IIoT Core Services APIs
The IIoT Core Services APIs can be used to access multiple data stores using the Passport API and also provides management plane APIs for certain product features.
You can build your application using the IIoT Core Services Passport API to access data.
The IIoT Core Services Passport API supports user authentication for CouchDB, InfluxDB, Postgres, and MinIO data APIs. This allows you to add or revoke specific users at any time. This provides an additional layer of security for databases since its credentials are not usually required outside the server.
The Passport API authentication enables a proxy service using Kubernetes services for CouchDB, InfluxDB, Postgres, and MinIO databases (for port numbers, see Port configuration requirements (Core Services)). These ports receive requests that use Keycloak user names and passwords, validates those credentials with Keycloak via OAuth Helper, then sends the request to the appropriate database using the database credentials.
When querying the Influx database, make sure to protect from injections that lead to unauthorized data access.
You can opt to use bind parameters. Examples are available on docs.influxdata.com under bind parameters.
Management plane REST API
IIoT Core Services provides management plane APIs for the following product features:
- Asset management (including digital twin support)
- Alert management
- Kubernetes resource management
You can access management plane API descriptions, properties, and examples in the IIoT Core Services UI on the Administration tab under API Documentation.
For more information about how to use the management plane API, contact your Hitachi Vantara representative.
Generate bearer authorization
To generate a token, you can use Postman or any other REST API client.
Run the following REST API call to generate the ID token:
Get the ID token in response.
In the IIoT Core Services UI, click the Administration tab, and then click API Documentation.
Click Authorize to create the authorization header.
In the Value field, enter the word bearer followed by the previously generated bearer ID token to set the authorization header before testing your API.