Forge App and BIM 360 custom integration correct approach

Question

We are working on a web application that connects to BIM360 using 3-Legged authentication. We have created an app in Autodesk Forge that users can connect through a BIM360 Custom Integration.

We are considering using 1 Forge application with multiple BIM360 Custom Integrations, but we are not sure if this is the best approach. The alternative is to have 1 Forge app per BIM360 custom integration.

Our main concern is data security. We think this approach is correct, but we would like to check with you and get your thoughts. Is this a safe and correct way to implement this authentication workflow in this type of scenario?

I would appreciate any guidance based on your experience.

score 0 · Accepted Answer · answered Jan 06 '23 at 20:20

You can use both approaches.

With one app for each BIM 360/ACC hub, the apps would be completely isolated, though it will require extra work to manage all of them individually. Currently, we don't have API to handle apps creation or activation/deactivation of services. Even with one app for each hub, you'll still need to ensure you're not exposing too much data to the wrong user. That can be avoided by using the 3-legged authentication.

With one app for many hubs, you can ensure the users are accessing only their data by limiting your application to always use 3-Legged authentication.

You can refer to the blog posts below for recommendations:

https://aps.autodesk.com/blog/security-recommendations-bim-360-app-developers

https://aps.autodesk.com/blog/security-recommendations-bim-360-app-developers-select-account

Thanks, João, this has clarified the doubts I had. – Francisco Possetto Jan 12 '23 at 14:06 — Francisco Possetto, Jan 12 '23 at 14:06

Forge App and BIM 360 custom integration correct approach

1 Answers1