Creating an API configuration

Sponsor Administrators can create configurations for using REST APIs with IBM PEM. These configurations are used to integrate the Sponsor organization's API servers with IBM PEM. These API configurations are used when API calls are added to activities.

If the API requires a certificate, you must upload one before the API configuration can complete successfully. An API that does not belong to the trusted store for the uploaded certificate is not allowed.

The system administrator can create API configurations and can share them with sponsors. When a shared API configuration is used in an activity, host and port details in the API configuration are masked for the sponsor or the Onboarding Implementer inside a sponsor context in the following scenarios:
  • While viewing the API dialog in the executed activity.
  • While viewing an activity that is in the final state.
  • While rolling out an activity that is in the final state if the API configuration is selected in the context data.
  1. Sign in to the PEM Portal as a Sponsor Administrator.
  2. Select Settings > API Configuration.
    You can view a list of existing API configurations, or search by name. You can use the arrow icons under Actions to edit an existing API configuration.
    Note: If the system administrator shares an API configuration with a sponsor, the sponsor or the Onboarding Implementer cannot view the shared API configuration in the list when navigating inside the sponsor context. However, the Sponsor or the Onboarding Implementer can use the API configuration that are shared with them while defining activities inside the sponsor context but the host and port details for the shared API configurations are masked.

    You can select the number of items that are displayed per page in the Show 10 per page field. The default is 10 items, but you can choose to display fewer items or more items.

  3. Click Create.
    The API Configuration window is displayed.
  4. Enter information for the following fields:
    Option Description
    Name Enter a name for the API that is unique across your company.
    Note: This name must be entered when a Sponsor user sets up an activity to call the API.
    Protocol Select the protocol to use. For https protocol, you must upload a certificate.
    Important: If you are using http, the password is not encrypted during the REST API call.
    Host Enter the domain that is used to call the API.
    Port Enter a valid port number to access the API in the host or domain.
    Add more endpoints Optional. Click the link to open a window to add endpoints to be used for failover in case of connectivity problems with the primary endpoint.
    • Click Add.
    • Enter the host address and the port number for up to 4 endpoints.
    • Click OK.
    To remove an endpoint, select the check box next to the endpoint to remove, and click Remove. Click OK.
    Preemptive authentication Select the check box to enable preemptive authentication or clear the check box to disable preemptive authentication.
    Note: In preemptive authentication, the client sends the basic authentication request before the server requests it to reduce the time that the system takes to make a connection.
    Authenticate with
    • User Name and Password: Select this option to authenticate the REST API call with the username and password. Enter the username and password that you need to use for authentication.
    • Internally generated token: Select this option to authenticate the REST API call by using the JWT token that is generated in IBM PEM.

      This option is applicable only in API Configuration for IBM PEM and PEM Partner Repository REST APIs. When you select this method for authentication, it allows activities to invoke these APIs even if the password of the user is expired. When you select this option, IBM PEM generates a JWT token and it is used to authenticate the IBM PEM and PEM Partner Repository APIs. The generated token is associated to the primary administrator user of the sponsor for authentication.

    • None: Select this option if you do not want to authenticate the REST API call.
    Verify host Select this check box to verify the host name in the URL with the host name in the server certificate. Default is true.
    Note: The value for this parameter is ignored for the HTTP protocol.
  5. Click Save.