To automatically authenticate with the Operational Decision Manager services through the Cloud Pak
Zen platform, you must use an API key.
About this task
To deploy RuleApps or to run tests and simulations, you must create server configurations so that
you can connect from Decision Center to the Decision Server console and to Decision Runner. A Zen
OpenID provider allows you to manage these server configurations through a Zen API key. You need at
least one of the following roles:
- ODM Administrator (permission: ODM - Administer Decision Server; ODM Liberty role:
resAdministrators
)
- ODM Runtime administrator (permission: ODM - Monitor and deploy decision services in Decision
Server; ODM Liberty role:
resDeployers
)
Procedure
Note: The following steps take place after an installation of Operational Decision Manager.
-
Generate an API key.
- To consume a Zen API key, note the following recommendations.
- For Decision Center API calls and Decision Server console REST API calls, use a Zen API key.
A
Zen API key with the "Authorization: ZenApiKey <username:zenapikey base64
encoded>"
header does not expire. For more information, see
Authorizing HTTP requests by using the Zen API key
- For Decision Server Runtime REST API calls, although you can use a Zen API key, it is preferable
to use basic authentication for performance reasons.
Basic authentication with the
"Authorization: Basic <username:password base64 encoded>"
header provides the
best performance.
A default basic registry with the following users is provided in the form of
a
webSecurity.xml file:
resExecutor
to execute rules on the Decision Server Runtime
odmAdmin
to execute REST API calls on Decision Center and Decision Server
Console
To customize the default basic registry, you must provide your own
webSecurity.xml in the customization.authSecretRef secret.
For more information, see Optional user access configurations.
Here are two curl
examples that illustrate the usage of the basic auth
header to call a decision
service:
curl -H "Content-Type: application/json" -k --data @loanvalidation.json -H "Authorization: Basic cmVzRXhlY3V0b3I6cmVzRXhlY3V0b3I=" https://DecisionServerRuntime:Port/DecisionService/rest/LoanValidationDS/1.0/loan_validation_with_score_and_grade/1.0
Where
cmVzRXhlY3V0b3I6cmVzRXhlY3V0b3I=
is the base64 encoding of the current
username:password
resExecutor:resExecutor
curl -H "Content-Type: application/json" -k --data @loanvalidation.json -H "Authorization: ZenApiKey Y3A0YWRtaW46OTBFYnpCTkt5Y1ZnZ3dGc1dEMkhSeGhsWU80VFZvRmh1d3VMUkVEbg==" https://DecisionServerRuntime:Port/DecisionService/rest/LoanValidationDS/1.0/loan_validation_with_score_and_grade/1.0
Where
Y3A0YWRtaW46OTBFYnpCTkt5Y1ZnZ3dGc1dEMkhSeGhsWU80VFZvRmh1d3VMUkVEbg==
is the base64
encoding of the current username:ZenApiKey
cp4admin:90EbzBNKycVggwFsWD2HRxhlYO4TVoFhuwuLREDn