Maximo Open Forum

 View Only

 Postman settings and prerequisites to query the from MAS 9 latest version using Legacy Rest API call

Jump to  Best Answer
  • Integrations
chidambar shastry's profile image
chidambar shastry posted 04-27-2025 00:45

Hi All,

Did any one used the legacy Rest API in MAS 9 to query the data using context /mxrest/rest/os ?.  We are using MAS9 with SAML authentication enabled have a requirement to query the work order data from MAS using with legacy Rest API which exists in t he Maximo 7.1 with the context as /maxrest/rest/os from Rest API Url.

I have configured the mxe.rest.webappurl as https://hostname/maxrest/rest/os in system property  but my response always redirecting to the MAS SAML login page for any request being sent to MAS 9.

I have passed apikey as parameter in query url and also tried by using as header from Authorization tab of postman. but every time response being SAML login page and getting HTTP 200.

I have used Query url from postman as example: https://hostname/maxrest/rest/os/MXWO?apikey= value&lean=1. set the required headers in postman also.

 thanks in advance.

Steven Shull's profile image
Steven Shull posted 04-28-2025 09:44  Best Answer

If you want to continue to use the legacy 7.1/7.5 REST API with API key, you will use /maximo/restapi/os/MXWO instead of the /maxrest context. It is worth mentioning that while there are no plans to remove it, there are no plans to enhance it either. It is recommended that all new development is on the newer REST API (/maximo/api/os/MXWO) as that has significantly more features and is being continually enhanced. 

chidambar shastry's profile image
chidambar shastry posted 04-29-2025 14:48

Hi Steve,

Thanks I have other question can we still query the data directly from mbo with other alternate way  without use of  http://host/maxrest/rest/os/mxasset  like previous versions of maximo which uses http://host/maxrest/rest/mbo/1?  

Steven Shull's profile image
Steven Shull posted 04-29-2025 19:06

Yes, the /maximo/restapi/mbo approach is still available but due to the changes to the security model in MAS, it requires additional configuration. In 7.6 the object structure security (system property mxe.int.enableosauth) was optional. In MAS we enable this by default and is prevented from being changed in the UI due to the significant security risk it poses. 

Previously, any user with credentials to the system could access any object structure through the integration framework. And with the legacy REST API, that also included every MBO even if there wasn't an object structure defined for it. Imagine a self-service user being able to retrieve your system properties, endpoint details, and other sensitive data.

If you want to use the legacy MBO option for the REST API, you need to go to the Object Structures application and use the Object Application Authorization action. That dialog will enable you to associate an application (or object structure) security permission to that MBO. Then if you have that security you can make the requests against it. This prevents every MBO being exposed to every user. 

chidambar shastry's profile image
chidambar shastry posted 04-29-2025 20:13

Thanks Steve.

Related Content