SlideShare a Scribd company logo

How to migrate an application in IBM APIc, and preserve its client credential

Shiu-Fun Poon
Shiu-Fun Poon

This provides the rest and toolkit command on how to migrate an application from one environment to another without know the client_secret in the plaintext format.

Education
1 of 15
Download to read offline
IBM API CONNECT HOW TO MIGRATE AN EXISTING APPLICATION,AND PRESERVE THE THE APPLICATION CREDENTIALS @SPOON
WHY • When generating an application with IBM APIConnect, IBM APIc will provide a client_id and client_secret • client_secret is provided in the clear to the application developer • Subsequent time, the client_secret will be in hashed value (there is no api to retrieve the client_secret in the clear) Challenge: What if you, as provider organization, need to migrate the application from one env to another, without causing an interruption to the application. Problem: you do not have the client_secret in the plaintext, the only value available is the hashed value of the client_secret. Without the client_secret in the plain text, how to recreate the application with only the hashed value (and no, we did not find a weakness in the hashing algorithm)
STAGING • 1 provider org, steveorg • 3 catalogs • sandbox • test • consumerOrg: katiepoon • moveToCatalog • consumerOrg: movedToConsumerOrg • 2 applications in `test` -> `katiepoon` • app1 & app2 • Extract client_id, hashed_client_secret from app2 in catalog `test`->`katiepoon`, and mirror the app2 to catalog `movedToCatalog`->`MovedToConsumerOrg` • I used the access_token (extracted from the UI browser) • I am using pOrg owner’s access_token • Same can be done with toolkit (the toolkit command included)
PRE-REQUISITE • The target catalog must have setting "hash_client_secret": true • If not, you will get this error message • {"status":400,"message":["The client_secret_hashed property cannot be changed because the hash_client_secret is set to 'false' in the catalog settings."]} • rest: '/catalogs/{org}/{catalog}/settings’: • toolkit: catalog-settings:update
RETRIEVE THE APPLICATION rest: '/catalogs/{org}/{catalog}/apps’: toolkit: apps:list --scope catalog app_credential_urls contains client_id & hash(client_secret)
EXTRACT THE CLIENT_ID * HASH(CLIENT_SECRET) This returns all the credentials, instead of one at a time
APPLICATION CURRENTLY IN `STEVEORG/TEST/KATIE-POON` I am going to move one of the app over to `steveorg/movedtocatalog/movedtoconsumerorg, which has 0 application
APPLICATION TO BE MOVED IS ‘APP2’ client_id : 784a9a9d319c5a53704f21bdb1ada8e5 client_secret: 15d36fd9ff05a189b4cb8f54d122e113
USE API TOVERIFY THE CLIENT_SECRET IS CORRECT • rest: '/apps/{org}/{catalog}/{consumer-org}/{app}/credentials/{credential}/verify-client-secret’ • toolkit: credentials:verify-client-secret
CREATE AN APP IN MOVEDTOCATALOG->MOVEDTOCONSUMERORG Note that the initial client_id and client_secret is `toberemoved` Keep track of the `app_credential_urls, as we need this for next step
CREATE THE PROPER CLIENT_ID & CLIENT_SECRET FOR APP2 FROM SOURCE APP The quickest way is to copy the `app_credential_urls from previous slides, and remove the last id, 36bb8ssb… The payload, I used client_secret_hashed, not client_secret
CHECK THE APPLICATION AGAIN, IT WILL HAVE 2 CREDENTIALS NOW
TEST TO MAKE SURE THE NEW (AFTER MOVED) WORKS, USINGVERIFY-CLIENT-SECRET
DELETE THE `INITIAL` TOBEREMOVED CLIENT_ID & CLIENT_SECRET
APPLICATION,APP2 FROM TEST IS MIRRORED OVER

Recommended

How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
Shiu-Fun Poon
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
Chris Phillips
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018
IBM API Connect
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
DataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance BenchmarksDataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance Benchmarks
IBM DataPower Gateway
 

Recommended

How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
Shiu-Fun Poon
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
Chris Phillips
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway
 
What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018What's New in API Connect & DataPower Gateway in 1H 2018
What's New in API Connect & DataPower Gateway in 1H 2018
IBM API Connect
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
DataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance BenchmarksDataPower API Gateway Performance Benchmarks
DataPower API Gateway Performance Benchmarks
IBM DataPower Gateway
 
IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overview
Ramy Bassem
 
Overview - ESBs and IBM Integration Bus
Overview - ESBs and IBM Integration BusOverview - ESBs and IBM Integration Bus
Overview - ESBs and IBM Integration Bus
Juarez Junior
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
 
AWS CodeDeploy
AWS CodeDeployAWS CodeDeploy
AWS CodeDeploy
Amazon Web Services
 
Gateway deepdive
Gateway deepdiveGateway deepdive
Gateway deepdive
Shiu-Fun Poon
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
Shiu-Fun Poon
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
Jagadish Vemugunta
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
Prakash Bhandari
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
Amazon Web Services
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Stenio Ferreira
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
Kellton Tech Solutions Ltd
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect
pramodvallanur
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
Julien Pivotto
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Migrating from IBM API Connect v5 to v2018
Migrating from IBM API Connect v5 to v2018Migrating from IBM API Connect v5 to v2018
Migrating from IBM API Connect v5 to v2018
Natalia Kataoka
 
