Configuring security credentials for connecting to an IBM App Connect REST API

Create a security identity by using the mqsisetdbparms command, and configure an AppConnectRESTRequest node in a message flow to use that identity for connecting to a secured App Connect REST API.

About this task

Follow these steps to configure a connection to a secured App Connect REST API:

Procedure

  1. Use the mqsisetdbparms command to associate a user name, password, and API key with a connection to an App Connect REST API.
    You can specify these values in any one of the following combinations:
    • User ID, password, and API key
    • User ID and password
    • API key only
    You can specify the security credentials by setting the following parameters:
    -n rest::securityIdentity
    The name of the security identity that is used to authenticate a connection to an App Connect REST API, where securityIdentity is the value of the Security Identity property in the AppConnectRESTRequest node.
    -u UserId
    The user ID to be used for connecting to the App Connect REST API.
    -p Password
    The password to be used for connecting to the App Connect REST API.
    -k API key
    The API key to be used for connecting to the App Connect REST API.
    The following example shows how to specify a user ID, password, and API key:
    mqsisetdbparms -w workDir -n rest::myRESTSecurityIdentity -u myRESTUserID -p myRESTPassword -k myRESTAPIKey 
    Alternatively, you might choose to specify only the API key, as shown in the following example:
    mqsisetdbparms -w workDir -n rest::myRESTSecurityIdentity -k myRESTAPIKey 

    For more information about associating security credentials with resources, see mqsisetdbparms command.

  2. In your message flow, specify the name of the security identity that you configured in step 1 (in this example, myRESTSecurityIdentity) as the value in the Security identity property in the AppConnectRESTRequest node.
    This security identity will be used when you connect to the App Connect REST API from IBM® App Connect Enterprise.

    In order for the AppConnectRESTRequest request node to authenticate to a REST API using a security identity created with the mqsisetdbparms command, the AppConnectRESTRequest node requires additional information about how to apply that security identity to the REST API. The AppConnectRESTRequest node uses the specified security identity only if the operation or API being invoked specifies one or more security requirements in the Swagger document.

What to do next

You can use the mqsireportdbparms command to show information about the security identities that are being used for connecting to a REST API. For example:
  • Enter the following command to show the security identity for HTTP Basic Authentication and the API key, for use with an AppConnectRESTRequest node:
    mqsireportdbparms -w c:\workdir\ACEServ1 -n rest::myBasicAuthAndApiKey
    This command returns output similar to the following example:
    $ mqsireportdbparms -w c:\workdir\ACEServ1 -n rest::myBasicAuthAndApiKey
    BIP8180I: The resource name 'rest::myBasicAuthAndApiKey' has userID 'myUserID'.
    BIP8214I: The resource name 'rest::myBasicAuthAndApiKey' has API key 'C664C588-885A-4F07-9390-9CD7A4F8A89F'. 
  • Enter the following command to validate the password for a single security identity for HTTP Basic Authentication, for use with an AppConnectRESTRequest request node:
    mqsireportdbparms -w c:\workdir\ACEServ1 -n rest::myBasicAuth -u myUserID -p password
    This command returns output similar to the following example:
    $ mqsireportdbparms -w c:\workdir\ACEServ1 -n rest::myBasicAuth -u myUserID -p password
    BIP8180I: The resource name 'rest::myBasicAuth' has userID 'myUserID'.
    BIP8201I: The password you entered, 'password' for resource 'rest::myBasicAuth' and userId 'myUserID' is correct.
    
    BIP8071I: Successful command completion.
For more information about the security credentials that have been set on the integration server, see mqsireportdbparms command.