Management API config

From i2Rest
Revision as of 14:04, 29 June 2020 by Pavel.lobko (talk | contribs) (Created page with "=Request authorization= Most of requests to i2Rest Sever require authorization. Such requests as IBM i command call, I2Rest_API#run_program_AP...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Request authorization

Most of requests to i2Rest Sever require authorization. Such requests as IBM i command call, API call (except anonymous API call) and management api call will not be served without OAuth2 token with appropriate scope. There is a OAuth2 object, representing built-in authorization model. i2Rest built-in authorization model configuration options on example.

    "OAuth2":
  {
     "scopes": {"management_functions" : {"description":"i2Rest management APIs call"},
                "run_program"          : {"description":"Run *PGM and *SRVPGM"}, 
                "run_command"          : {"description":"Run CL command"}
  },
     "users":
     {
        "USRX":{"description":"John Johnes","valid_clients":{"TSTCLNT":{"scopes":["management_functions"]}}}
     },
     "clients":
     {
        "TSTCLNT":{"redirect_uri":"<main gate URL>/oauth2/redirect", 
                   "description":"Test client", 
                   "valid_scopes":["management_functions"],
                   "valid_grant_types":["authorization_code"]}
     },
     "tokens": {"type":"token"},"codes":{"type":"code"}
  }

The snippet above shows us In general worlds i2Rest authorization model is something like WHAT is allowed and to WHOM, and HOW it realized. WHAT parameters - are the "scopes", HOW parameters - "tokens", WHOM parameters - "users" and "clients" (built-in authorization model implies that both "users" and "clients" has to be registered as an IBM i users). So we can see that user USRX using client TSTCLNT is allowed to do some actions within "managment_functions" scope. And these are exactly the settings of Oauth2 object that we need to perform a Мanagement api call.

Мanagement API call

So, what you have to do before we can test Мanagement API call to i2Rest Server:

a) Register two users on IBM i - one for a "сlient" parameter and one for a "user" parameter.
b) Fill the OAuth2 object template above with IBM i users values. Then add the snippet to your basic server configuration(with or without ssl protection) and put your new *.json anywhere on IBM i IFS.
c) Restart server to apply your new configuration *.json.

Now let's test the configuration obtaining Oauth2 token with SoapUI, and than proceed to Management api authorized call.

Retrieved from "https://www.i2rest.com/index.php?title=Management_API_config&oldid=1434"