Co-authored by Ming Zhou and Yichong Yu
IBM Food Trust (IFT) uses a JWT token for API authentication. There are two ways to get JWT tokens to access IFT APIs:
- Create an IFT system user, and get an API key from IBM cloud IAM. Following standard IFT documentation steps for more details. This is recommended for system to system integrations.
- Grab a token from IFT UI. This document provides detailed steps for this option.
In this blog, we will first show how to obtain a JWT token from IFT UI, and then illustrate how a JWT tokens can be used to invoke IFT APIs with different tools.
Get a JWT token from IFT UI
There are two ways to get a JWT token from IFT UI: using the regular IFT login page, or use IFT identity proxy login URL. We will cover both approaches in this document.
Obtain JWT token from IFT login page
Use the following steps to obtain a JWT token from IFT login URL:
- Start with your IFT login screen, such as https://food.ibm.com/. Do not login yet.
- Open your browser developer tool, such as Chrome Developer Tools, and turn on the trace
- Click on IFT Login button, and login to IFT
- Stop the trace in the Developer Tool once you are in IFT. Find the record for "tokens" in the trace
- Click on the "tokens" record, and copy the value to a clipboard
The value should look like:
- Copy the value under JSON response attribute "id_token", and save that for use when making IFT API calls
Obtain a JWT token from IFT identity proxy URL
Another way to get a JWT token is to use the IFT identity proxy URL. Here are the steps:
- Use the IFT identity proxy login URL: http://food.ibm.com/ift/api/identity-proxy/login
- Click on the "Sign in with IBMIDv2" link
- Enter your IBM ID to login
- If you have access to more than one IFT organization, you will be presented with the list of all organizations. Pick the right organization to login
- Once you login successfully, you will see a screen with JWT token
- Copy and save the JWT token for later use
Check JWT token expiration
JWT tokens have expiration time, and must be used before they expire. To check the expiration time of a JWT token, one can use the web site: jwt.io
. JWT token generated from different approaches may have different expiration settings. Here is an example of a JWT token and its expiration time when decoded on jwt.io web site:
Use JWT token for IFT API calls
Once a valid JWT token is obtained, it can be used to make IFT API calls. There are different ways to use the JWT token to access IFT APIs, such as using IFT swagger, or using a REST client.
Access IFT API through Postman
One way is to invoke IFT API is to use a REST client, such as Postman
. Here is a Postman example to make an IFT API call to get all products in an organization.
- Obtain a valid JWT token using either approach documented above.
- Create a new GET request, use any name you want, such as "My first IFT API request"
- Enter the Get Products end point URL: "https://food.ibm.com/ift/api/outbound/v2/products"
- Click on Authorization tab, from the Type drop-down list, pick "Bearer Token"
- Copy and paste the JWT token from step 1 to the Token field
- Click on Save to apply the changes
- Click on Send to invoke the API using the JWT token. Upon successful response, you should see the products defined in the organization
Access IFT API through Swagger
You can access IFT APIs without any additional tool by using IFT Swagger. Swagger is available through a browser, such as from this URL https://food.ibm.com/ift/api/outbound/api-docs/
. Before you can invoke any APIs from this swagger page, you must first provide a valid JWT token. Here are the steps to invoke the same Get Products web service.
- Navigate to the swagger page from a browser
- Click on the Authorize button
- In the pop up window, paste the JWT token into the Value field
- Click "Authorize". Once the process completes, click "Close" on the next screen
- Navigate to the Get Products API in the swagger list, and click to open
- Click on "Try it out" to test the API
- Since we don't need to provide any input for this API call, you can simply click on "Execute" at the bottom to run it
- After a few seconds, you should see the API response in the Responses section right below the Execute button
Congratulations you have completed the process of invoking an IFT API using a JWT token obtained from IFT UI. You can now try different IFT APIs, such as run a trace or upload data, as a regular IFT business user.#IBMBlockchainTransparentSupplyandIBMFoodTrust#SupplyChain