Difference between revisions of "Run command Api config"
Pavel.lobko (talk | contribs) |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:How to allow calls to run_command API}} | {{DISPLAYTITLE:How to allow calls to run_command API}} | ||
| − | This API allows you to call IBM i commands | + | This API allows you to call IBM i commands. Requests to this API must be authorized using OAuth2 token with "run_command" in its [[I2Rest_scopes#|scope]]. |
;Step 1 | ;Step 1 | ||
| − | :Register two users on IBM i. | + | :Register two users on IBM i. The first will be used as a demonstrative OAuth2 resource owner, and the second one as an OAuth2 client. |
;Step 2 | ;Step 2 | ||
| − | :Contact your system administrator for your IBM i server host name (or IP) and ''two'' available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). | + | :Contact your system administrator for your IBM i server host name (or IP) and ''two'' available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Сopy and paste the snippet bellow. Replace with appropriate values highlighted with <b>bold</b> parts: host_name, ports, pcml_file, user (resource owner) and client. We will start with simplest non-encrypted connections, so please leave http as a protocol.<br/>For clarity, differences with [[I2Rest_quick_config|Basic configuration]] are highlighted in <span style="background:#D3D3D3;">gray</span>: |
| − | [[I2Rest_quick_config|Basic configuration]] | ||
{ | { | ||
"gates": | "gates": | ||
{ | { | ||
| − | "main" : {"url":"http://< | + | "main" : {"url":"http://<b><host_name>[:port] (for example api.i2rest.com:1234)</b>"}, |
| − | "management" : {"url":"http://< | + | "management" : {"url":"http://<b><host_name>[:port] (for example api.i2rest.com:4321)</b>"} |
}, | }, | ||
"session_systems": | "session_systems": | ||
[ | [ | ||
| − | <span style="background:# | + | <span style="background:#D3D3D3;">{ "name" : "*LOCAL", |
"submit" : SBMJOB JOB(I2RESTS) \ | "submit" : SBMJOB JOB(I2RESTS) \ | ||
USER(${user}) \ | USER(${user}) \ | ||
| Line 26: | Line 25: | ||
'-init' 'ADDLIBLE I2REST'))" \ | '-init' 'ADDLIBLE I2REST'))" \ | ||
}</span> | }</span> | ||
| − | ] | + | ]<span style="background:#D3D3D3;">, |
| − | + | "OAuth2": | |
{ | { | ||
| − | "scopes": {"run_command" : {"description":"IBM i command call"} | + | "scopes": {"run_command" : {"description":"IBM i command call"}}, |
| − | |||
"users": | "users": | ||
{ | { | ||
| − | "< | + | "<b>USRX</b>":{"description":"<b>John Johnes</b>","valid_clients":{"<b>TSTCLNT</b>":{"scopes":["run_command"]}}} |
}, | }, | ||
"clients": | "clients": | ||
{ | { | ||
| − | "< | + | "<b>TSTCLNT</b>":{"redirect_uri":"<b><main gate URL></b>/oauth2/redirect", |
"description":"Test client", | "description":"Test client", | ||
"valid_scopes":["run_command"], | "valid_scopes":["run_command"], | ||
"valid_grant_types":["authorization_code"]} | "valid_grant_types":["authorization_code"]} | ||
| − | + | } | |
| − | |||
}</span> | }</span> | ||
} | } | ||
| + | |||
| + | Now you are ready to [[I2Rest_Start|start]] serve run_command API.<br/> | ||
Latest revision as of 20:39, 25 August 2020
This API allows you to call IBM i commands. Requests to this API must be authorized using OAuth2 token with "run_command" in its scope.
- Step 1
- Register two users on IBM i. The first will be used as a demonstrative OAuth2 resource owner, and the second one as an OAuth2 client.
- Step 2
- Contact your system administrator for your IBM i server host name (or IP) and two available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Сopy and paste the snippet bellow. Replace with appropriate values highlighted with bold parts: host_name, ports, pcml_file, user (resource owner) and client. We will start with simplest non-encrypted connections, so please leave http as a protocol.
For clarity, differences with Basic configuration are highlighted in gray:
{
"gates":
{
"main" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:1234)"},
"management" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:4321)"}
},
"session_systems":
[
{ "name" : "*LOCAL",
"submit" : SBMJOB JOB(I2RESTS) \
USER(${user}) \
CMD(CALL I2REST \
PARM('-session' \
'-url' '${surl}' \
'-uid' '${uid}' \
'-user' '${user}')) \
'-init' 'ADDLIBLE I2REST'))" \
}
],
"OAuth2":
{
"scopes": {"run_command" : {"description":"IBM i command call"}},
"users":
{
"USRX":{"description":"John Johnes","valid_clients":{"TSTCLNT":{"scopes":["run_command"]}}}
},
"clients":
{
"TSTCLNT":{"redirect_uri":"<main gate URL>/oauth2/redirect",
"description":"Test client",
"valid_scopes":["run_command"],
"valid_grant_types":["authorization_code"]}
}
}
}
Now you are ready to start serve run_command API.
