Authentication

Once you gain access to Transparent Supply you need to get properly authenticated in a 2-step process - first to get an API key, then to get an access token. This page provides instructions on how to achieve authentication.

Procedure

  1. Create a personal IBM Cloud service ID and API key
    1. Create a service ID with IBM Cloud Identity and Access Management (IAM)
    2. Create and download an API key file from IBM Cloud IAM
    3. Store the service ID in Transparent Supply
    4. Note about service IDs in the Users module
      The API key file you create in this step can be reused. You only need to do this step once. You can create a new API key as needed for a good security practice. If you decide to do so, you may reuse the same service ID. Step 2 - Use the API key to get a service token
    5. Use the API key to obtain an IBM Cloud access token
    6. Exchange the Cloud token to get a service token.
      This step needs to be repeated once your token has expired.
    Security
  2. Use the API key to get a service token
    • Windows users: Use an application such as Cygwin.
    • Mac users: Use the terminal application.
    1. Use the API key to obtain an IBM Cloud access token
    1. Copy the following cURL command and replace the API KEY FILE CONTENT (including the square brackets) with the JSON structure (with curly brackets) of the API key file you have downloaded in the step above.

      Regardless of the programming language you use, Step 2 to get a service token remains the same. See more examples in other programming languages on this authentication example page.

      curl -X POST --header "Content-Type: application/x-www-form-urlencoded" 
             --data "grant_type=urn:ibm:params:oauth:grant-type:apikey" 
			 --data "apikey=[API KEY FILE CONTENT]" 
     https://iam.cloud.ibm.com/identity/token`

      cURL command to get an IBM Cloud access token

      Executing the cURL command above will give back a JSON access token file similar to the example below. Make sure you save the content of this content as a JSON file as you will need it to exchange for a service token. Again, your response file will have different values in the fields shown in this example.

      {
  "access_token": "eyJraWQ...",
  "refresh_token": "OKA3S...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "expiration": 1600972782,
  "refresh_token_expiration": 1603561182,
  "scope": "ibm openid"
}

Exchange the Cloud token to get a service token

Copy the following cURL command and replace the "ACCESS TOKEN JSON FILE CONTENT, DOMAIN NAME and ORGANIZATION ID phrases (including the square brackets) with appropriate values. See the instructions below.

curl -X POST`
     -H 'Content-Type: application/json'
	 -d '[ACCESS TOKEN JSON FILE CONTENT]' 
	 https://[DOMAIN NAME]/ift/api/identity-proxy/exchange_token/v1/organization/[ORGANIZATION ID]

cURL command to get a Transparent Supply service token

Use the access token JSON file content from the previous cURL command execution to replace the **ACCESS TOKEN JSON FILE CONTENT ** phrase.

Replacing DOMAIN NAME
Your domain name is embedded in the URL of your version of Transparent Supply. Log on to Transparent Supply with a URL you have been provided. Once the home page is loaded, notice the URL in the browser window. For example, if your URL is https://staging.devplayground.biz/home Your domain name would be a phrase similar to the part highlighted above between // and /.
Replacing ORGANIZATION ID
Your organization ID can be found in the Users module in Transparent Supply. Navigate to the Users module using the bento box menu on the far right corner of the page banner in Transparent Supply. On the Users page, find the name of your organization on the top of the page (below the page banner.) Find My organization ID and click the eye icon to view the ID. Use this ID to replace the ORGANIZATION ID phrase in the cURL command above.