ION API calls from Application Engine processes

Calling ION API endpoints requires authentication against the ION API gateway. Processes cannot call the ION API directly. Instead, authorization is through a backend service application. Administrators maintain service accounts that have resource owner grants. Each service account represents a user under which calls to ION API are made. That is, the service account is used to impersonate a user of the backend application.

Calling ION API requires these prerequisites to be met:

A backend service application on the tenant level, created in ION API. Without this application, no communication with ION API is possible.
A service account for user impersonation.

The service account for the for the backend application is created manually in Infor Ming.le and downloaded, as an .ionapi file.

The service accounts for user impersonation are also created in Infor Ming.leUser Management and are downloaded as .csv files. Service accounts include an Access Key and a Secret Key.

The service accounts for both the backend application and user impersonation are managed in the Service Accounts dashboard. file. The credentials generated by the backend service application include an OAuth ClientID and Client Secret.