API requester PassTicket authentication to IBM z/OS Connect

PassTicket authentication can be used between the COBOL program running in CICS® and the IBM z/OS Connect Server.

zosConnect-3.0 Applies to zosConnect-3.0.

A PassTicket is a password substitute that your application can use in the basic authentication scheme that is built into the HTTP protocol. It requires the CICS application to provide a user ID and PassTicket in the request.
  • For CICS, a user ID and PassTicket must be sent from the CICS application to z/OS Connect as parameters on the Host API BAQINIT call.
The z/OS Connect Server validates the user ID and PassTicket against a configured user registry. The user ID is then set as the authenticated user.

The following diagram shows basic authentication between a z/OS application and an z/OS Connect Server.

Diagram shows how a z/OS application passes credentials to z/OS Connect for identification.

When a PassTicket is used, the credentials are encoded, but are not encrypted. Therefore, it is typically used with HTTPS (TLS) to provide confidentiality. For more information about PassTicket authentication, see A launch icon to indicate a link opens a new tab or window. PassTicket authentication.