API calls from Application Engine processes

Calling API Gateway endpoints requires authentication against the API Gateway. Processes cannot call the API Gateway directly. Instead, authorization is through a backend service application. Administrators maintain service accounts that have resource owner grants. Each service account represents a user under which calls to API Gateway are made. That is, the service account is used to impersonate a user of the backend application.

Calling API Gateway requires these prerequisites to be met:

  • A backend service application on the tenant level, created in API Gateway. Without this application, no communication with API Gateway is possible.
  • A service account for user impersonation.

The service account for the backend application is created manually in Infor Ming.le and downloaded, as an .ionapi file.

The service accounts for user impersonation are also created in Infor Ming.le User Management and are downloaded as .csv files. Service accounts include an Access Key and a Secret Key.

The service accounts for both the backend application and user impersonation are managed in the Service Accounts dashboard file. The credentials generated by the backend service application include an OAuth ClientID and Client Secret.
Note: We recommend that, when using API Gateway calls to call functions of the Modeling Service, you define tasks that run no longer than 15 minutes. After 15 minutes functions are canceled. However, the cancelation does not have effect inModeling Service, in which load queries, scripts, and mappings continue to run.