Authentication and identification overview

An API consumer (invoker) must first be authenticated to gain access to the API. The authentication process is the responsibility of Infor API Gateway.

To access the REST services through an external application such as Postman, you must configure an API consumer in API Gateway, which is referred to as an Authorized App.

When you define an authorized app, you must select one of these grant types:

Password Credentials: An OAuth 2.0 authorization flow that exchanges a user’s credentials for an access token.; If the authorized app uses the Password Credentials grant type, select the service account that will be used to send requests to LN: an IFS user or the standard service account svc_ln.
Client Credentials: An OAuth 2.0 authorization flow for machine-to-machine authentication between applications.; For more information, see “Client credentials grant” in the Infor API Gateway Administration Guide.

After the app is registered, you must download the corresponding credentials. You can use these credentials, for example, to send requests through:

External applications such as Postman
Machines
Hand-held devices

After authentication succeeds, API Gateway forwards the request to the configured endpoint.