IBM Blockchain Transparent Supply and IBM Food Trust

How to Get a JWT Token from IFT UI to Invoke IFT APIs

By Ming Zhou posted Wed June 23, 2021 07:37 PM

  

Co-authored by Ming Zhou and Yichong Yu


IBM Food Trust (IFT) uses a JWT token for API authentication.  There are two ways to get JWT tokens to access IFT APIs:

  1. Create an IFT system user, and get an API key from IBM cloud IAM. Following standard IFT documentation steps for more details. This is recommended for system to system integrations.
  2. Grab a token from IFT UI. This document provides detailed steps for this option.
In this blog, we will first show how to obtain a JWT token from IFT UI, and then illustrate how a JWT tokens can be used to invoke IFT APIs with different tools.

Get a JWT token from IFT UI

There are two ways to get a JWT token from IFT UI: using the regular IFT login page, or use IFT identity proxy login URL. We will cover both approaches in this document.

Obtain JWT token from IFT login page

Use the following steps to obtain a JWT token from IFT login URL:

  1. Start with your IFT login screen, such as https://food.ibm.com/. Do not login yet.
  2. Open your browser developer tool, such as Chrome Developer Tools, and turn on the trace
  3. Chrome developers tools
  4. Click on IFT Login button, and login to IFT
  5. Stop the trace in the Developer Tool once you are in IFT. Find the record for "tokens" in the trace
    IFT login trace
  6. Click on the "tokens" record, and copy the value to a clipboard
    Token trace details
    The value should look like: 
    Token JSON structure
  7. Copy the value under JSON response attribute "id_token", and save that for use when making IFT API calls

Obtain a JWT token from IFT identity proxy URL

Another way to get a JWT token is to use the IFT identity proxy URL. Here are the steps:

  1. Use the IFT identity proxy login URL: http://food.ibm.com/ift/api/identity-proxy/login
    IFT identity proxy
  2. Click on the "Sign in with IBMIDv2" link
  3. Enter your IBM ID to login
    Identiy proxy login
  4. If you have access to more than one IFT organization, you will be presented with the list of all organizations. Pick the right organization to login
  5. Once you login successfully, you will see a screen with JWT token
    Identity proxy JWT
  6. Copy and save the JWT token for later use

Check JWT token expiration

JWT tokens have expiration time, and must be used before they expire. To check the expiration time of a JWT token, one can use the web site: jwt.io. JWT token generated from different approaches may have different expiration settings. Here is an example of a JWT token and its expiration time when decoded on jwt.io web site:
JWT.IO

Use JWT token for IFT API calls

Once a valid JWT token is obtained, it can be used to make IFT API calls. There are different ways to use the JWT token to access IFT APIs, such as using IFT swagger, or using a REST client.


Access IFT API through Postman

One way is to invoke IFT API is to use a REST client, such as Postman. Here is a Postman example to make an IFT API call to get all products in an organization.

  1. Obtain a valid JWT token using either approach documented above.
  2. Create a new GET request, use any name you want, such as "My first IFT API request"
  3. Enter the Get Products end point URL: "https://food.ibm.com/ift/api/outbound/v2/products"
  4. Click on Authorization tab, from the Type drop-down list, pick "Bearer Token"
    Postman authentication
  5. Copy and paste the JWT token from step 1 to the Token field
    Postman bearer token
  6. Click on Save to apply the changes
  7. Click on Send to invoke the API using the JWT token. Upon successful response, you should see the products defined in the organization
    Postman request-response


Access IFT API through Swagger

You can access IFT APIs without any additional tool by using IFT Swagger. Swagger is available through a browser, such as from this URL https://food.ibm.com/ift/api/outbound/api-docs/. Before you can invoke any APIs from this swagger page, you must first provide a valid JWT token. Here are the steps to invoke the same Get Products web service.

  1. Navigate to the swagger page from a browser
  2. Click on the Authorize button
    Swagger IFT
  3. In the pop up window, paste the JWT token into the Value field
    Swagger authorization
  4. Click "Authorize". Once the process completes, click "Close" on the next screen
  5. Navigate to the Get Products API in the swagger list, and click to open
    Swagger Get Product
  6. Click on "Try it out" to test the API
    Swagger try it out
  7. Since we don't need to provide any input for this API call, you can simply click on "Execute" at the bottom to run it
    Swagger execute
  8. After a few seconds, you should see the API response in the Responses section right below the Execute button
Congratulations you have completed the process of invoking an IFT API using a JWT token obtained from IFT UI. You can now try different IFT APIs, such as run a trace or upload data, as a regular IFT business user.
0 comments
13 views

Permalink