Windchill Risk and Reliability REST Services > Windchill Risk and Reliability REST Services Framework Capabilities > Authorization support for Windchill Risk and Reliability REST Services
Authorization support for Windchill Risk and Reliability REST Services
Windchill Risk and Reliability REST Services supports three types of authorization:
Basic Auth
No Auth
OAuth 2.0
Using OAuth 2.0 to Single Sign-On in Windchill Risk and Reliability REST Services
Prerequisite
To enable Single Sign-On for Windchill Risk and Reliability REST Services,
In appsettings.config file, add the following key-value pairs.
<add key="checkTokenEndpointUrl" value="<<PingFed OAuth token validation URL>>"/>
<add key="Client_Id" value="<<client ID created at pingFed side for OAuth setting>>"/>
<add key="Client_Secret" value="<<client secret created at pingFed side for above client ID >>"/>
<add key="Scope" value="WRR_READ"/>
Example:
<add key="checkTokenEndpointUrl" value="https://server1.ptcnet.ptc.com:9031/as/introspect.oauth2?grant_type=urn:pingidentity.com:oauth2:grant_type:validate_bearer"/>
<add key="Client_Id" value="wrr-client-id"/>
<add key="Client_Secret" value="wrr-client-secret"/>
<add key="Scope" value="WRR_READ"/>
To use Single Sign-On for Windchill Risk and Reliability REST Services, do the following:
1. In the application used to access Windchill Risk and Reliability REST Services, under the Authorization header:
a. Select Type as OAuth 2.0.
b. Click Get New Access Token.
2. In the Sign On window, enter your USERNAME and PASSWORD.
3. Click Sign On.
4. In the Request for Approval window, select WRR SCOPE and click Allow.
5. A token is generated and can be used for authorization. This token is used as bearer token in the Headers.
* 
If the user is part of multiple groups, enter the GroupName parameter in the Headers.