OAuth2.0 Token Based authorization in Informatica Cloud Application Integration(IICS -CAI)

OAUTH Authentication with IICS:

There are many ways of authorizing the API Calls. But lets see what are the various options IICS — Informatica Cloud is offering.

1. Basic Authentication
2. OAUTH authentication
3. JWT — JSON Web Token

The Basic Authentication process allows User groups and Users that are allowed access to the process in Informatica Cloud Application Integration can invoke the API. To invoke the managed API, API consumers authenticate to the API with an Informatica Intelligent Cloud Services user name and password. But due to various security reasons it is always recommended to have the two step authorization which can be achieved with OAuth and JWT authentications.

OAuth 2.0 is a protocol for authorization that provides specific authorization flows for web applications and helps in the secure transmission of information between API consumers and web services such as Informatica Cloud Application Integration service APIs. One can also set the expiry time of the token as preferred. Lets see the process of enabling OAauth with an example.

The below content will not explain the process of creating an API process in Informatica Cloud. But will explain the process of enabling OAuth2.0 authentication in IICS Cloud Application Integration with an example to make users understand the process in a better way.

Note — API Manager supports the client credentials grant type for OAuth 2.0 authentication.

Step 1: Once the API process is built in IICS CAI , enable the HTTP Authorization requests from API Gateway like below.

Step 2: Go to API Manager -> Create a Managed API process for JEG_API_EMPLOYEE_CALL _OAUTH process.

Step 3: Open the Managed API and select the Authentication Method as — OAUTH 2.0. By default, it is set to Basic Authentication.

Step 4: Create an OAUTH Client under API Manager -> Policies -> Authorization

Authenticate with the User credentials

Enter the client name and set the Access Token Timeout. By default the timeout is 60 mins.

Choose the APIs and API Groups and select the Managed API.

Save the auto generated Client ID, Client Secret and Authorization Header details.

Authorization Header Value — YWVUSG0xbDV1NmhoY0VzQTl1Zk1pXXXXXXX=

OAuth Server URL — https://dm-us.informaticacloud.com/authz-service/oauth/token

Step 5: Request access token invoking OAUTH Server URL with Client Credentials grant type and client id and secret (Or Auth header or Basic token. This will return the access token as JWT Token)

The access token request URL can be obtained from API Manager -> Policies -> Authorization

Step 6: Run the OAUTH URL to get the Bearer token with a POST Call.

URL — https://dm-us.informaticacloud.com/authz-service/oauth/token

Add the grant_type = client_credentials to the URL

Add the Authorization Header — Basic << Header ID — Taken from Step 3 >>

Step 7: Copy the Manager API URL to fetch the data

Step 8: Apply the required input parameters to the Managed API URL and run the GET CALL with the bearer token generated in Step 7.

Managed API URL — https://apigw-pod1.dm-us.informaticacloud.com/t/go4avwaxgk0ly2udxmecwz.com/JEG_API_EMPLOYEE_CALL_OAUTH?EmailAddress=SANTOSH.RAVITEJA@JACOBS.COM

Input parameter = EmailAddress = SANTOSH.RAVITEJA@JACOBS.COM

Headers — Authorization — Bearer << Bearer Token>>

Once the OAuth is enabled, the application team needs the below details to authenticate OAuth.

1. client id
2. client Secret
3. Authorization Header

Bearer Token can be generated either using (Client Id and Client Secret) or Authorization Header to generate the Bearer Token.

Hope this explanation gives the users to enable OAuth2.0 authentication seamlessly.

JSON Web Token (JWT) — Users can also enable JSON Web Token (JWT) authentication for a managed Informatica Cloud Application Integration API that meets all of the following criteria:

• The associated process uses HTTP/SOAP binding.
• The associated process uses basic authentication and defines the user groups and users who can access the process service URL at run time.
• The associated process is published and exposed as a service.

On the API Manager Portal , select the authentication method as JWT JSON Web Token. Then Generate JWT Access Token area appears on the page.

Select an expiration date for the token and click Generate. API Manager creates a token for the managed API. The token appears on the page.

After you generate a token for the first time, the Generate New Token button appears. You can click this button to generate a new token if your earlier token has expired. After you generate a token, you cannot revoke the token.Click Copy Token to copy the token and send the token to API consumers.