Adding API keys

When an API key is assigned to the external client, the external client can access and interact with data in the Manage system. The interaction happens by using the API key as an apikey query parameter or an apikey request header in REST API calls. REST API calls that use an API key do not create a persistent server connection, and the API key must be part of all REST API requests that the external client makes.

Before you begin

If you insert a certificate when you add an API Key, ensure that you acquire the certificate beforehand from a certificate authority.

Procedure

  1. In the API Keys application, click Add API key.
  2. In the Add API key dialog, select the user for whom you are creating the API key, in the User field.
  3. Set Minutes Or Expiry Date to on if you want to specify an expiry date for the API key. Set it to off if you want to specify the expiry period in minutes.
  4. Set Certificate to true if you want to insert a certificate for the API key being added.
    The Insert certificate field is displayed.
  5. In the Insert certificate field, paste a valid and unique certificate.
    The certificate must be in the format beginning with -----BEGIN CERTIFCATE----- and ending with -----END CERTFICATE-----. It must conform to the PEM X.509 standard.
    The following example is a sample certificate:
    -----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIQQoHZvObaTzAOe7m+/xDF8DANBgkqhkiG9w0BAQsFADCB
hjELMAkGA1UEBhMCR0IxDzANBgNVBAcTBkxvbmRvbjEPMA0GA1UECRMGTG9uZG9u
MS4wLAYDVQQLEyVJQk0gTWF4aW1vIEFwcGxpY2F0aW9uIFN1aXRlIChQdWJsaWMp
MSU.............................................................
EAxMxbWFuYWdlLmZyYW1l...........................................
MDQyNC5hcHBzLm1hbmFnZS1vY3AyLmNwLmZ5cmUuaWJtLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAPs7owfsm9eZV5z3XQSFCLY3DgnIubJwksrj
BFs+t57O/Ly9w5vZki4VnKkpZ7ZWcICKdGHRO8bFK8UdufDDhgd21YczlQbOlfHh
YemAL2wZUNo8kDp1XyBJn8z53F/cI+Ag1oxYBHhhFzgl4tInQ0IQlhU/nCSPQQ2k
72DIiFz/K593BqMTOv35nVNZJWd2YvkLqJrNYtTnRpf1/o6gLs/qOzKwmDvwiQhv
uhDwIfSn3kVk/EvcSXndlBuRWIuhjMc3uhB3dPnOLwR8VSoy5JhPyGbPIcpupODH
TmYqJjrNqoPgSVBLlTcfxMZOVTGZZzC9PV8Qv55ADNb045ehE6MCAwEAAaOBtTCB
sjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQJ5HnO
................................ajBogjFtYW5hZ2UuZnJhbWUwNDI0LmFw
cHMubWFuYWdlLW9jcDIuY3AuZnlyZS5pYm0uY29tgjMqLm1hbmFnZS5mcmFtZTA0
MjQuYXBwcy5tYW5hZ2Utb2NwMi5jcC5meXJlLmlibS5jb20wDQYJKoZIhvcNAQEL
BQADggEBACFOl5PI2VTDkI8uUmB1ZnUZkTTdsXjpAc9QZTCpwgS42drq9PFdJRir
5cUQBsRsfnXTTywKor01NkMf5rrgZwomqwDXl6fGJyODGEdbICN1x8VNGuAEkmxK
fmly/MMKQRyl7xbFOvCITxNNNwL+VpLovtTOi46aK82qg5dBHRy7sBmwT3mKmnvz
................................................................
/hwjphuBId3imKjz6dZculYspxg39NmHhDTsMUqugNSoROJkZ1vGkdRK9kQSchaE
7ckHUx1cFCG/86................=
-----END CERTIFICATE-----
    Note:
    • If you do not insert a certificate, a regular API key is created.
    • If you insert an invalid certificate, the system responds with an error.
    • If you insert a duplicate certificate, the system does not accept it.
    • Certificates have their own expiry date. If you set an expiry date for the API key, whichever date is earlier applies.
  6. Click Create to add the API key.
    You can view the expiry date and whether it is a certificate-based API key after you create the API key, in the resulting card of the API application.

What to do next

If you insert a certificate when you add an API key, you must add it to the trusted certificates in the Maximo® Application Suite user interface.
  1. From the Suite administration menu, go to Workspaces and select the Manage tile.
  2. Click Actions > Update configuration.
  3. In the Update Manage configuration window, click the Edit icon in the Imported certificates row.
  4. Click Add to specify an alias name and paste the certificate content.
  5. Click Confirm.
  6. Click Apply changes to save the changes to the configuration.
For WebSphere® Application Server Liberty to accept the certificate, you must set up a route.
  1. Log in to Red Hat® OpenShift® web console by using your administrator credentials.
  2. From the side navigation menu, click Administration > CustomResourceDefinitions.
  3. On the CustomResourceDefinitions page, search for ManageWorkspace.
  4. Click manageworkspace and then click the Instances tab.
  5. Select an instance and click the YAML tab.
  6. In the spec.settings.deployment section, add certPassthroughRoute: true.
  7. Click Save. A reconciliation is automatically triggered, and when complete, you can view the new route by going to Networking > Routes.
    Note: If you set the certPassthroughRoute property to false, the route is not deleted. You must manually delete the route.