UPDATE: Secure Service Accounts are now GA - see the announcement here:
https://aps.autodesk.com/blog/update-secure-service-accounts-ssa-goes-ga
------
We’re excited to announce the public beta release of the new Secure Service Accounts (SSA) API — a more secure, flexible, and modern way to authenticate server-to-server integrations with Autodesk Platform Services (APS).
Why Secure Service Accounts?
Traditionally, developers building backend integrations used 2-legged OAuth (2LO), which was limited to a small subset of APS endpoints or relied on specialized user-impersonation workarounds that mimicked 3LO calls.
However, most critical ACC/BIM360 APIs are '3LO only,' effectively locking out 2LO automation. Using workarounds involving login prompts and refresh tokens, isn't ideal for long-term security, scalability, or governance.
Secure Service Accounts solve this by letting you:
-
Authenticate using a secure private-key
-
Apply precise, user-like permissions to specific projects and hubs
-
Eliminate the need to store or share passwords for automation purposes
SSAs give your app integrations just enough access, aligning with zero trust principles and modern enterprise security standards.
Key Features
🔐 No More Login Box, ReCaptcha or OTP
Use a private key to authenticate via JSON Web Tokens (JWT), eliminating the need to manage a login box prompt or refresh token.
⚙️ Built for Automation
Perfect for CI/CD pipelines, data integrations, and backend tasks — all without user interaction.
📋 Audit-Ready
SSA token usage is traceable, like a typical user in the ACC activity log system, and fits cleanly into enterprise compliance models.
What's in the Beta
This public beta gives you access to:
-
Detailed SSA API documentation
-
Support for many 3LO ACC APIs (Admin, Docs, Cost, Build, Issues, Forms, etc)
-
A sample SSA management tool for developers getting started
Get Started
For the quickest way to get started:
Go to: ssa-manager.autodesk.io
and watch this 1 minute Youtube video...
use this to create your first robot account (give it a first and last name), your first private RSA key, and then test it by "generating your first 3LO SSA-based Access Token".
... all through a simple web interface (Thanks Adam!).
That's steps 1 and 3 taken care of. Finally, follow step 2 in the "SSA - How to Guide" found in the API documentation, in order to 'add your robot, as a member of your ACC Project/Hub'.
Feedback Welcome
This is just the beginning. We’re working on expanding support across the remaining 3LO APIs, adding a restriction feature for Data Management API via 2LO and UI improvements to our ACC and management Portal.
- If you're using SSA during the beta, we’d like your feedback via ssa-api-beta-feedback@autodesk.com.
- For support, contact us through the 'Support - > Get Help" mechanism.