API Connect

 View Only
Expand all | Collapse all

Consumer Application Reassignment for Corporate Reorgs

  • 1.  Consumer Application Reassignment for Corporate Reorgs

    Posted Wed May 15, 2024 10:38 AM

    We have situations where a specific application under a Consumer Organization is transferred to another consumer organization. Is there a way to move an application from one Consumer organization to another without changing the x-ibm-client-id. Our consumers do not want to go in to all their applications and change the client id. What is the best way to handle this?



    ------------------------------
    Theresa Furlong
    ------------------------------


  • 2.  RE: Consumer Application Reassignment for Corporate Reorgs

    Posted Fri May 17, 2024 04:31 AM

    Hi Theresa, there isn't a way to move an existing application from one consumer organization to another however you can achieve the same end result of using the same ClientID/Secret by using the CLI or Provider REST API to recreate the same Credential values under the new consumer org as follows:

    1. If you need to copy across the ClientSecret as well as the ClientID then update the catalog settings to allow the hashed secret to be applied (CLI example as follows)
      • export CATALOG_SETTINGS_UPDATE_FILENAME=./objects/catalog-settings.yaml
        echo hash_client_secret: true > $CATALOG_SETTINGS_UPDATE_FILENAME
        ./apic catalog-settings:update --server $MGMT_SERVER --org $TARGET_ORG --catalog $TARGET_CATALOG $CATALOG_SETTINGS_UPDATE_FILENAME
    2. Create a new application in the target consumer org (it will be allocated different credentials automatically)
    3. Subscribe the new application to the necessary products, and test that it works as expected with the newly created credentials
    4. Save the existing client_id (and client_secret_hashed if the clientSecret is being used) from the original application
    5. Delete existing credential/application (so that it doesn't clash when it is recreated)
    6. Create a new credential on the target application using the client_id and client_secret_hashed from the source credential - CLI example as follows (substitute the placeholder text for your client_id and client_secret_hashed)

      • export CONSUMER_APP_CREDENTIALS_FILENAME=./objects/credentials.yaml
        echo name: 'myapplication' > $CONSUMER_APP_CREDENTIALS_FILENAME
        echo title: 'myapplicationtitle' >> $CONSUMER_APP_CREDENTIALS_FILENAME
        echo client_id: 'client_id_fromsource' >> $CONSUMER_APP_CREDENTIALS_FILENAME
        echo client_secret_hashed: 'client_secret_hashed_fromsource' >> $CONSUMER_APP_CREDENTIALS_FILENAME

        ./apic credentials:create --consumer-org consumerorgone --app myapplication $CONSUMER_APP_CREDENTIALS_FILENAME --server $MGMT_SERVER --org $SOURCE_ORG --catalog $SOURCE_CATALOG

    7. (Set the catalog settings back to "false" if you wish, to undo step 1)

    As usual you should test out this process to prove that it works and you're comfortable with it before you run it on your production instance, and note that there will be a short period of time between steps 5 and 6 where API calls using that clientID+secret will fail because they don't exist against either application.

    Regards, Matt.



    ------------------------------
    Matt Roberts
    Distinguished Engineer and CTO, IBM Integration
    IBM
    Winchester
    ------------------------------

    Original Message