ION API calls from Application Engine processes

Calling ION API endpoints requires authentication against the ION API gateway. Processes cannot call the ION API directly. Instead, authorization is through a backend service application. Administrators maintain service accounts that have resource owner grants. Each service account represents a user under which calls to ION API are made. That is, the service account is used to impersonate a user of the backend application.

Calling ION API requires these prerequisites to be met:

A backend service application on the tenant level, created in ION API. Without this application, no communication with ION API is possible.
A service account for user impersonation.

The service account for the backend application is created manually in Infor Ming.le and downloaded, as an .ionapi file.

The service accounts for user impersonation are also created in Infor Ming.le User Management and are downloaded as .csv files. Service accounts include an Access Key and a Secret Key.

The service accounts for both the backend application and user impersonation are managed in the Service Accounts dashboard file. The credentials generated by the backend service application include an OAuth ClientID and Client Secret.

Note: We recommend that, when using ION API calls to call functions of the Modeling Service, you define tasks that run no longer than 15 minutes. After 15 minutes functions are canceled. However, the cancelation does not have effect inModeling Service, in which load queries, scripts, and mappings continue to run.