API calls from Application Engine processes
Calling API Gateway endpoints requires authentication against the
API Gateway. Processes cannot call the API Gateway directly. Instead, authorization is through a backend service application. Administrators
maintain service accounts that have resource owner grants. Each service account represents a
user under which calls to API Gateway are made. That is, the service
account is used to impersonate a user of the backend application.
Calling API Gateway requires these prerequisites to be met:
- A backend service application on the tenant level, created in API Gateway. Without this application, no communication with API Gateway is possible.
- A service account for user impersonation.
The service account for the backend application is created manually in Infor OS Portal and downloaded, as an .ionapi file.
The service accounts for user impersonation are also created in Infor OS Portal Security and are downloaded as .csv files. Service accounts include an Access Key and a Secret Key.
The service accounts for both the backend application and user impersonation are managed in
the Service Accounts dashboard file. The credentials generated by the backend service
application include an OAuth ClientID and Client Secret.
Note: We
recommend that, when using API Gateway calls to call functions of the
Modeling Service, you define tasks that run no longer than 15
minutes. After 15 minutes functions are canceled. However, the cancellation does not have
effect inModeling Service, in which load queries, scripts, and
mappings continue to run.