OAuth 1.0a Zero-Legged authentication
OAuth 1.0a authentication is a signature that is computed using a consumer key and a matching consumer secret, along with the details of the request.
For the Mongoose REST API, the OAuth 1.0 with HMAC-SHA1 algorithm is used when the REST API is being called through the ION API.
This authentication scheme uses these headers to create a Mongoose session using the workstation logon mechanism:
| Header | Description |
|---|---|
| X-Infor-Identity2 | This is a unique, immutable user identifier within a tenant. It is provided by the ION API. |
| X-Infor-MongooseConfig | This is the Mongoose configuration name, as provided by the user. |
These properties must be configured in the IDO Request Service’s web.config:
| Property name | Property value |
|---|---|
| enableRestWorkstationLogon | True |
| restOAuthConsumerKey | Consumer key provided by ION API |
| restOAuthConsumerSecret | Consumer secret provided by ION API |