINE without having an owner object of PO for example. And with the security controls we require in MAS (and optionally can and should be enabled in 7.6.X), you need to map each mbo to a security application or object structure in order to be able to use it. 

The blog has very good content. I am still confused between REST API and OSLC  integration. In Rest, we have two resource types either mbo/os. Also the resource response representation can either be XML/JSON. As we know, the default representation is xml, configured in system properties. 

I appreciate, if you could make one blog that show differences. 

Thank you

Pavan Uppalanchu

From IBM Maximo version 7.6.0.2 onwards, IBM has provided a new REST APIs. The new REST APIs for Maximo is a rewrite of the existing REST APIs that were released after Maximo Asset Management version 7.1. These new APIs are also known as REST/JSON APIs or OSLC APIs and provide multiple benefits.

Authentication of these APIs depends on the kind of deployment that has been done on Maximo. There are 2 kind of authentication which Maximo provides-

1. Maximo Native authentication
2. LDAP based authentication

LDAP based authentication can be subdivided further into 2 types of configuration-

a. Basic <login-config> based

b. Form <login-config> based

OSLC API Authentication for Maximo Native :

In System Properties if mxe.useAppServerSecurity=0 then Maximo uses Native authentication and validates user credentials from MAXUSER table in its DB schema.

For Native authentication enabled deployment, to access OSLC API, we have to pass the MAXAUTH parameter with API header and get the result. MAXAUTH is Base-64 encoded username: password combination.

Using MAXAUTH authentication will return JSESSIONID as Cookies which should be used to maintain sessions. This session id will ensure that Maximo doesn't open new connections and utilize the existing session. Tools like Postman automatically save these cookies and utilizes them for subsequent calls but it can be catch and pass programmatically as well.

OSLC API Authentication for LDAP based:

In System Properties if mxe.useAppServerSecurity=1 then Maximo uses LDAP authentication and validates user credentials from LDAP Directory configured in Websphere or Weblogic. Security settings are defined in web.xml files. We make changes to the web.xml file in each of the following directories:

• install_home/maximo/applications/maximouiweb
• install_home/maximo/applications/maxrestweb
• install_home/maximo/applications/mboweb
• install_home/maximo/applications/meaweb

In these files <login-config> section will have either FORM or BASIC login.

a. BASIC Authentication:

When Basic authentication is enabled then we have to pass Basic authentication and provide LDAP Maximo credentials.

When LDAP is enabled then API returns LtpaToken2 and JSESSIONID for session management.

b. FORM Authentication:

When Form-based authentication is enabled then we have to call first /maximo/j_security_check and pass j_username and j_password as params. Parameters j_username and j_password are nothing but the same user credentials which users use to login to Maximo.

This will provide Start Center page as response body and after making this call we have to make a call to subsequent APIs.

JSESSIONID, LTPA Token, and other cookies returned will be used to get data from subsequent APIs. In subsequent API, we have to pass j_username and j_password but users need to be mindful of that if we are not calling /j_security_check first and directly calling any other API, we'll not be getting any data as Cookies (LTPA Token) will not be available.

In case you have FORM-based authentication enabled on Maximo UI and you don't want to use the above method of calling first j_security_check and then calling subsequent APIs then you can use /maxrest context for authentication.

In your Maximo deployment, you can enable Form-based authentication on maximouiweb for Maximo UI and Basic authentication on /maxrest context for API calls. In IBM documentation, many places IBM has given /maximo/oslc/os as context to be used with OSLC API but we can utilize /maxrest/oslc/os context as well to get the same OSLC API's response.

Below are 2 system properties provided by IBM which you can utilize to change the context as required:

The legacy REST API (/maxrest) which had MBO & OS is no longer being enhanced. It's still currently supported if you identify an issue, but everyone should use the new JSON API for any new development (and potentially even consider rewriting older developments). There are so many different enhancements we have made and continue to make to the JSON API that it wouldn't be possible to list even a majority of them.

