Getting Started with Inversoft Passport on IBM Bluemix

Share this post:

Inversoft Passport brings a wealth of APIs to IBM Bluemix that allow you to authenticate and authorize users to your application. Supporting industry standard security specifications such as OAuth2 and JSON Web Tokens (JWT), Passport’s OAuth2 implementation comes with theme support to ensure your Web forms look and feel like your brand. User discipline and an event-based webhook system allows for creative integrations and complex service orchestration.

Inversoft Passport logoAs your application matures and your user base grows, you’ll need a modern interface to perform user management tasks. Localized email templating, powerful search, user analytics and a responsive web interface provide value and allow you to focus on what is important. Anything you can do from Passport’s web interface can also be accomplished via the REST API.

Adding the Passport Service to your Bluemix Dashboard

Let’s get started using Passport on Bluemix. Search for Passport in the Bluemix Catalog, and you’ll be presented with the service tile. Click on the service tile, and you’ll get the Catalog Service Details page, as shown below.Screen shot of Inversoft Passport in the Bluemix catalog

You’ll need a few pieces of information before you can bind this service to your Bluemix application.

If you don’t already have a Bluemix account, you can register for a free 30-day trial.

Try or Buy

If you already have a Passport license, you can skip this step.

Navigate to and click Try it free.

Your first two weeks are free for any package you select, at the end of your trial period you will have the opportunity to purchase. Contact with any other questions you may have on licensing.Screen shot of Passport sign-up

Once you’ve completed registration and you’ve been taken to your Inversoft Account page, you’ll be provided with the information needed to complete your Bluemix integration.

Setup Passport

Next, you’ll complete the initial setup wizard. Click on the Passport Backend URL on your Inversoft Account page. This will open up the user interface, and you’ll be presented with the Setup Wizard. Follow our Setup Wizard Tutorial to complete this step.

URLs and API Keys

To complete the Bluemix service integration, you’ll need the Passport Backend URL, Passport Frontend URL, API key and an Application Id. Complete the following tutorials to create an Application and one or more API keys.

The two URLs are defined on your Inversoft Account page; the API key was created during the above tutorial, and the Application Id is available after you have created an application. A Passport application represents a secured resource, in this case that is your Bluemix application.

Circle Back

Now that you have all of the details, you’ll need to complete the Bluemix service connection. Head back to your Bluemix console and enter the values. The following three values will be added to the Passport service as shown in the initial screenshot above:

  • API Key
  • Passport Backend URL
  • Passport Frontend URL

The other two pieces of information we’ll need will be added to each Bluemix application specifically as User Defined Runtime Environment Variables. The values in the screenshot are only an example, your values will be different.Screen shot of Bluemix Console Runtime Variables

You’re done! Now comes the code.

Example Code

Once the service has been connected to your Bluemix application, these credentials will be available to your application at runtime. The following is an example of the user provided service credentials.

 "user-provided": [
   "credentials": {
    "api_key": "0e116a6e-ca00-47cd-804e-b04f9adea296",
    "passport_backend_url": "",
    "passport_frontend_url": ""
  "syslog_drain_url": "",
  "label": "user-provided",
  "name": "Passport-vz",
  "tags": []

We’ll use this information at runtime to connect to Passport and begin making API calls.

// User defined Environment Variable : passport_application_id
let applicationId = process.env.passport_application_id;

// User defined Environment Variable : passport_service_name
const serviceName = process.env.passport_service_name;

const services = JSON.parse(process.env.VCAP_SERVICES);
let passport = null;
const user_provided = services["user-provided"];
for (let i=0; i < user_provided.length; i++) {
   if (user_provided[i].name === serviceName) {
      passport = user_provided[i];

let apiKey = passport.credentials.api_key;
let backendURL = passport.credentials.passport_backend_url;
let frontendURL = passport.credentials.passport_frontend_url;

Next, you’ll construct the Passport Client using the Node.js Passport Client library.

const PassportClient = require('passport-node-client');
let passportClient = new PassportClient(apiKey, backendURL);

Now, you can make all of the API calls you want. Start by retrieving the RSA Public Key so you can verify JSON Web Tokens signed by Passport.

.then((response) => {
   // Store off this public key to use when verifying JWT signatures
   const publicKey = response.successResponse.publicKey;

Next, you’ll register a new user.

let request = {
    user: {
     email: '',
     password: 'super-secret',
     firstName: 'Joe',
     lastName: 'User'
   registration: {
     applicationId: 'ea1a58bf-ae29-4c92-925a-591915aee646'
     roles: [
      'admin', 'user'
   skipVerification: true
passportClient.register(null, request);

And then, log that new user into the registered application.

let request = {
  loginId: '',
  password: 'super-secret',
  applicationId: 'ea1a58bf-ae29-4c92-925a-591915aee646'


Following the instructions in this blog article, you learned how to bind the Passport service to your Bluemix-built app. At the bottom of this article, you can post comments or questions. Please feel free to post/share your comments and questions!

And, now that you’ve added Passport to your Bluemix app, it’s important to review the seven core strengths:

  1. Reduced Time to Market
  2. Multiple Applications
  3. Security
  4. Service Orchestration
  5. Localization
  6. Freeform User Data and Segmentation
  7. Reporting

The next blog post will go into more detail on the seven core strengths mentioned above, so stay tuned!

Documentation and Support

Passport has got great API documentation and even better support! When you contact support, your email will be viewed by a member of the Passport team.

For some review and additional details, take a look at this Bluemix Integration Tutorial. The complete API documentation is also available.

If you get stuck, send a note to The team will be happy to give you a hand!

More What's New stories

How to build confidence in using a cloud platform

From authentication to API access, public cloud platform providers are hardening every aspect of their systems to ensure greater security and scalability. And this strategy is paying off: the number of surveyed organizations who distrust clouds dropped from 50% to 29% in a 2017 survey. But how does one gain the assurance needed to confidently […]

Continue reading

Twilio expands the number of services on IBM Cloud

Twilio is very happy to announce our expanded partnership with IBM, bringing five new custom integrations to IBM Cloud. With Twilio and IBM, you’ll be able to build communications into your Web app without worrying about provisioning and maintaining servers.

Continue reading

Getting started with TradeIt’s SDK and API

By integrating TradeIt’s core products - TradingTicket and PortfolioView - developers can bring portfolio management and order management tools to their end users. RIA and Wealth Management platforms that integrate our SDK or standardized API have higher engagement and a simplified workflow to manage across a clients portfolio and have the ability to place orders seamlessly through the same safe, secure API connections to the underlying broker. TradeIt understood that consumers were increasingly engaged on apps and social networks for the business of their lives. TradeIt brings the top Financial Institutions’ customer journey - account opening, account management and securities trading - to the apps where the action happens in a safe, secure and compliant way.

Continue reading