CakePHP REST Plugin
CakePHP REST PluginCakePHP REST Plugin
CakePHP REST Plugin
Kevin van Zonneveld
 
Logic apps and PowerApps - Integrate across your APIs
Logic apps and PowerApps - Integrate across your APIsLogic apps and PowerApps - Integrate across your APIs
Logic apps and PowerApps - Integrate across your APIs
Sriram Hariharan
 

More Related Content

What's hot

AWS CodeDeploy
AWS CodeDeployAWS CodeDeploy
AWS CodeDeploy
Amazon Web Services
 

What's hot (20)

IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overview
 
Overview - ESBs and IBM Integration Bus
Overview - ESBs and IBM Integration BusOverview - ESBs and IBM Integration Bus
Overview - ESBs and IBM Integration Bus
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
AWS CodeDeploy
AWS CodeDeployAWS CodeDeploy
AWS CodeDeploy
 
Gateway deepdive
Gateway deepdiveGateway deepdive
Gateway deepdive
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
 
Migrating from IBM API Connect v5 to v2018
Migrating from IBM API Connect v5 to v2018Migrating from IBM API Connect v5 to v2018
Migrating from IBM API Connect v5 to v2018
 

Similar to How to migrate an application in IBM APIc, and preserve its client credential

REST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxREST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptx
Jason452803
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
Amazon Web Services
 

Similar to How to migrate an application in IBM APIc, and preserve its client credential (20)

CakePHP REST Plugin
CakePHP REST PluginCakePHP REST Plugin
CakePHP REST Plugin
 
Logic apps and PowerApps - Integrate across your APIs
Logic apps and PowerApps - Integrate across your APIsLogic apps and PowerApps - Integrate across your APIs
Logic apps and PowerApps - Integrate across your APIs
 
REST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxREST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptx
 
4Developers 2018: Zero-Downtime deployments with Kubernetes (Mateusz Dymiński)
4Developers 2018: Zero-Downtime deployments with Kubernetes (Mateusz Dymiński)4Developers 2018: Zero-Downtime deployments with Kubernetes (Mateusz Dymiński)
4Developers 2018: Zero-Downtime deployments with Kubernetes (Mateusz Dymiński)
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos Tabulares
 
Apigility-powered API's on IBM i
Apigility-powered API's on IBM iApigility-powered API's on IBM i
Apigility-powered API's on IBM i
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 
WSO2Con EU 2015: Extending and Customizing WSO2 API Manager
WSO2Con EU 2015: Extending and Customizing WSO2 API ManagerWSO2Con EU 2015: Extending and Customizing WSO2 API Manager
WSO2Con EU 2015: Extending and Customizing WSO2 API Manager
 
Creating a Symfony Ecommerce App
Creating a Symfony Ecommerce AppCreating a Symfony Ecommerce App
Creating a Symfony Ecommerce App
 
WEB API Gateway
WEB API GatewayWEB API Gateway
WEB API Gateway
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
Rapid Application Development with CakePHP 1.3
Rapid Application Development with CakePHP 1.3Rapid Application Development with CakePHP 1.3
Rapid Application Development with CakePHP 1.3
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
 
Shopify
ShopifyShopify
Shopify
 
Refactoring @ Mindvalley: Smells, Techniques and Patterns
Refactoring @ Mindvalley: Smells, Techniques and PatternsRefactoring @ Mindvalley: Smells, Techniques and Patterns
Refactoring @ Mindvalley: Smells, Techniques and Patterns
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
 
When Smalltalk Meets the Web
When Smalltalk Meets the WebWhen Smalltalk Meets the Web
When Smalltalk Meets the Web
 
Introduction to Google App Engine
Introduction to Google App EngineIntroduction to Google App Engine
Introduction to Google App Engine
 
RESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoTRESTful services and OAUTH protocol in IoT
RESTful services and OAUTH protocol in IoT
 

More from Shiu-Fun Poon

More from Shiu-Fun Poon (13)

GraphQL Security
GraphQL SecurityGraphQL Security
GraphQL Security
 
IBM APIc API security protection mechanism
IBM APIc API security protection mechanismIBM APIc API security protection mechanism
IBM APIc API security protection mechanism
 
Cheatsheet to run DP docker
Cheatsheet to run DP dockerCheatsheet to run DP docker
Cheatsheet to run DP docker
 
DataPower as PCI
DataPower as PCIDataPower as PCI
DataPower as PCI
 
How to integration with 3rd Party OAuth Provider with IBM APIc
How to integration with 3rd Party OAuth Provider with IBM APIcHow to integration with 3rd Party OAuth Provider with IBM APIc
How to integration with 3rd Party OAuth Provider with IBM APIc
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
 
IBM Apic toolkit cheatsheet
IBM Apic toolkit cheatsheetIBM Apic toolkit cheatsheet
IBM Apic toolkit cheatsheet
 
