APIc Authentication and Authorization

Overview

The Intelligence Suite data and metadata service APIs use JWT (JSON web token) for authentication and authorization. A caller must supply an unexpired token with the proper scope and signed by an approved JWK (JSON web key) through the HTTP Authorization request header when it calls an Intelligence Suite API.

For public API usage, the only authorized JWK provider is the IBM API Connect gateway that sits between you and the Intelligence Suite, protecting the APIs as our API management solution. You fetch a valid JWT token from API Connect which you will then use on subsequent calls to the Intelligence Suite APIs. JWT tokens typically expire after about 30 minutes, after which a new token will need to be fetched.

Onboarding

When you get access to the Intelligence Suite, you will be given a tenant ID and organization ID, together with your user ID and password will then be used to fetch a valid JWT token.

Usage

First, you must get a JWT token from APIc:

GET https://api.ibm.com/saascore/run/authentication-retrieve?orgId={{your-org-id}}
HEADERS: 
  Authorization: Basic {{base64 encode of IBM ID/pwd}}
  x-ibm-client-id: saascore-{{your-tenant-id}}

The response body is the JWT token, which should then be copied into the Authorization header as a Bearer token for subsequent calls to the Intelligence Suite. For Intelligence Suite GraphQL and metadata calls, besides sending the JWT token as a Bearer token, you must also specify the x-ibm-client-id header with value infohub-{{your-tenant-id}}. For example:

POST https://api.ibm.com/infohub/run/graph/na
HEADERS:
  Authorization: Bearer {{your-JWT-token}}
  x-ibm-client-id: infohub-{{your-tenant-id}}

Using curl command

If you are using the curl command, or similar, to execute Intelligence Suite APIs, you can specify the ID and Secret values on the request like so:

-H 'x-ibm-client-id: infohub-{{your-tenant-id}}' -H 'Authorization: Bearer {{your-JWT-token}}'

Using Postman

In Postman, the client ID can be added as headers on the Headers tab for the request, and the JWT token specified under the Authorization tab with type Bearer: Postman Headers Postman Auth Headers

Using GraphiQL

The IBM API Hub catalog entry for Supply Chain Intelligence Suite now includes a hosted version of GraphiQL that allows you to specify the value for the x-ibm-client-id header as well as the JWT token. You can access it here.

Status Codes

The Intelligence Suite will return an error response code of 401 if it is unable to authenticate the caller (i.e. the token is invalid).

The Intelligence Suite will return an error response code of 403 if the caller is authenticated but not authorized to perform the action.

APIc Authentication and Authorization

Overview

Onboarding

Usage

Using curl command

Using Postman

Using GraphiQL

Status Codes

Related topics

Parent topic:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally