API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

API Connect v10 REST API calls: Consumer-API, generating a Bearer Token

By Nick Cawood posted Thu February 23, 2023 10:09 AM

  

Hi,

To get access to REST APIs of the Consumer-API ( Consumer-APIs ) a Bearer Token must be generated to get access.


This is similar to the general process for generating a Bearer Token for the other REST APIs available with API Connect v10 ( APIC v10 REST APIs ) which I detailed in a previous blogpost ( here ) but there are notable differences.


Here is how to generate a Bearer Token for calling Consumer-APIs in APIC v10 using a consumer user from the Catalog / Developer Portal:

  • You need a "Consumer App" to store values for client-id and client_secret as part of your Consumer-API credentials to generate the Bearer Token. First login to admin server with the apic Toolkit:

./apic-slim login

Enter your API Connect credentials

Server? $cloud-url [this is the URL of the Cloud Manager]

Realm? admin/default-idp-1 [see getting started blogpost to check if this the correct realm for your deployment]

Username? USERNAME [your Cloud / Admin level username]

Password? PASSWORD

Logged into $cloud-url successfully

  • Then create your App using this app4consumerAPI.json file (you can include specific scopes to control access further if required - see getting started blogpost again for guidance if you do not follow) using the Toolkit again:

app4consumerAPI.json

{ "name": "app4consumerAPI", "title": "app4consumerAPI", "state": "enabled", "client_type": "consumer_toolkit", "client_id": "specify-a-CLIENT-ID", "client_secret": "specify-a-CLIENT-SECRET" }

./apic-slim registrations:create -s $cloud-url app4consumerAPI.json

app4consumerAPI [state: enabled] $cloud-url

  • Or alternatively you can create the app with REST calls, first get a bearer token then create the app (2 calls below):

curl -v -k -X POST -d '{"username": "USERNAME", "password": "PASSWORD", "realm": "admin/default-idp-1", "client_id": "CLIENT-ID-for-user-specified", "client_secret": "CLIENT-SECRET-for-user-specified", "grant_type": "password"}' -H 'Content-Type: application/json' -H 'Accept: application/json' $cloud-url/api/token

curl -v -k -X 'POST' -d '{ "name": "app4consumerapi", "title": "app4consumerapi", "state": "enabled", "client_type": "consumer_toolkit", "client_id": "specify-a-CLIENT-ID", "client_secret": "specify-a-CLIENT-SECRET" }' -H 'Accept: application/yaml' -H "Authorization: Bearer $b" -H "Content-Type: application/json" "$cloud-url/api/cloud/registrations"

  • Now get the bearer token (this is in 2 steps: creating a $PAYLOAD variable, which is then pushed into API token call, where {catalog}-idp relates to the name of the identity provider of the Catalog & USERNAME2 / PASSWORD2 are from a consumer user in the Catalog / Developer Portal):

export PAYLOAD='{"username": "USERNAME2", "password": "PASSWORD2", "realm": "consumer:{org}:{catalog}/{catalog}-idp", "client_id": "CLIENT-ID", "client_secret": "CLIENT-SECRET", "grant_type": "password"}'

echo $PAYLOAD | curl -k -X POST -d @- -H "X-IBM-Consumer-Context: {org}.{catalog}" -H 'Content-Type: application/json' -H 'Accept: application/json' $consumer-url/consumer-api/token

I hope you find this blog on the Consumer-API useful.

-------------------------------------------------
Nick Cawood
API Connect Consultant
IBM Hybrid Cloud Integration Expert Labs
IBM UK Ltd

https://www.linkedin.com/in/nickcawood/
-------------------------------------------------


#APIConnect

0 comments
72 views

Permalink

https://community.ibm.com/community/user/blogs/nick-cawood/2023/02/23/api-connect-v10-rest-api-calls-consumer-api-genera