Authentication and identification overview

An API consumer (invoker) must first be authenticated to gain access to the API.

The authentication process is the responsibility of Infor ION API Gateway. An API consumer, or in ION terms: Authorized App, must be configured in ION API Gateway.

See Registering an authorized app in API Gateway.

On successful authentication, ION API Gateway forwards the request to the configured endpoint.

An authenticated user can have an associated IFS-ION-Person ID. This ID is also known as Identity2.

If the Authorized App uses a service account associated with an IFS user, ION adds the X-Infor-Identity2 header with the IFS-ION-PERSON-ID to the request. Otherwise this header is not added. This identifier typically contains the IFS-User-GUID.

All requests sent to LN in the context of an IFS user are logged as sent by the corresponding LN user. Therefore, you can distinguish in LN and in the log data which request was sent by which user. Consequently, traceability and accountability can be performed for the different users.