Obtaining a JWT

JSON Web Tokens (JWTs) are used by the REST API to secure a subject claim between the calling clients and the REST API. The information is verified and trusted because it is digitally signed. In other words, the REST API uses JWTs to authorize client applications allowing the user to access the resources that are permitted by the token.

To use the REST API service, you must first obtain a JWT Token using basic authentication to the IBM Financial Crimes Insight for IBM Cloud Pak for Data security authorization server (security-auth). You can then pass this token to the REST API in the HTTP x-access-token header. By default, the token expires in 4 hours.

To obtain a JWT for the <user> user:

1. Connect to your Red Hat OpenShift project using your Red Hat OpenShift client.

2. Run the following commands run the following commands where <password> is the password of the <user> user:

export nginx_route=$(oc get routes | grep common-ui-nginx | awk '{print $2}')
export securityauth_url="https://${nginx_route}/security-auth/api/v1.0/login/ldap"
echo $(curl -s -S -k -X GET "${securityauth_url}?username=<user>&password=<password>")

An encoded token response is similar to the following:

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InRsc2FkbWluIiwiZW1haWwiOiJ0bHNhZG1pbkBhbWwuaWJtLmNvbSIsImRpc3BsYXlOYW1lIjoidGxzIGFkbWluIiwicm9sZXMiOlsidGxzIiwiYWRtaW4iXSwiaWF0IjoxNTY2OTEyMjIwLCJleHAiOjE1NjY5MjY2MjAsImlzcyI6ImZjaS5pYm0uY29tIn0.F9sC0r3pzORxjodR_G9orWJ8Q5XoDi8uIi4qWysCwc4"}

A decoded token is similar to the following:

{u'displayName': u'tls admin', u'roles': [u'tls', u'admin'], u'iss': u'fci.ibm.com', u'email': u'tlsadmin@aml.ibm.com', u'exp': 1566926620, u'iat': 1566912220, u'id': u'tlsadmin'}

In general, security is the same as that provided by IBM Financial Crimes Insight for IBM Cloud Pak for Data. For more information on security, see "Security".