Authorization - Intergraph Smart Completions - Intergraph Smart Completions Update 17 - Customization & Programming - Hexagon

Intergraph Smart Completions Smart API Programmer's Getting Started Guide (5.3.17)

Intergraph Smart Completions
Search by Category
Customization & Programming
Smart Completions Version

The roles and rights must be added for users (based on the manager role) for accessing the Smart API.

The following image is a representation of the configuration parameters (using a REST client) for authorization using PKCE.


  • This applies to all identity providers (IdPs), such as Smart Completions authentication server, Smart API Manager, Okta, or Azure AD.

  • To get an access token using Smart Completions authentication server as the IdP, see Using Postman.

The following table lists the parameters involved in the OAuth 2.0 authorization process when using the Proof Key for Code Exchange (PKCE) authorization flow.




Grant Type


Represents the authorization_code for the authorization code flow.

Callback URL


The redirect_uri of your app, where authentication responses can be sent and received by your app.

It must exactly match one of the redirect URIs registered in the identity provider, except it must be URL-encoded.

Auth URL


The endpoint for Smart Completions authentication server to retrieve the authorization code.

Access Token URL


Smart Completions authentication server to exchange an authorization code for an access token.

Client Id


The ID assigned to your application by the IdP.

Client Secret


The application secret that you created in the app registration portal for your app.

Code Challenge Method

Recommended/ Required

The method used to encode the code_verifier for the code_challenge parameter. This must be SHA256, but the specification allows the use of plain, if the client cannot support SHA256.

Code Verifier


Indicates the same code_verifier that was used to obtain the authorization code. Automatically generated when undefined.



A space-separated list of scopes. The scopes must all be from a single resource, along with OIDC scopes (profile, openid, email).

  • This value allows your app to get consent for multiple web APIs you want to call.

  • This parameter is a Microsoft extension to the authorization code flow, intended to allow apps to declare the resource they want the token during token redemption.



A value included in the request which is also returned in the token response. It can be a string of any content that you wish.

  • A randomly generated unique value is typically used for preventing cross-site request forgery attacks.

  • The value can also encode information about the user's state within your application before the authentication request occurred.

An access token is a long string of characters, for example: