Configuring security credentials for connecting to an IBM App Connect REST API

Create a security identity by using the mqsisetdbparms command, and configure an AppConnectRESTRequest node in a message flow to use that identity for connecting to a secured App Connect REST API.

About this task

Follow these steps to configure a connection to a secured App Connect REST API:

Procedure

Use the mqsisetdbparms command to associate a user name, password, and API key with a connection to an App Connect REST API.
You can specify these values in any one of the following combinations:
- User ID, password, and API key
- User ID and password
- API key only
You can specify the security credentials by setting the following parameters:

-n rest::securityIdentity

The name of the security identity that is used to authenticate a connection to an App Connect REST API, where securityIdentity is the value of the Security Identity property in the AppConnectRESTRequest node.

-u UserId

The user ID to be used for connecting to the App Connect REST API.

-p Password

The password to be used for connecting to the App Connect REST API.

-k API key

The API key to be used for connecting to the App Connect REST API.
The following example shows how to specify a user ID, password, and API key:
```
mqsisetdbparms integrationNodeName -n rest::myRESTSecurityIdentity -u myRESTUserID -p myRESTPassword -k myRESTAPIKey 
```
Alternatively, you might choose to specify only the API key, as shown in the following example:
```
mqsisetdbparms integrationNodeName -n rest::myRESTSecurityIdentity -k myRESTAPIKey 
```
For more information about associating security credentials with resources, see mqsisetdbparms command.
In your message flow, specify the name of the security identity that you configured in step 1 (in this example, myRESTSecurityIdentity) as the value in the Security identity property in the AppConnectRESTRequest node.
This security identity will be used when you connect to the App Connect REST API from IBM® Integration Bus.
In order for the AppConnectRESTRequest request node to authenticate to a REST API using a security identity created with the mqsisetdbparms command, the AppConnectRESTRequest node requires additional information about how to apply that security identity to the REST API. The AppConnectRESTRequest node uses the specified security identity only if the operation or API being invoked specifies one or more security requirements in the Swagger document.

What to do next

You can use the mqsireportdbparms command to show information about the security identities that are being used for connecting to a REST API. For example:

Enter the following command to show the security identity for HTTP Basic Authentication and the API key, for use with an AppConnectRESTRequest node:

mqsireportdbparms IB10NODE -n rest::myBasicAuthAndApiKey

This command returns output similar to the following example:

$ mqsireportdbparms IB10NODE -n rest::myBasicAuthAndApiKey
BIP8180I: The resource name 'rest::myBasicAuthAndApiKey' has userID 'myUserID'.
BIP8214I: The resource name 'rest::myBasicAuthAndApiKey' has API key 'C664C588-885A-4F07-9390-9CD7A4F8A89F'.

Enter the following command to validate the password for a single security identity for HTTP Basic Authentication, for use with an AppConnectRESTRequest request node:

mqsireportdbparms IB10NODE -n rest::myBasicAuth -u myUserID -p password

This command returns output similar to the following example:

$ mqsireportdbparms IB10NODE -n rest::myBasicAuth -u myUserID -p password
BIP8180I: The resource name 'rest::myBasicAuth' has userID 'myUserID'.
BIP8201I: The password you entered, 'password' for resource 'rest::myBasicAuth' and userId 'myUserID' is correct.
BIP8206I: The Integration node is not running and may not have been restarted since the last change made by the mqsisetdbparms command.

BIP8071I: Successful command completion.

For more information about the security credentials that have been set on the integration node, see mqsireportdbparms command.