Hi,
My feedback on each topic:
Via CLI: apic login - as Chris said use -sso in your login command.
Via Developer toolkit method - generate apikey via API Manager (add /apikeys to homepage URL in API Manager), download your credentials (also from API Manager and use the "toolkit" values for the client id and client secret) and this will generate a bearer_token for you to use with the Provider-API etc. with the curl command you posted (use toolkit "endpoint" from credentials).
Via REST API call--> I'm not sure how this works with OIDC (I don't have an OIDC to test with) but again use the same client id and client secret as above, use your username / password for API Manager, use the correct "realm" that relates to your OIDC and you can generate the bearer token with this call:
curl -v -k -X POST -d '{"username": "USERNAME", "password": "PASSWORD", "realm": "provider/OIDC-VALUE", "client_id": "CLIENT-ID", "client_secret": "CLIENT-SECRET", "grant_type": "password"}' -H 'Content-Type: application/json' -H 'Accept: application/json' https://YOUR-ENDPOINT/api/token
These should work for you. If they don't please share your commands and errors.
------------------------------
Nick Cawood
API Connect Consultant
IBM Hybrid Cloud Integration Expert Labs
IBM UK Ltd
https://www.linkedin.com/in/nickcawood/------------------------------
Original Message:
Sent: Tue February 20, 2024 10:41 AM
From: Riya Fathima
Subject: Accessing platform REST APIs for IBM API Connect v10, when system has OIDC enabled
Hi Team,
I wanted to access platform REST APIs for IBM API Connect v10.0.5.3.
Via CLI: apic login --> found to be failing and learned, that could be due to OIDC as default authorization mechanism instead of local user registry.
Via Developer toolkit method -- > platform API token was tried to fetch via below command: where API key generated in API manager, id and secret recvd from API manager download toolkit option and returned 401 un authorized error
curl -v -k -X POST -d '{"api_key": "****", "client_id": "client-id", "client_secret": "client-secret", "grant_type": "api_key"}' -H 'Content-Type: application/json' -H 'Accept: application/json' https://platform-api.{{region}}.apiconnect.automation.ibm.com/api/token
Via REST API call--> With referance to API Explorer (ibmcloud.com), client id and secret need to be created based on cli after "apic login" (option1)
Can you please help to get over this?
I need to get access to platform APIs for some scripting purpose (API Explorer (ibmcloud.com)
Best Regards,
Riya
------------------------------
Riya Fathima
------------------------------