2 Replies Latest reply on Aug 4, 2015 1:02 PM by CiaranDennehy20

    PI Web API Access


      Hi All,


      I am wondering if it is possible to have two instances of the PI Web API running concurrently against a collective/single instance(s) of PI DA and PI AF?

      This is in order to have a coresight server within an internal network to provide its functionality to intranet sites (with the Web API service running in support on the same server, which is done by default on installation of coresight), and to have an additional Web API within the DMZ to provide some access externally to the PI system. More than likely this would be GET/OPTIONS requests initially, with the intention to perform some POST/PUT requests on PI points/AF attributes.


      I understand the security issues which will need to be addressed to lock this all down, however I am wondering form a purely Network/Architecture basis if this is possible?


      Thanks in advance for any input,


        • Re: PI Web API Access
          Marcos Vainer Loeff

          Hello Ciaran,


          PI Web API is a custom ASP.NET Web API project which uses PI AF SDK to communicate to the PI System, which means that PI Web API works as a client, and therefore, you can have as many instances as you want within your domain. The restriction is that you should have only one PI Web API instance per machine/web server.


          Each instance can have its own settings, which are stored on different AF elements.


          Concerning security, we recommend using Kerberos if your client machines are on the same domain of PI Web API. The machines which are accessing PI Web API externally need to use Basic Authentication since Kerberos is not an option in this case. You can have both options enabled on a single PI Web API instance.


          In general, the less instances you have, the easier it is to maintain them. Therefore, only create more PI Web API instances if it is required or if you have a good reason to do it.


          Concerning your scenario, if the PI Web API endpoint used by intranet and external sites are not the same, I would have two instances since you would need two different SSL certificates (each instance can only have one SSL certificate). If PI Web API endpoint is the same for both options, I would stick with one instance only.


          Hope it helps!

          1 of 1 people found this helpful