If you want JSON, CSV, XML, etc. you can do that with the JSON API. You can do bulk imports including asynchronously processing the messages. You have caching of related objects that you can control. You have support for formula or automation script-based attributes. The list goes on and on. 

The only thing you can do in the legacy REST API that you can't do with the JSON API is to send updates directly to a MBO. However, a lot of objects in Maximo won't support this. You can't retrieve or update a POLINE without having an owner object of PO for example. And with the security controls we require in MAS (and optionally can and should be enabled in 7.6.X), you need to map each mbo to a security application or object structure in order to be able to use it. 

The blog has very good content. I am still confused between REST API and OSLC  integration. In Rest, we have two resource types either mbo/os. Also the resource response representation can either be XML/JSON. As we know, the default representation is xml, configured in system properties. 

I appreciate, if you could make one blog that show differences. 

Thank you

Pavan Uppalanchu

From IBM Maximo version 7.6.0.2 onwards, IBM has provided a new REST APIs. The new REST APIs for Maximo is a rewrite of the existing REST APIs that were released after Maximo Asset Management version 7.1. These new APIs are also known as REST/JSON APIs or OSLC APIs and provide multiple benefits.

Authentication of these APIs depends on the kind of deployment that has been done on Maximo. There are 2 kind of authentication which Maximo provides-

1. Maximo Native authentication
2. LDAP based authentication

LDAP based authentication can be subdivided further into 2 types of configuration-

a. Basic <login-config> based

b. Form <login-config> based

OSLC API Authentication for Maximo Native :

In System Properties if mxe.useAppServerSecurity=0 then Maximo uses Native authentication and validates user credentials from MAXUSER table in its DB schema.

For Native authentication enabled deployment, to access OSLC API, we have to pass the MAXAUTH parameter with API header and get the result. MAXAUTH is Base-64 encoded username: password combination.

Using MAXAUTH authentication will return JSESSIONID as Cookies which should be used to maintain sessions. This session id will ensure that Maximo doesn't open new connections and utilize the existing session. Tools like Postman automatically save these cookies and utilizes them for subsequent calls but it can be catch and pass programmatically as well.

OSLC API Authentication for LDAP based:

In System Properties if mxe.useAppServerSecurity=1 then Maximo uses LDAP authentication and validates user credentials from LDAP Directory configured in Websphere or Weblogic. Security settings are defined in web.xml files. We make changes to the web.xml file in each of the following directories:

• install_home/maximo/applications/maximouiweb
• install_home/maximo/applications/maxrestweb
• install_home/maximo/applications/mboweb
• install_home/maximo/applications/meaweb

In these files <login-config> section will have either FORM or BASIC login.

a. BASIC Authentication:

When Basic authentication is enabled then we have to pass Basic authentication and provide LDAP Maximo credentials.

When LDAP is enabled then API returns LtpaToken2 and JSESSIONID for session management.

b. FORM Authentication:

When Form-based authentication is enabled then we have to call first /maximo/j_security_check and pass j_username and j_password as params. Parameters j_username and j_password are nothing but the same user credentials which users use to login to Maximo.

This will provide Start Center page as response body and after making this call we have to make a call to subsequent APIs.

JSESSIONID, LTPA Token, and other cookies returned will be used to get data from subsequent APIs. In subsequent API, we have to pass j_username and j_password but users need to be mindful of that if we are not calling /j_security_check first and directly calling any other API, we'll not be getting any data as Cookies (LTPA Token) will not be available.

In case you have FORM-based authentication enabled on Maximo UI and you don't want to use the above method of calling first j_security_check and then calling subsequent APIs then you can use /maxrest context for authentication.

In your Maximo deployment, you can enable Form-based authentication on maximouiweb for Maximo UI and Basic authentication on /maxrest context for API calls. In IBM documentation, many places IBM has given /maximo/oslc/os as context to be used with OSLC API but we can utilize /maxrest/oslc/os context as well to get the same OSLC API's response.

Below are 2 system properties provided by IBM which you can utilize to change the context as required: