OAuth 1.0a zero-legged authentication

OAuth 1.0a authentication is a signature that is computed using a consumer key and a matching consumer secret, along with the details of the request.

For the REST API, the OAuth 1.0 with HMAC-SHA1 algorithm is used when the REST API is being called through the ION API.

This authentication scheme uses these headers to create a session using the workstation logon mechanism:

Header Description
X-Infor-Identity2 This header is a unique and immutable user identifier within a tenant.

This header is provided by the ION API.

X-Infor-MongooseConfig This header is the configuration name.

This header is provided by the user.

These properties must be configured in the IDO Request Service’s web.config:

Property name Property value
enableRestWorkstationLogon True
restOAuthConsumerKey Consumer key provided by ION API
restOAuthConsumerSecret Consumer secret provided by ION API