ION API calls from Application Engine processes
Calling ION API endpoints requires authentication against the
ION API gateway. Processes cannot call the ION API directly. Instead, authorization is through a backend service
application. Administrators maintain service accounts that have resource owner grants. Each
service account represents a user under which calls to ION API are
made. That is, the service account is used to impersonate a user of the backend
application.
Calling ION API requires these prerequisites to be met:
- A backend service application on the tenant level, created in ION API. Without this application, no communication with ION API is possible.
- A service account for user impersonation.
The service account for the backend application is created manually in Infor Ming.le and downloaded, as an .ionapi file.
The service accounts for user impersonation are also created in Infor Ming.le User Management and are downloaded as .csv files. Service accounts include an Access Key and a Secret Key.
The service accounts for both the backend application and user impersonation are managed in
the Service Accounts dashboard file. The credentials generated by the backend service
application include an OAuth ClientID and Client Secret.
Note: We
recommend that, when using ION API calls to call functions of the
Modeling Service, you define tasks that run no longer than 15
minutes. After 15 minutes functions are canceled. However, the cancelation does not have
effect inModeling Service, in which load queries, scripts, and
mappings continue to run.