API Connect

 View Only
Expand all | Collapse all

Challenges with API Integration in SKLM for Utility Data Management

  • 1.  Challenges with API Integration in SKLM for Utility Data Management

    Posted 28 days ago
    Edited by Lorraine Rizzuto 28 days ago

    Hi Community,

    I've recently been tasked with a project that involves integrating IBM Security Key Lifecycle Manager (SKLM) into a system that processes and manages utility billing data. This system is designed to fetch and analyze data from multiple APIs, including one provided by a local electricity billing service, LESCO Online Bill Checking Portal.

    Here's the challenge:
    The system requires secure storage and encryption of API keys, as well as proper handling of sensitive customer data. SKLM seemed like the perfect tool for the job, given its robust key lifecycle management capabilities, but I've run into a few roadblocks:

    1. API Key Storage and Retrieval: While SKLM provides secure key storage, I'm struggling to configure it in a way that allows seamless retrieval for real-time API requests without introducing latency. Has anyone encountered similar issues? What's the best practice for optimizing SKLM's performance in such scenarios?

    2. Audit Logging: The billing system mandates comprehensive audit logs for every API transaction, particularly those involving sensitive operations like bill fetching or payment processing. SKLM's logging features are robust, but I'm unsure how to tailor them to this specific use case. Are there any custom scripts or configurations that you'd recommend?

    3. Integration with Third-Party APIs: The API in question requires token-based authentication. While I've managed to integrate SKLM with internal systems, third-party API integration introduces new challenges, especially with token expiration. How can I automate token renewal securely using SKLM?

    4. Compliance with Security Standards: The data handled by this system must comply with FIPS standards. Although SKLM supports FIPS, I'm curious if there are additional configuration steps I should be aware of when working with external APIs.

    5. Real-World Performance: Given the scale of data processed by services, I'd love to hear about real-world experiences with SKLM's performance in high-demand environments. Are there any bottlenecks to watch out for?

    If anyone has tackled similar challenges or has insights into integrating SKLM with external APIs for secure data management, I'd greatly appreciate your input. I've already gone through IBM's official documentation, but some nuances are still unclear.

    Looking forward to learning from your experiences!



    ------------------------------
    Usman Ghani
    ------------------------------