IIoT Core Services REST APIs

Prerequisites for using REST APIs

Observe the following prerequisites to successfully access the IIoT Core Services APIs.

Create a user in the KeyCloak interface
Import API collection
Generate a bearer authorization token in Keycloak
Set up the Swagger environment

Create a user in the KeyCloak interface

Create a user in the KeyCloak interface for accessing the IIoT Core Services REST APIs by performing the following steps.

Procedure

Log in to the KeyCloak interface with the following information.

KeyCloak master node server URL	htps://<cluster-fqdn>:30443/auth/
Get the username	echo $(kubectl get secret/credential-keycloak -o jsonpath='{ .data.ADMIN_USERNAME }' -n hiota \| base64 -d)
Get the password	echo $(kubectl get secret/credential-keycloak -o jsonpath='{ .data.ADMIN_PASSWORD }' -n hiota \| base64 -d)

Select Users from the left navigation pane of KeyCloak UI.
Click Add User.
Enter the details for the new user.
Click Save.

Results

The new user is created for accessing the IIoT Core ServicesIIoT Core Services REST APIs.

Import API collection

Import the API collection from Swagger to Insomnia by performing the following steps.

Procedure

Access the Swagger UI and click the swagger.json link.
The JSON code window appears. Download and save the JSON file on your local machine.
Access the Insomnia UI, click Lumada IIoT Core Management V1 APIs, and then select Import/Export.
The Insomnia Preferences dialog box appears. Click Import Data, and then select either of the following options:
- Select From File, browse to locate the downloaded JSON file on your local machine, and click OK.
- Select From URL and specify the following URL:
```
https://<cluster-fqdn>:30443/docs/v1/ swagger_asset_managment.json
```

Results

The entire API collection is now imported from Swagger, and the API structure is displayed in the left navigation pane of the Insomnia UI.

Generate a bearer authorization token in Keycloak

Generate a bearer authorization token from the KeyCloak interface by performing the following steps.

Procedure

Access the Keycloak UI and select Auth Token from Keycloak server. The POST method with the Form tab opens.
Verify the following parameter values and edit them, if required:
- grant_type
- scope
- username
- password
- client_id
- client_secret
Click the Header tab and verify all the header information.
Click Send to generate the authorization token.

The response status code 200 OK indicates that the token is generated successfully.

Set up the Swagger environment

Set up the Swagger environment using the generated token by performing the following steps.

Procedure

Access the Swagger UI.
Click Swagger env, and then Manage Environments.
The Manage Environments window appears. Define the environment variables to set up the Swagger environment as displayed in the image below.

Use REST APIs

Perform the following steps to create an asset type by using the Create Asset Type API in the Insomnia UI.

Procedure

Access the Insomnia UI and click the Create Asset Type API from the left navigation pane.
Select POST as the method for creating an asset type. The code for the POST method is displayed in the middle panel.
Verify the parameter values and edit them, if required.
Click Send to execute the API.

Check the API response status code to verify the API execution status. The response code 200 OK represents a successful execution of the API and indicates that the new asset type is successfully created.

The following standard response status codes are supported:

Response status code	Description
200 OK	Response for a successful GET, PUT , PATCH, and DELETE.
201 Created	Response for a successful POST.
204 No content	Success with no additional content.
400 Bad Request	Client-side input fails validation.
401 Unauthorized	The user is not authorized to access a resource or when the user is not authenticated.
403 Forbidden	The user is authenticated, but not allowed to access a resource.
404 Not Found	The resource is not found.
500 Internal server error	Generic server error. The server encountered an unexpected condition that prevented it from fulfilling the request.
502 Bad Gateway	Invalid response from an upstream server.

View REST APIs

You can view IIoT Core REST APIs by performing the following steps.

Procedure

In the IIoT Core Services UI, click the Administration tab, and then API documentation. The list of all the APIs appears.
To view only APIs that are related to a specific function, select the function from the Select a definition field. For example, to view only asset management related APIs, select API Asset Management from the Select a definition field.

Passport API

You can build your application using the IIoT Core Services Passport API to access data.

The IIoT Core Services Passport API supports user authentication for CouchDB, InfluxDB, Postgres, and MinIO data APIs. This allows you to add or revoke specific users at any time. This provides an additional layer of security for databases since its credentials are not usually required outside the server.

The Passport API authentication enables a proxy service using Kubernetes services for CouchDB, InfluxDB, Postgres, and MinIO databases (for port numbers, see Port configuration requirements (Core Services)). These ports receive requests that use Keycloak user names and passwords, validates those credentials with Keycloak via OAuth Helper, then sends the request to the appropriate database using the database credentials.

NoteThe Passport API does not support the use of the u and p query parameters, for user name and password respectively, in InfluxDB queries. All authentication must be done using standard basic authentication or OAuth tokens.

Protection from unauthorized data access

When querying the Influx database, make sure to protect from injections that lead to unauthorized data access.

You can opt to use bind parameters. Examples are available on docs.influxdata.com under bind parameters.

Management plane REST API

IIoT Core Services provides management plane APIs for the following product features:

Asset management (including digital twin support)
Alert management
Kubernetes resource management

You can access management plane API descriptions, properties, and examples in the IIoT Core Services UI on the Administration tab under API Documentation.

For more information about how to use the management plane API, contact your Hitachi Vantara representative.

Generate a bearer authorization token using REST API client

To generate a token, you can use Postman or any other REST API client.

Procedure

Run the following REST API call to generate the ID token:

POST https://<FQDN>:30443/auth/realms/default/protocol/openid-connect/token/

Get the ID token in response.
In the IIoT Core Services UI, click the Administration tab, and then click API Documentation.
Click Authorize to create the authorization header.
In the Value field, enter the word bearer followed by the previously generated bearer ID token to set the authorization header before testing your API.