Accessing the API for IBM App Connect Enterprise as a Service

You can access and use the IBM® App Connect Enterprise as a Service API after you obtain an access token for authentication.

About this task

To use the App Connect Enterprise as a Service API, you must first authenticate your credentials by including an access token in your API calls. To get an access token, you must generate an API key, a client ID, and a secret in App Connect Enterprise as a Service. The client ID represents a specific instance of App Connect Enterprise as a Service and all users of that instance share the ID. The API key represents a specific user of an instance and is specific to that user.

If you have a service that needs to access the API, you can also create a service ID, then create an API key for the service ID. The service ID is a type of user ID that represents that service. All users of the instance where the service ID is created can access the service ID.

Accessing the API with a personal API key

Procedure

The following steps describe how a specific user can get an access token by generating an API key, client ID, and secret.

  1. Log in to your instance of App Connect Enterprise as a Service.
  2. Generate an API key by completing the following steps.
    1. Click your initials on the App Connect Enterprise as a Service header, then select Service IDs and API keys.
    2. Click the API keys tab, then click Generate key.
    3. Enter a name for your API key, add a description if you want one, then click Generate key.
      The name of the API key can be up to 32 characters long and can contain alphanumeric characters, underscores (_), hyphens (-), and periods (.).
      An API key is generated and is visible for 300 seconds. You can view the key by clicking The icon that shows a API key value. (Show API key). You can't recover the API key after you leave this screen. Therefore, either download it as a JSON file by clicking the provided link, or click Copy to clipboard, then paste the key into a file for later use. After you download or copy the key, close the dialog box.
  3. Generate a client ID and secret by completing the following steps.
    1. Go to the Settings page The icon that represents the Settings page., and on the Public API credentials tab, click Generate.
    2. Enter a name for your client ID, then click Generate.
      The name of the client ID can be up to 40 characters long and can contain alphanumeric characters, underscores (_), and hyphens (-).
      A client ID and secret are generated. You can't recover the client secret after you leave this screen. Copy the values by clicking Copy to clipboard The icon that represents copying to the clipboard., then paste them into a file for later use. After you copy the values, click Close.
    3. Optional: To download the OpenAPI specification for this API, click API specification.
  4. To get an access token, use a tool like cURL or Postman to send a POST request to the App Connect Enterprise as a Service API for the token object (api/v1/tokens).
    You need to provide the following information.
    • The URL of the API for your App Connect Enterprise as a Service instance, which is https://api.region.appconnect.automation.ibm.com, where region is the region where your instance is hosted. You can find the region (such as p-vir-c1) in the URL for your instance.
      Screenshot that shows the region ID in the URL for your instance.

      You can also generate this URL in the API specification by selecting your region.

    • The instance ID of your App Connect Enterprise as a Service instance, which is the nine-character identifier at the beginning of the URL for your instance.
      Screenshot that shows the instance ID at the beginning of the instance URL.
    • The API key, client ID, and client secret that you generated.
    The following example shows the structure of the cURL command that you would use with your credentials to get an access token.
    curl --request POST \
  --url https://api.region.appconnect.automation.ibm.com/api/v1/tokens \
  --header 'X-IBM-Client-Id: clientId' \
  --header 'X-IBM-Client-Secret: clientSecret' \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --header 'x-ibm-instance-id: appConnectInstanceId' \
  --data '{
  "apiKey": "myapikey"
}'

Results

If your request is successful and your credentials are confirmed, an access token is returned in the following format. 
{
    "access_token": "myAccessToken",
    "token_type": "bearer",
    "scope": "appcon:manage",
    "expires_in": 43200
}
Note: The access token is valid for 12 hours from when it is created. After that time, you must request a new token.
When you make subsequent calls to the API, you must use the X-IBM-Client-Id header to provide your client ID, and the Authorization: Bearer header to provide this access token. For example, the following call requests a list of configurations.
curl --request GET \
--url https://api.region.appconnect.automation.ibm.com/api/v1/configurations \
--header "Authorization: Bearer myAccessToken" \
--header 'X-IBM-Client-Id: myClientId' \
--header 'accept: application/json'
Note: Authorization: Bearer is case-sensitive and must be referred to in calls with the correct capitalization.

