reserved instanceAWS

Authentication - AWS

To work with the API, authenticate your app or service by including an IAM access token, and service instance GUID (ID) in API requests.

Note: To use the IBM® MQ as a Service API, a user or service ID must have either the “Service Admin” or the “Service Owner” role.
To find your service instance ID and generate an access token, complete the following steps:
  1. Go to the IBM SaaS Console at https://aws.console.saas.ibm.com. For help using the IBM SaaS Console, see https://www.ibm.com/docs/en/saas-console?topic=console-getting-started-saas
  2. Select the required account to open the list of its subscriptions.
  3. Find the subscription for IBM MQ as a Service, then click on View instances.
  4. Click on the table row for the service instance (do not click on the Open link)
  5. Make a note of the Instance ID of the service instance, which is available on the Instance Details tab.
  6. Switch to the API Keys tab, then click on Generate key
  7. To generate an API key for yourself, select a service type of Personal. To generate an API key for a service ID, select a service type of Service ID, then select the service ID to use.
  8. Provide an API key name, an Expiration date, and optionally a Description, then click Generate key.
  9. Save or download the API key, then click Close.
  10. Generate an access token by using the API key:
    APIKEY="***********"
    IAMTOKEN=`curl -X 'POST' \
      'https://account-iam.platform.saas.ibm.com/api/2.0/services/<Instance ID>/apikeys/token' \
      -H 'Accept: application/json' \
      -H 'Content-Type: application/json' \
      -d "{ \"apikey\": \"${APIKEY}\" }" | jq .token -r`
    
  11. Use the generated IAM token in the authorization header when using the IBM MQ as a Service API.
    Authorization: Bearer ${IAMTOKEN}