Sponsor Administrators can create configurations for using REST APIs with IBM PEM. These configurations are used to integrate the Sponsor organization's API servers
with IBM PEM. These API configurations are used when API calls are added to
activities.
If the API requires a certificate, you must upload one before the API configuration can complete
successfully. An API that does not belong to the trusted store for the uploaded certificate is not
allowed.
The system administrator can create API
configurations and can share them with sponsors. When a shared API configuration is used in an
activity, host and port details in the API configuration are masked for the sponsor or the
Onboarding Implementer inside a sponsor context in the following scenarios:
- While viewing the API dialog in the executed activity.
- While viewing an activity that is in the final state.
- While rolling out an activity that is in the final state if the API configuration is selected in
the context data.
-
Sign in to the PEM Portal as a Sponsor Administrator.
- Select .
You can view a list of existing API configurations, or search by name. You can use the arrow
icons under Actions to edit an existing API configuration.
Note: If
the system administrator shares an API configuration with a sponsor, the sponsor or the Onboarding
Implementer cannot view the shared API configuration in the list when navigating inside the sponsor
context. However, the Sponsor or the Onboarding Implementer can use the API configuration that are
shared with them while defining activities inside the sponsor context but the host and port details
for the shared API configurations are masked.
You can select the number of items that are
displayed per page in the Show 10 per page field.
The default is 10 items, but you can choose to display fewer items
or more items.
- Click Create.
The API
Configuration window is displayed.
- Enter information for the following fields:
| Option |
Description |
|---|
| Name |
Enter a name for the API that is unique across your company. Note: This name
must be entered when a Sponsor user sets up an activity to call the API.
|
| Protocol |
Select the protocol to use. For https protocol, you must upload a certificate.
Important: If you are using http, the password is not encrypted during the REST API
call.
|
| Host |
Enter the domain that is used to call the API. |
| Port |
Enter a valid port number to access the API in the host or
domain. |
| Add more endpoints |
Optional. Click the link to open a window to add endpoints to be used
for failover in case of connectivity problems with the primary endpoint.
- Click Add.
- Enter the host address and the port number for up to 4 endpoints.
- Click OK.
To remove an endpoint, select the check box next to the endpoint to remove, and click
Remove. Click OK. |
| Preemptive authentication |
Select the check box to enable preemptive authentication or clear the check box to disable
preemptive authentication. Note: In preemptive authentication, the client sends the basic
authentication request before the server requests it to reduce the time that the system takes to
make a connection.
|
| Authenticate with |
- User Name and Password: Select this option to authenticate the REST API
call with the username and password. Enter the username and password that you need to use for
authentication.
- Internally generated token: Select this option to authenticate the REST
API call by using the JWT token that is generated in IBM PEM.
This option is
applicable only in API Configuration for IBM PEM and PEM Partner Repository REST APIs. When you select this method for authentication, it allows
activities to invoke these APIs even if the password of the user is expired. When you select this
option, IBM PEM generates a JWT token and it is used to authenticate the IBM PEM
and PEM Partner Repository APIs. The generated token is associated to the primary
administrator user of the sponsor for authentication.
- None: Select this option if you do not want to authenticate the REST API
call.
|
| Verify host |
Select this check box to verify the host name in the URL with the host name in the server
certificate. Default is true. Note: The value for this parameter is ignored for the HTTP
protocol.
|
- Click Save.