Planning Analytics

Hello everyone,

I’m currently trying to execute a POST request from a TI process in Planning Analytics using ExecuteHttpRequest, but I keep running into issues. I’d appreciate some help or guidance from anyone who has managed to get this working.

Here’s what I’ve done so far:

• I wrote a TI process that tries to authenticate against IBM Cloud and then call the PA REST API.

• I’m able to get an access_token from the IBM Cloud IAM endpoint by using my API key. That part seems to work fine.

• However, when I try to use this bearer token to send further requests (for example, creating a folder in the PA Contents), I always get a 401 response code.

Here’s a simplified version of the code I’m running in the TI process:

(I've adapted it from the process of Stuart King you can find here: PASaaSReplication/processes/Replicate data.ti at main · StuartStephenKing/PASaaSReplication)

# Request Access Token
vGrant_type = 'urn:ibm:params:oauth:grant-type:apikey';
vTokenUrl = 'https://iam.cloud.ibm.com/identity/token?apikey=' | vAPIKey | '&grant_type=' | vGrant_type;
ExecuteHttpRequest('POST', vTokenUrl);

responseCode = HttpResponseGetStatusCode();
vResponseBody = HttpResponseGetBody();
ASCIIOUTPUT(vLogFile, vResponseBody);

# Extract bearer token from response
#Get Token
ExecuteHttpRequest( 'POST', vTokenUrl );
responseCode = HttpResponseGetStatusCode();
vResponseBody  = HttpResponseGetBody();
ASCIIOUTPUT( vLogFile, vResponseBody );
vResponseBodyLength = LONG ( vResponseBody );
vAccessTokenStr = '"access_token":"';
vAccessTokenStart = SCAN( vAccessTokenStr, vResponseBody );
vAccessTokenLength = LONG( vAccessTokenStr );
vResponseBodyAccessTokenStrToEnd= SUBST( vResponseBody, vAccessTokenStart + vAccessTokenLength, vResponseBodyLength - vAccessTokenStart);
vAccessTokenEnd = SCAN( '"', vResponseBodyAccessTokenStrToEnd ) - 1;
vBearerToken = SUBST( vResponseBodyAccessTokenStrToEnd, 1, vAccessTokenEnd );
ASCIIOUTPUT( vLogFile, 'accessToken: ' | vBearerToken );

# Try to call PA API
vUrl = P_S_SERVER_URL_SOURCE | '/api/' | P_S_TENANT_ID_TARGET | '/v0/tm1/' | P_S_SERVER_NAME_TARGET | '/api/v1/Contents(...)/Contents';
vJSONCommand = '{"@odata.type": "#ibm.tm1.api.v1.Folder", "Name": "TestFolder1"}';

sHeaderToken = '-h Authorization: Bearer ' | vBearerToken;

ExecuteHttpRequest('POST', vUrl, '-k', sHeaderToken, '-h Content-Type:application/json', '-d ' | vJSONCommand);

responseCode = HttpResponseGetStatusCode();
responseBody = HttpResponseGetBody();
ASCIIOUTPUT(vLogFile, 'Response Code: ' | NumberToString(responseCode));
ASCIIOUTPUT(vLogFile, responseBody);

What I’ve observed so far:

• The access token is generated correctly from IBM Cloud IAM.

• When using the token in a TI request, I consistently get a 401.

• I tried the POST request from the TI process, using this paSession cookie I manually copied from PostMan, it works fine. (I executed the authentication in Postman just to get the paSession cookie)

• That leads me to believe the issue is not with the TI syntax itself, but rather with how the PAaaS authentication works.

My main questions:

1. How do I get the correct API key or credentials that give me access to the PAaaS service from a TI process?

2. Or alternatively, is there a way to programmatically retrieve the paSession cookie from within a TI process, similar to how Postman handles it?

3. Has anyone successfully used ExecuteHttpRequest('POST', …) in TI against PAaaS, and if so, what authentication flow did you use?

Any advice or concrete examples would be very welcome. I feel like I’m missing a key step regarding authentication between IAM and the PAaaS instance.

Thanks a lot in advance for your help!

Erwan