DataPower DoS/DDoS
DataPower DoS/DDoSDataPower DoS/DDoS
DataPower DoS/DDoS
 
Social Login (Nested OAuth/OIDC)
Social Login (Nested OAuth/OIDC)Social Login (Nested OAuth/OIDC)
Social Login (Nested OAuth/OIDC)
 
White vs Black list
White vs Black listWhite vs Black list
White vs Black list
 
Open Banking via APIc 2018
Open Banking via APIc 2018Open Banking via APIc 2018
Open Banking via APIc 2018
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 

Recently uploaded

Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
Avinash Rai
 

Recently uploaded (20)

How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. SalemOperations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
 
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceutics
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
 
2024_Student Session 2_ Set Plan Preparation.pptx
2024_Student Session 2_ Set Plan Preparation.pptx2024_Student Session 2_ Set Plan Preparation.pptx
2024_Student Session 2_ Set Plan Preparation.pptx
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General QuizPragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
 
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptBasic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Advances in production technology of Grapes.pdf
Advances in production technology of Grapes.pdfAdvances in production technology of Grapes.pdf
Advances in production technology of Grapes.pdf
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Application of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matricesApplication of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matrices
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
An Overview of the Odoo 17 Discuss App.pptx
An Overview of the Odoo 17 Discuss App.pptxAn Overview of the Odoo 17 Discuss App.pptx
An Overview of the Odoo 17 Discuss App.pptx
 
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
 
Open Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointOpen Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPoint
 

How to migrate an application in IBM APIc, and preserve its client credential

  • 1. IBM API CONNECT HOW TO MIGRATE AN EXISTING APPLICATION,AND PRESERVE THE THE APPLICATION CREDENTIALS @SPOON
  • 2. WHY • When generating an application with IBM APIConnect, IBM APIc will provide a client_id and client_secret • client_secret is provided in the clear to the application developer • Subsequent time, the client_secret will be in hashed value (there is no api to retrieve the client_secret in the clear) Challenge: What if you, as provider organization, need to migrate the application from one env to another, without causing an interruption to the application. Problem: you do not have the client_secret in the plaintext, the only value available is the hashed value of the client_secret. Without the client_secret in the plain text, how to recreate the application with only the hashed value (and no, we did not find a weakness in the hashing algorithm)
  • 3. STAGING • 1 provider org, steveorg • 3 catalogs • sandbox • test • consumerOrg: katiepoon • moveToCatalog • consumerOrg: movedToConsumerOrg • 2 applications in `test` -> `katiepoon` • app1 & app2 • Extract client_id, hashed_client_secret from app2 in catalog `test`->`katiepoon`, and mirror the app2 to catalog `movedToCatalog`->`MovedToConsumerOrg` • I used the access_token (extracted from the UI browser) • I am using pOrg owner’s access_token • Same can be done with toolkit (the toolkit command included)
  • 4. PRE-REQUISITE • The target catalog must have setting "hash_client_secret": true • If not, you will get this error message • {"status":400,"message":["The client_secret_hashed property cannot be changed because the hash_client_secret is set to 'false' in the catalog settings."]} • rest: '/catalogs/{org}/{catalog}/settings’: • toolkit: catalog-settings:update
  • 5. RETRIEVE THE APPLICATION rest: '/catalogs/{org}/{catalog}/apps’: toolkit: apps:list --scope catalog app_credential_urls contains client_id & hash(client_secret)
  • 6. EXTRACT THE CLIENT_ID * HASH(CLIENT_SECRET) This returns all the credentials, instead of one at a time
  • 7. APPLICATION CURRENTLY IN `STEVEORG/TEST/KATIE-POON` I am going to move one of the app over to `steveorg/movedtocatalog/movedtoconsumerorg, which has 0 application
  • 8. APPLICATION TO BE MOVED IS ‘APP2’ client_id : 784a9a9d319c5a53704f21bdb1ada8e5 client_secret: 15d36fd9ff05a189b4cb8f54d122e113
  • 9. USE API TOVERIFY THE CLIENT_SECRET IS CORRECT • rest: '/apps/{org}/{catalog}/{consumer-org}/{app}/credentials/{credential}/verify-client-secret’ • toolkit: credentials:verify-client-secret
  • 10. CREATE AN APP IN MOVEDTOCATALOG->MOVEDTOCONSUMERORG Note that the initial client_id and client_secret is `toberemoved` Keep track of the `app_credential_urls, as we need this for next step
  • 11. CREATE THE PROPER CLIENT_ID & CLIENT_SECRET FOR APP2 FROM SOURCE APP The quickest way is to copy the `app_credential_urls from previous slides, and remove the last id, 36bb8ssb… The payload, I used client_secret_hashed, not client_secret
  • 12. CHECK THE APPLICATION AGAIN, IT WILL HAVE 2 CREDENTIALS NOW
  • 13. TEST TO MAKE SURE THE NEW (AFTER MOVED) WORKS, USINGVERIFY-CLIENT-SECRET
  • 14. DELETE THE `INITIAL` TOBEREMOVED CLIENT_ID & CLIENT_SECRET
  • 15. APPLICATION,APP2 FROM TEST IS MIRRORED OVER