Accessing the API with a shared service ID

Procedure

The following steps describe how to get an access token for a service to use by generating a service ID, API key, client ID, and secret.

  1. Log in to your instance of App Connect Enterprise as a Service.
  2. Generate a service ID and API key by completing the following steps.
    1. Click your initials on the App Connect Enterprise as a Service header, then select Service IDs and API keys.
    2. Click the Service IDs tab, then click Create service ID.
    3. Enter a name for the service ID and choose an appropriate role.
      Administrator
      A service with an administrator role can create, read, update, and delete users, roles, and groups for an instance.
      User
      A service with a user role can view the instance but can't complete user management tasks like adding users.
    4. Click Create.
      The service ID is created and appears in the table, which also has information like who created the ID and how many API keys are associated with it.
    5. To create an API key for the service ID, open the action menu (The icon that represents the action menu for the service ID.) for the service ID, click Create API key, then click Generate key.
    6. Enter a name for your API key, add a description if you want one, then click Generate key.
      The name of the API key can be up to 32 characters long and can contain alphanumeric characters, underscores (_), hyphens (-), and periods (.).
      An API key is generated and is visible for 300 seconds. You can view the key by clicking The icon that shows a API key value. (Show API key). You can't recover the API key after you leave this screen. Therefore, either download it as a JSON file by clicking the provided link, or click Copy to clipboard, then paste the key into a file for later use. After you download or copy the key, close the dialog box.
      Note: API keys for service IDs are not listed on the API keys tab. To view API keys for a service ID, click the action menu (The icon that represents the action menu for the service ID.) for the service ID, then click View Service ID details. If you delete a service ID, the associated API key is also deleted.
  3. Generate a client ID and secret by completing the following steps.
    1. Go to the Settings page The icon that represents the Settings page., and on the Public API credentials tab, click Generate.
    2. Enter a name for your client ID, then click Generate.
      The name of the client ID can be up to 40 characters long and can contain alphanumeric characters, underscores (_), and hyphens (-).
      A client ID and secret are generated. You can't recover the client secret after you leave this screen. Copy the values by clicking Copy to clipboard The icon that represents copying to the clipboard., then paste them into a file for later use. After you copy the values, click Close.
    3. Optional: To download the OpenAPI specification for this API, click API specification.
  4. To get an access token, use a tool like cURL or Postman to send a POST request to the App Connect Enterprise as a Service API for the token object (api/v1/tokens).
    You need to provide the following information.
    • The URL of the API for your App Connect Enterprise as a Service instance, which is https://api.region.appconnect.automation.ibm.com, where region is the region where your instance is hosted. You can find the region (such as p-vir-c1) in the URL for your instance.
      Screenshot that shows the region ID in the URL for your instance.

      You can also generate this URL in the API specification by selecting your region.

    • The instance ID of your App Connect Enterprise as a Service instance, which is the nine-character identifier at the beginning of the URL for your instance.
      Screenshot that shows the instance ID at the beginning of the instance URL.
    • The API key, client ID, and client secret that you generated.
    The following example shows the structure of the cURL command that you would use with your credentials to get an access token.
    curl --request POST \
  --url https://api.region.appconnect.automation.ibm.com/api/v1/tokens \
  --header 'X-IBM-Client-Id: clientId' \
  --header 'X-IBM-Client-Secret: clientSecret' \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --header 'x-ibm-instance-id: appConnectInstanceId' \
  --data '{
  "apiKey": "myapikey"
}'

Results

If your request is successful and your credentials are confirmed, an access token is returned in the following format. 
{
    "access_token": "myAccessToken",
    "token_type": "bearer",
    "scope": "appcon:manage",
    "expires_in": 43200
}
Note: The access token is valid for 12 hours from when it is created. After that time, you must request a new token.
When you make subsequent calls to the API, you must use the X-IBM-Client-Id header to provide your client ID, and the Authorization: Bearer header to provide this access token. For example, the following call requests a list of configurations.
curl --request GET \
--url https://api.region.appconnect.automation.ibm.com/api/v1/configurations \
--header "Authorization: Bearer myAccessToken" \
--header 'X-IBM-Client-Id: myClientId' \
--header 'accept: application/json'
Note: Authorization: Bearer is case-sensitive and must be referred to in calls with the correct capitalization.