Forge App and BIM 360 custom integration correct approach
Question
We are working on a web application that connects to BIM360 using 3-Legged authentication. We have created an app in Autodesk Forge that users can connect through a BIM360 Custom Integration.
We are considering using 1 Forge application with multiple BIM360 Custom Integrations, but we are not sure if this is the best approach. The alternative is to have 1 Forge app per BIM360 custom integration.
Our main concern is data security. We think this approach is correct, but we would like to check with you and get your thoughts. Is this a safe and correct way to implement this authentication workflow in this type of scenario?
I would appreciate any guidance based on your experience.
1 answers
solution1
0 2023-01-06 20:20:41
You can use both approaches.
With one app for each BIM 360/ACC hub, the apps would be completely isolated, though it will require extra work to manage all of them individually. Currently, we don't have API to handle apps creation or activation/deactivation of services. Even with one app for each hub, you'll still need to ensure you're not exposing too much data to the wrong user. That can be avoided by using the 3-legged authentication.
With one app for many hubs, you can ensure the users are accessing only their data by limiting your application to always use 3-Legged authentication.
You can refer to the blog posts below for recommendations:
https://aps.autodesk.com/blog/security-recommendations-bim-360-app-developers
https://aps.autodesk.com/blog/security-recommendations-bim-360-app-developers-select-account
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.