Overview

The IBM® Graph API is a robust suite of tools that are designed to streamline integration and enhance functions for managing your digital collaboration environment. It allows developers to interact programmatically with IBM solutions, facilitating automation, data integration, and enhanced operational capabilities.

The API provides advanced features to optimize integration and security:
  • Authentication methods: Supports client secret and certificate authentication for secure and efficient access control. This flexibility allows developers to choose the most suitable authentication method for their needs.
  • Unified endpoint: The API can be accessed via a unified endpoint format https://graph.sp4c.storage-defender.ibm.com. Note that the endpoint differs based on the data center that you want to access. For details, refer to Endpoints Upon Data Center.
  • Comprehensive functions: Enables seamless interaction with IBM services, supporting tasks like data management, reporting, and configuration.
  • Scalability and performance: Designed to handle large-scale operations, helps reliability and speed in various enterprise scenarios.
  • Security measures - Authentication, TLS, and Client secrets:
    • OAuth2.0 ensures granular, auditable access control.
    • TLS 1.2/1.3 guarantees modern cryptographic protection for data in transit.
    • Strictclient secret rules and certificate requirements mitigate credential theft and brute-force attacks.

By adhering to these protocols, organizations use enterprise-grade security while accessing Graph API, ensuring data integrity and regulatory compliance. For more details, refer to Security Measures.

Legacy API

The legacy API offers essential capabilities but is slated for deprecation:
  • Capabilities:
    • Retrieve audit records for compliance and monitoring.
    • Import objects into IBM Storage Protect for Cloud for streamlined data management.
    • Register partner customers to facilitate partner integrations.
    • Access IBM Storage Protect for Cloud Microsoft 365 job information for backup management.
  • Deprecation Notice: This API has been deprecated after the January 2025 release. Transitioning to the current API is highly recommended for continued support and access to the latest features.
  • Documentation: For more details on the legacy API, refer to IBM Storage Protect for Cloud Web API.

What's in the current IBM Graph API

The IBM Graph API provides a unified endpoint to accessing IBM services data, which is designed to cater to IT professionals for robust data management, data insights, and backup monitoring solutions.

Introduction

The IBM Graph API employs advanced authentication methods to offer secure and efficient access to a wide range of capabilities, which include:
  • Retrieve audit records: Access comprehensive records from IBM Storage Protect for Cloud.
  • Streamline partner operations on customer management: Enhance efficiency in handling customer data and interactions through the IBM Storage Protect for Cloud Partners.
  • Job information retrieval: Obtain detailed job data from IBM Storage Protect for Cloud solutions for Microsoft 365, Microsoft Azure, Dynamics 365, and Google Workspace.

Key features

The API provides the following key features:
  • Advanced authentication methods: Secure access by using client secret and certificate authentication.
  • Audit records retrieval: Comprehensive monitoring and tracking of user activities to help compliance and security.
  • Manage partner operations and management: Efficient partner operations and integration management by using IBM Storage Protect for Cloud Partners.
  • Job information retrieval: Detailed insights into IBM Storage Protect for Cloud operations to offer data integrity and availability.

For more features and use cases, see Use cases.

Endpoints Upon Data Center

Region URL
APAC - Australia https://auea-graph.sp4c.storage-defender.ibm.com/
Canada Central (Toronto) https://case-graph.sp4c.storage-defender.ibm.com/
Germany West Central (Frankfurt) https://dewc-graph.sp4c.storage-defender.ibm.com/
Switzerland North (Zurich) https://chno-graph.sp4c.storage-defender.ibm.com/
UK South (London) https://ukso-graph.sp4c.storage-defender.ibm.com/
Brazil South (Sao Paulo State) https://brso-graph.sp4c.storage-defender.ibm.com/
East US 2 (Virginia) https://usea-graph.sp4c.storage-defender.ibm.com/

SecurityMeasures

  • Authentication Method (OAuth 2.0)

    IBM Graph API exclusively uses the OAuth 2.0 protocol for authentication and authorization. This industry-standard framework ensures secure delegated access to resources. Applications must authenticate via the app registered through IBM Storage Protect for Cloud App registration to obtain OAuth 2.0 access tokens, which grant scoped permissions for interacting with Graph API endpoints. This process prevents unauthorized access by validating identities and enforcing least-privilege principles.

  • TLS Requirements: TLS 1.2/1.3

    All connections to IBM Graph API endpoints must use Transport Layer Security (TLS) protocols, TLS 1.2 or TLS 1.3. Earlier versions (TLS 1.0/1.1) are explicitly disabled and non-compliant. This ensures end-to-end encryption for data in transit, protecting against eavesdropping, tampering, and man-in-the-middle attacks. Applications failing to negotiate TLS 1.2+ connections will be blocked.

  • Certificates and Client Secret Specifications
    • IBM recommends that you set an expiration for the secrets of one year for the app registration, and the secrets are hashed using SHA-256 before storing to IBM's secure backend system.
    • Certificate-based authentication
      • For enhanced security, use X.509 certificate instead of client secretes.
      • The certificate must contain a public key, and you must have access to the corresponding private key.
      • The "Key Usage" extension of the certificate must be marked for Digital Signature.