Skip to main content
Hitachi Vantara Lumada and Pentaho Documentation

IIoT Core Services APIs

The IIoT Core Services APIs can be used to access multiple data stores using the Passport API and also provides management plane APIs for certain product features.

Passport API

You can build your application using the IIoT Core Services Passport API to access data.

The IIoT Core Services Passport API supports user authentication for CouchDB, InfluxDB, Postgres, and MinIO data APIs. This allows you to add or revoke specific users at any time. This provides an additional layer of security for databases since its credentials are not usually required outside the server.

The Passport API authentication enables a proxy service using Kubernetes services for CouchDB, InfluxDB, Postgres, and MinIO databases (for port numbers, see Port configuration requirements (Core Services)). These ports receive requests that use Keycloak user names and passwords, validates those credentials with Keycloak via OAuth Helper, then sends the request to the appropriate database using the database credentials.

NoteThe Passport API does not support the use of the u and p query parameters, for user name and password respectively, in InfluxDB queries. All authentication must be done using standard basic authentication or OAuth tokens.
Protection from unauthorized data access

When querying the Influx database, make sure to protect from injections that lead to unauthorized data access.

You can opt to use bind parameters. Examples are available on under bind parameters.

Management plane REST API

IIoT Core Services provides management plane APIs for the following product features:

  • Asset management (including digital twin support)
  • Alert management
  • Kubernetes resource management

You can access management plane API descriptions, properties, and examples in the IIoT Core Services UI on the Administration tab under API Documentation.

For more information about how to use the management plane API, contact your Hitachi Vantara representative.

Generate bearer authorization

To generate a token, you can use Postman or any other REST API client.


  1. Run the following REST API call to generate the ID token:

    POST https://<FQDN>:30443/auth/realms/default/protocol/openid-connect/token/
    Bearer authorization form fields Bearer authorization header fields
  2. Get the ID token in response.

  3. In the IIoT Core Services UI, click the Administration tab, and then click API Documentation.

  4. Click Authorize to create the authorization header.

  5. In the Value field, enter the word bearer followed by the previously generated bearer ID token to set the authorization header before testing your API.

    Authorize bearer ID token