I am going through this step-by-step guide on uploading a file to BIM360 . I was wondering why, at the beginning, it says "Acquire 3-LeggedAuthentication" since all of the endpoints throughout are "user context optional" ?
Is it possible to use 2-Legged authentication?
UPDATE The short answer - a 3-legged token or a 2-legged token with user-impersonation can be used for uploading files to ACC or BIM360.
For automation, create a robot user account. This user will appear in the activity feed for audits.
Then, use either a 3-legged refresh token server, or use a 2-legged token with x-user-id. In either case, you will need to specify some kind of user identity.
Details When you upload a file, the UI and audit system, needs to know who it came from. Other collaborators, will see that the file originated from you (or your auth credentials) in the UI.
2-legged Auth, can do file uploads to BIM360/ACC, but only if the API has a special user-context... the x-user-id
This effectively acts like a 3-legged token, by moving the identity into the API header... ie. impersonating a user.
Here is an example upload API that supports user impersonation via the x-user-id field:
https://aps.autodesk.com/en/docs/data/v2/reference/http/projects-project_id-items-POST/#headers
and here is how to find the userID to impersonate, refer to this answer: Using the x-user-id in the c# forge package within the 2legged context
For the 2-legged approach, you will need to setup 2-legged BIM360 permissions with your clientID via the app integration settings or create an app on the App Store and add the app to your hub.