Difference between revisions of "Remote API call config"

Unlike anonimous API call we performed in our quick start guide, authorized API call requires OAuth2 token with "run_program" scope and *local Session System defined.

Step 1

Install i2Rest on the IBM i that will process remote API call.

Step 2

Create text file named I2RESTECHO.PCML anywhere on IBM i that will process remote API call IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:

<pcml version="1.0">

   <program name="echo" path="/QSYS.LIB/%LIBL%.LIB/I2RESTECHO.PGM">
      <data name="echo" usage="inputoutput" type="char" length="10" trim="both"/>
   </program>

</pcml>

Step 3

Register two users on IBM i.

Step 4

Contact your system administrator for your IBM i server host name (or IP) and two available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports, pcml_file, user (must be a regestered IBM i user) and client (must be a regestered IBM i user) with appropriate values. We will start with simplest non-encrypted connections, so please leave http as a protocol.

Basic configuration authorized API call variant (differences are highlighted in green):

{
   "gates":
   {
      "main"       : {"url":"http://<host_name>[:port] (for example api.i2rest.com:1234)"},
      "management" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:4321)"},
      "system"     : {"url":"http://<host_name>[:port] (for example api.i2rest.com:4567)"}
   },
   "session_systems":
   [
      {  "name"   : "*ANONYMOUS", 
         "submit" : "SBMJOB JOB(I2RESTA)                \
                            USER(${user})               \
                            CMD(CALL I2REST             \
                               PARM('-session'          \
                                    '-url' '${surl}'    \
                                    '-uid' '${uid}'     \
                                    '-user' '${user}')) \
                            INLLIBL(I2REST)"
      },
      {  "name"   : "<system name>",
         "submit" : SBMJOB JOB(I2RESTS)                             \
                           USER(${user})                            \
                           CMD(CALL I2REST                          \
                              PARM('-session'                       \
                                    '-url' '${surl}'                \
                                    '-uid' '${uid}'                 \
                                    '-user' '${user}'))             \
                                    '-init' 'ADDLIBLE I2REST'))"    \
      } 
   ],
   "pcmls":
   [
      {
         "pcml_mount"         : "echo",
         "pcml_file"          : "<complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)>", 
         "valid_in_anonymous" : true
      }
   ],
   "OAuth2":
   {
      "scopes":
      {
         "run_program" : {"description":"Authorized API call"}
      },
      "users":
      {
         "USRX":{"description":"John Johnes","valid_clients":{"TSTCLNT":{"scopes":["run_program"]}}}
      },
      "clients":
      {
         "TSTCLNT":{"redirect_uri":"<main gate URL>/oauth2/redirect", 
                   "description":"Test client", 
                   "valid_scopes":["run_program"],
                   "valid_grant_types":["authorization_code"]}
      },
      "tokens": {"type":"token"},"codes":{"type":"code"}
   } 
}

With "pcmls" object's "valid_in_anonymous" : true parameter unchanged, I2RESTECHO will be accessible to both anonymous and authorized request. To allow only authorized requests, "valid_in_anonymous" : false should be set.
Now you can update your SoapUI I2RESTECHO test project with Authorization profile and perform your authorized API call.