
Authentication - AWS
To work with the API, authenticate your app or service by including an IAM access token, and service instance GUID (ID) in API requests.
Note: To use the IBM® MQ as a Service API, a user or service ID must
have either the “Service Admin” or the “Service Owner” role.
To find your service instance ID and generate an access token, complete the following steps:
- Go to the IBM SaaS Console at https://aws.console.saas.ibm.com. For help using the IBM SaaS Console, see https://www.ibm.com/docs/en/saas-console?topic=console-getting-started-saas
- Select the required account to open the list of its subscriptions.
- Find the subscription for IBM MQ as a Service, then click on View instances.
- Click on the table row for the service instance (do not click on the Open link)
- Make a note of the Instance ID of the service instance, which is available on the Instance Details tab.
- Switch to the API Keys tab, then click on Generate key
- To generate an API key for yourself, select a service type of Personal. To generate an API key for a service ID, select a service type of Service ID, then select the service ID to use.
- Provide an API key name, an Expiration date, and optionally a Description, then click Generate key.
- Save or download the API key, then click Close.
- Generate an access token by using the API key:
APIKEY="***********" IAMTOKEN=`curl -X 'POST' \ 'https://account-iam.platform.saas.ibm.com/api/2.0/services/<Instance ID>/apikeys/token' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"apikey\": \"${APIKEY}\" }" | jq .token -r` - Use the generated IAM token in the authorization header when using the IBM MQ as a Service
API.
Authorization: Bearer ${IAMTOKEN}