Knogin
[Developers]

AVEVA PI System Connector

The AVEVA PI System Connector links an existing AVEVA PI System historian to the Argus platform over the PI Web API, so operational technology that utilities already run becomes a live part of their outage management pic

Back to All Modules
Category: Data IntegrationLast Updated: May 26, 2026
data-integrationcompliancegeospatial

Overview#

The AVEVA PI System Connector links an existing AVEVA PI System historian to the Argus platform over the PI Web API, so operational technology that utilities already run becomes a live part of their outage management picture.

Utility operators who depend on AVEVA PI System (formerly OSIsoft PI) and PI Asset Framework rarely want to rip out and replace their historian. This connector lets them keep that investment and still gain a modern operational picture. Once a PI server is registered, its asset databases appear automatically as supply zones on the Argus map, PI Event Frames flow into the outage workflow, and clusters of sensor alarms are turned into draft outages before the first customer call arrives.

The result is a measurable reduction in mean-time-to-detect for unplanned outages and the end of the manual pivot between the historian and the outage management system. Engineers stay in one operational view, and the historian remains the system of record for process data.

Key Features#

  • Secure Connection Registration: Register each PI server once, with PI Web API credentials encrypted per record at rest using authenticated AES-GCM encryption bound to the stored row.
  • SSRF-Protected URL Validation: Every PI base address is validated against an allow-list before it is stored, so a connection can never be turned into a pivot toward internal services.
  • Asset Hierarchy Sync: Map PI Asset Framework databases straight onto the Argus geographic zone hierarchy as supply zones, each keyed by its PI WebId for stable, repeatable reconciliation.
  • On-Demand Event Frame Sync: Pull process events such as outages and alarms from a configured asset database for any time window and record them as audited ingestion entries.
  • Automated Outage Prediction: Continuously poll the most recent PI Event Frames, match anomalous asset identifiers to the correct supply zone, and raise a draft outage when two or more distinct sensors flag the same zone.
  • Operational Picture Emission: Predicted outages are published as live operational entities so they appear for review alongside the rest of the common operating picture.
  • Full Audit Trail: Connectivity tests, hierarchy syncs, event frame ingestion, and every predicted outage are written to an immutable interoperability audit log.
  • Organisation-Scoped Access: The entire capability is reached through an authenticated, organisation-scoped programmable interface, so each tenant sees only its own connections and data.

Use Cases#

  • Electricity Distribution Operators: Bring substation, feeder, and breaker telemetry from PI Asset Framework into the outage workflow, and let alarm clusters surface unplanned outages before customers report them.
  • Water and Gas Utilities: Map pumping stations, pressure zones, and treatment assets as supply zones, and convert pressure or flow alarms into draft incidents for rapid field dispatch.
  • Multi-Site Industrial Operators: Onboard several PI servers across regions or plants, each isolated by organisation, while sharing one consistent operational view.
  • Control Room Modernisation: Give operators a single map-based picture that already understands the historian's asset structure, removing the constant switch between the PI client and the outage management system.
  • Reliability and Asset Teams: Use the audited stream of event frames and predicted outages to study recurring fault patterns and target preventive maintenance.

Integration#

The connector exposes its full surface through an authenticated, organisation-scoped programmable interface, so a customer plugs in by registering one connection and then driving syncs and prediction from their own applications or the Argus console.

  • PI Web API Connectivity: Argus talks to AVEVA PI System over the vendor's own REST interface using HTTP Basic authentication over HTTPS, exactly as the PI Web API expects, so no bespoke agent has to be deployed on the historian.
  • Asset and Event Onboarding: PI Asset Framework databases become supply zones in the geographic hierarchy, and PI Event Frames become normalised ingestion records, giving customers a consistent model across every connected source.
  • Operational Bridge: Draft outages raised from PI anomalies are emitted as live operational entities, so they immediately join the wider operating picture without any extra wiring.
  • Identity and Access: Access is governed by OAuth2-issued tokens carried as JSON Web Tokens, with every operation scoped to the calling organisation and recorded for compliance.
  • Webhooks and Downstream Workflows: Once outages and events land in the platform, existing notification, alerting, and dispatch workflows pick them up, so the benefit reaches field crews and customers without custom plumbing.

Open Standards#

  • AVEVA PI Web API: the connector speaks the published PI Web API model for streams, batch requests, event frames, and asset databases, the same interface AVEVA documents for third-party clients.
  • REST: all historian interaction follows a resource-oriented architectural style over plain HTTP verbs and resource paths such as /piwebapi/assetdatabases.
  • RFC 8259 JSON: PI Web API requests and responses, and the normalised records stored in Argus, are exchanged as standard structured JSON.
  • RFC 7617 HTTP Basic Authentication: PI Web API credentials are presented using the standard Basic scheme, as required by AVEVA PI System.
  • RFC 8446 TLS / HTTPS: every connection to the historian runs over transport-layer security, protecting credentials and process data in transit.
  • OAuth 2.0 (RFC 6749): caller access is authorised through standard token issuance before any operation runs.
  • JSON Web Token (RFC 7519): organisation-scoped access is carried in signed JWT bearer tokens.
  • GraphQL: the public surface is published as a typed, schema-described interface for predictable, organisation-scoped requests.
  • NIST SP 800-38D AES-GCM: stored PI credentials are protected with authenticated AES in Galois/Counter Mode, binding each ciphertext to its own record.
  • ISO 8601: event and outage timestamps use the standard date-time representation for unambiguous time-window queries.
  • WGS 84 / EPSG:4326: supply zones and predicted outage locations use the common latitude-longitude reference model shared across the mapping workflows.

Security & Compliance#

  • Encrypted Credentials at Rest: PI Web API usernames and passwords are never stored in clear text. Each is encrypted with authenticated AES-GCM and tied to the specific connection record, so a stolen value cannot be replayed against another row.
  • SSRF Defence: A PI base address is validated against an allow-list at registration, closing the primary window through which a connection could otherwise be redirected at internal infrastructure.
  • Strict Tenant Isolation: Every query, sync, and prediction is scoped to the calling organisation, so one customer can never read or act on another customer's connections, zones, or events.
  • Authenticated Surface: All operations require an authenticated, authorised caller; anonymous access is rejected.
  • Immutable Audit Logging: Connectivity tests, hierarchy syncs, event frame ingestion, and predicted outages are written to an append-only interoperability audit trail for review and compliance reporting.

Last Reviewed: 2026-05-26 Last Updated: 2026-05-26

Ready to Build?

Get started with our APIs or contact our integration team for support.